Don’t Be Afraid of The POODLE – Enhancing SSL Security on MailStore Server Computers
Once more this year, successful attacks on SSL encryption are reported. This time the cause lies in the obsolete, yet widely used by client and server applications, SSLv3 protocol. Other than OpenSSL’s Heartbleed bug all applications that still support SSLv3 are possibly affected by the so called POODLE attack, which allows an attacker to gain access to login information or sensitive session data.
Among other Windows services (i.e. IIS, Exchange, …) MailStore Server and the MailStore Service Provider Edition are using the Windows integrated Security Support Provider (SSP) called Secure Channel (also known as Schannel) to encrypt network connections. Thus it is required to adjust the Secure Channel settings of the computer in order to disable SSLv3 and other insecure encryption methods and hash algorithms.
Service providers and administrators who provide Internet-based access to the archive, should at least now consider to verify and if necessary optimize the SSL settings of their Windows machines.
MailStore Server customers can find appropriate recommendations in the MailStore Server Help in the new article Enhancing SSL Security. Service Providers using MailStore Service Provider Edition find this information in the article Enhancing SSL Security.
If you have any further questions regarding this topic, our support team would be happy to assist you.
Update 16/07/2018:
The previously linked help pages have been updated and now reflect the currently recommended SSL settings. That’s why for e.g. TLS 1.0 as well as all other Cipher-Suites that are considered to be weak/insecure were removed. This way protection against newer SSL threats e.g. BEAST is afforded, and an A-Rating with SSL Labs is achieved.