infrastructure/mox
1
0
Fork 0
mirror of https://github.com/mjl-/mox.git synced 2025-07-12 12:24:38 +03:00
Code Issues Packages Projects Releases Wiki Activity

at "client config", mention clients should explicitly be configured with the most secure authentication mechanism supported

Browse Source 
to prevent authentication mechanism downgrade attacks by MitM.
This commit is contained in:
Mechiel Lukkien
2024-01-09 10:50:42 +01:00
parent 2392f79aa9
commit dda0a4ced1
3 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
main.go
View File

@ -528,6 +528,13 @@ func printClientConfig(d dns.Domain) {
for _, e := range cc.Entries {
fmt.Printf("%-20s %-30s %5d %-15s %s\n", e.Protocol, e.Host, e.Port, e.Listener, e.Note)
}
fmt.Printf(`
To prevent authentication mechanism downgrade attempts that may result in
clients sending plain text passwords to a MitM, clients should always be
explicitly configured with the most secure authentication mechanism supported,
the first of: SCRAM-SHA-256-PLUS, SCRAM-SHA-1-PLUS, SCRAM-SHA-256, SCRAM-SHA-1,
CRAM-MD5.
`)
}
func cmdConfigTest(c *cmd) {