On Sun, Nov 10, 2013 at 01:37:34AM +0100, Kurt Roeckx wrote:
> > http://www.ietf.org/mail-archive/web/tls/current/msg10471.html
>
> Can I suggest that we just change the default cipher list the
> postfix sends to the server?
>
> I currently see this in postfix's config:
> tls_export_cipherlist = aNULL:-aNULL:ALL:+RC4:@STRENGTH
> tls_high_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
> tls_low_cipherlist = aNULL:-aNULL:ALL:!EXPORT:+RC4:@STRENGTH
> tls_medium_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH
> tls_null_cipherlist = eNULL:!aNULL
>
> smtpd_tls_ciphers = export
> smtp_tls_mandatory_ciphers = medium
I guess it's important to also show:
smtp_tls_exclude_ciphers =
smtp_tls_mandatory_exclude_ciphers =
And from the manpage:
The underlying cipherlists for grades other than "null"
include anonymous ciphers, but these are automatically
filtered out if the Postfix SMTP client is configured to
verify server certificates. You are very unlikely to need
to take any steps to exclude anonymous ciphers, they are
excluded automatically as necessary. If you must exclude
anonymous ciphers at the "may" or "encrypt" security
levels, when the Postfix SMTP client does not need or use
peer certificates, set "smtp_tls_exclude_ciphers = aNULL".
To exclude anonymous ciphers only when TLS is enforced, set
"smtp_tls_mandatory_exclude_ciphers = aNULL".
I'm a little confused by this. I can understand that for
smtp_tls_security_level=may that you might want to allow
anonymous ciphers, since you're happy to send it to anybody or not
encrypted at all. But I'm not sure what the encrypt level really
means. It uses the mandatory values, but does that just accept any
certificate it sees? Does it check the CA-path? The hostname? I
have a feeling it only does some of those things at the verify
level. So I have to wonder what that level gets you more than the
may level other than a different list of acceptable ciphers.
I'm going to assume that if you set the level to fingerprint,
verify or secure that it excludes aNULL itself, even if that's
nowhere in the config file.
> The first thing I have to wonder about is why it says:
> "aNULL:-aNULL:ALL". That doesn't seem to make sense to
> me. You start with the anonymous ciphers, you remove
> them, but non permanent, and then you add ALL, which
> which add them again, and you just end up with "ALL".
> (But the order seems to be different, I don't really
> understand.)
The manpage actually says this about it:
With OpenSSL 1.0.0 and later the cipherlist may start with an
"aNULL:" prefix, which restores the 0.9.8-compatible ordering
of the aNULL ciphers to the top of the list when they are
enabled. This prefix is not needed with previous OpenSSL
releases.
> You might also want to consider changing the order, for
> instance placing DES near the end, but the worst still
> at the end:
> ALL:!aNULL:!eNULL:!SRP:!PSK:@STRENGTH:+3DES:+LOW:+EXPORT
So that might need to become:
aNULL:-aNULL:ALL:+RC4:!SRP:!PSK:!SEED:!MD5:!CAMELLIA:@STRENGTH:+3DES:+LOW:+EXPORT
I had to exclude CAMELLIA to get a reasanable list again with all
those anonymous ciphers.
I also wonder why so many people have complained about this. I
assume that they run at the may level in which case it should just
retry without encryption, and they shouldn't see any problems?
Kurt
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
