On Tue, Mar 31, 2026 at 02:23:12PM -0700, Dan Mahoney via Postfix-users wrote:
> Dayjob sets: > > smtpd_tls_ciphers = high > smtpd_tls_mandatory_ciphers = high Perfect, stop there. > A "service" called "securityscorecard.com" decided to scan our network > without our consent. If at all possible, ignore them, they know not what they are doing. > People who would be our cyberinsurance providers and/or customers have > purchased services from securityscorecard, [...] > > Anyway, one of the biggest claims is that, on port 25, "SSL/TLS Service > Supports Weak Protocol" This is of course nonsense, because SMTP also accepts email in cleartext, anything better is an improvement, and TLS is broadly downgrade resistant so the negotiated features will maximise what's mutually supported. Point the clueless at RFC7435. > They rate this as: Threat Level: High and Breach Risk: High, and it's > the number one thing lowering our "Score". That's what you get what a paper-pusher blindly applies checks that arguably make sense for sensitive web services to opportunistic TLS in SMTP. I'd like to encourage you to sit down with the insurance companie's IT rep, explain the silliness and push for an exemption. Others will also benefit, it'd be a public service. > The checker at https://luxsci.com/smtp-tls-checker/ reports that we > only score a B+, and suggests: > > Able to connect via cipher TLS_AES_256_GCM_SHA384. Remove support for > all 3DES ciphers. These are known to be weak and are removed in NIST > 800-52r2. If that's true, you'd need to have a noticeably dated OpenSSL runtime. With OpenSSL >= 3.0, I have: $ openssl ciphers -s -tls1_2 -v 'HIGH:!AES:!CAMELLIA:!CHACHA20:@SECLEVEL=0' ECDHE-ECDSA-ARIA256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ARIAGCM(256) Mac=AEAD ECDHE-ARIA256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=ARIAGCM(256) Mac=AEAD DHE-RSA-ARIA256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=ARIAGCM(256) Mac=AEAD ECDHE-ECDSA-ARIA128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ARIAGCM(128) Mac=AEAD ECDHE-ARIA128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=ARIAGCM(128) Mac=AEAD DHE-RSA-ARIA128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=ARIAGCM(128) Mac=AEAD ARIA256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=ARIAGCM(256) Mac=AEAD ARIA128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=ARIAGCM(128) Mac=AEAD $ openssl ciphers -s -tls1_2 -v 'HIGH:!AES:!CAMELLIA:!CHACHA20:!ARIA' Error in cipher list The 3DES ciphers are no longer "HIGH", the only HIGH ciphers are: AES, CAMELLIA, CHACHA20 and ARIA. > First, what am I missing that makes this "Weak?" Nothing, see RFC7435, an inappropriate set of criteria is being applied out of context to SMTP. > I suspect this is because our smtpd_tls_protocols is still riding the > default, which defaults to ">=TLSv1" Perhaps, though at this point most sites can raise the SMTP server's floor to TLS 1.2, you're very unlikely to be getting legitimate mail from clients that can only do TLS 1.0 and basically nobody ever supported TLS 1.1, but not TLS 1.2. What may instead be their nonsense object is that Postfix by default supports "aNULL" ciphers in TLS 1.2. I explained why these are quite reasonable to support in: https://datatracker.ietf.org/doc/html/rfc7672#section-8.2 but you can turn these off at the very modest cost of sending needless certificates to some Postfix client MTAs that will then ignore them. > I also think this is all theater right now, as in the absence of > MTA/STS, postfix could refuse to talk <tls1.2 and the result would be > "mail being delivered in the clear". (We have not yet moved to > requiring TLS via MTA-STS). Yes, it is quite clueless, but you need to be polite when guiding the perplexed. > So my question: Are the defaults (>=TLSv1) still sane? Or is it > "worth" turning this up to >=TLSv1.2? Yes, sane, but mostly no longer required. If you opt for appeasement rather than engagement and instruction, the settings to consider are: smtpd_tls_protocols = >=TLS1.2 smtpd_tls_exclude_ciphers = aNULL That should be enough to get them off your back, and is unlikely to downgrade a non-negligible set of clients to cleartext. -- Viktor. 🇺🇦 Слава Україні! _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
