> http://www.ietf.org/mail-archive/web/tls/current/msg10471.html
Can I suggest that we just change the default cipher list the postfix sends to the server? I currently see this in postfix's config: tls_export_cipherlist = aNULL:-aNULL:ALL:+RC4:@STRENGTH tls_high_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH tls_low_cipherlist = aNULL:-aNULL:ALL:!EXPORT:+RC4:@STRENGTH tls_medium_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH tls_null_cipherlist = eNULL:!aNULL smtpd_tls_ciphers = export smtp_tls_mandatory_ciphers = medium The first thing I have to wonder about is why it says: "aNULL:-aNULL:ALL". That doesn't seem to make sense to me. You start with the anonymous ciphers, you remove them, but non permanent, and then you add ALL, which which add them again, and you just end up with "ALL". (But the order seems to be different, I don't really understand.) The "+RC4" shouldn't change much either, since that just reorders things (and doesn't add anything), and then you reorder the whole thing with @STRENGTH. Please not that openssl's default (DEFAULT) is ALL:!aNULL:!eNULL where the ! permanently deletes those from the list and can't be added later again. I really see no good reason to have anonymous ciphers in the list since they are vulnerable to a MITM attack. And the list as it is now has actually has anonymous ciphers at the start. It starts with: AECDH-AES256-SHA SSLv3 Kx=ECDH Au=None Enc=AES(256) Mac=SHA1 SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=None Enc=AES(256) Mac=SHA1 ADH-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=None Enc=AESGCM(256) Mac=AEAD ADH-AES256-SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(256) Mac=SHA256 ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1 ADH-CAMELLIA256-SHA SSLv3 Kx=DH Au=None Enc=Camellia(256) Mac=SHA1 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD This specially doesn't make sense for the mandatory list, but I would say that this doesn't make sense for the opportunistic list either. The non-mandatory list (smtpd_tls_ciphers, tls_export_cipherlist) currently has 103 ciphers. When changing it from: aNULL:-aNULL:ALL:+RC4:@STRENGTH to: ALL:-aNULL:+RC4:@STRENGTH This will already reduce the list to 84 ciphers. And when using: ALL:!aNULL:+RC4:@STRENGTH it's reduced to 82. There are probably a number of other types you might want to remove. I don't think PSK and SRP are going to be used much, so you could do this: ALL:!aNULL:!eNULL:!SRP:!PSK:@STRENGTH You might also want to consider changing the order, for instance placing DES near the end, but the worst still at the end: ALL:!aNULL:!eNULL:!SRP:!PSK:@STRENGTH:+3DES:+LOW:+EXPORT Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
