All protocols supporting STARTTLS command were vulnerable to plaintext injection CVE-2011-0411 til today. A fix is available in CVS:
Binary packages are not updated yet as it is relatively low impact; let me know if you need it immediately.
SMTP and POP3 are now supported, as well as using external relays transparently.
Not really tested yet, but it builds ok with Interix 6.1 Win2008R2 Visual Studio 2005.
See CVS snapshot, it should work now. I will add POP3, SMTP and NNTP ICAP inspection as well soon and that will make next release candidate.
I wrote an article about improving SSL security with MITM proxy, read it here: http://sourceforge.net/projects/openfwtk/files/benevolent-ssl-mitm.pdf/download
At the moment, it is just quick and dirty man2html import, but it is better than nothing - we had no online documentation til this.
It is called "2.0" being actually first really public release, as "1.0" version existed for closed group only.
For those of you who never heared of OpenFWTK, it is an application proxy firewall suite.
Notable features are:
* True application layer filter (popular technology known
as "DPI" - Deep Packet Inspection or "SPF" - Stateful
Packet Filtering - is not. It's just an ugly hack.)... read more