> -----Original Message----- > From: Viktor Dukhovni via Postfix-users <postfix-users@postfix.org> > Sent: Wednesday, February 28, 2024 8:46 PM > To: postfix-users@postfix.org > Subject: [pfx] Re: Configuration Settings for TLS 1.2 and 1.3 with No Weak > Ciphers > > On Wed, Feb 28, 2024 at 08:55:04AM -0500, Scott Hollenbeck via Postfix- > users wrote: > > > Would someone please describe the configuration settings needed to > support > > TLS 1.2 and 1.3 with no weak ciphers? Here's what I currently have in my > > configuration files: > > This is not the right question. Some "weak" ciphers are appropriate in > opportunistic TLS, because they are better than cleartext. This applies > when they are still the best available to a non-negligible set of peers.
Sorry, context is important. This server needs to pass a Payment Card Industry (PCI) compliance scan. Their definition of weak: "key lengths of less than 112 bits, or else use the 3DES encryption suite". Opportunistic TLS is NOT a goal. > - Provided your system prefers stronger ciphers, and the offered > "weak" ciphers don't put the integrrity of the handshake at > risk, weak ciphers are fine, provided strong ones are preferred. > > > smtpd_tls_dh512_param_file = /etc/ssl/private/dh512.pem > > This is not needed. Consider setting "tls_preempt_cipherlist = yes". OK. > > Here's what I see when I use nmap to retrieve the supported ciphers (note > > that there are only TLS 1.2 ciphers listed, and some are weak): > > What do you consider weak? All of the anonymous Diffie-Hellman suites with an "F" score. How can eliminate the following: > > | TLS_DH_anon_WITH_AES_128_CBC_SHA - F > > | TLS_DH_anon_WITH_AES_128_CBC_SHA256 - F > > | TLS_DH_anon_WITH_AES_128_GCM_SHA256 - F > > | TLS_DH_anon_WITH_AES_256_CBC_SHA - F > > | TLS_DH_anon_WITH_AES_256_CBC_SHA256 - F > > | TLS_DH_anon_WITH_AES_256_GCM_SHA384 - F > > | TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA - F > > | TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 - F > > | TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA - F > > | TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 - F > > | TLS_ECDH_anon_WITH_AES_128_CBC_SHA - F > > | TLS_ECDH_anon_WITH_AES_256_CBC_SHA - F And keep these? > > | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A > > | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) - A > > | TLS_DHE_RSA_WITH_AES_128_CCM (dh 2048) - A > > | TLS_DHE_RSA_WITH_AES_128_CCM_8 (dh 2048) - A > > | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A > > | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A > > | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A > > | TLS_DHE_RSA_WITH_AES_256_CCM (dh 2048) - A > > | TLS_DHE_RSA_WITH_AES_256_CCM_8 (dh 2048) - A > > | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A > > | TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 (dh 2048) - A > > | TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 (dh 2048) - A > > | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A > > | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (dh 2048) - A > > | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A > > | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 (dh 2048) - A > > | TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (dh 2048) - A > > | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A > > | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A > > | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A > > | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A > > | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A > > | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A > > | TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 (secp256r1) - A > > | TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 (secp256r1) - A > > | TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (secp256r1) - A > > | TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 (secp256r1) - A > > | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A > > | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A > > | TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A > > | TLS_RSA_WITH_AES_128_CCM (rsa 2048) - A > > | TLS_RSA_WITH_AES_128_CCM_8 (rsa 2048) - A > > | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A > > | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A > > | TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A > > | TLS_RSA_WITH_AES_256_CCM (rsa 2048) - A > > | TLS_RSA_WITH_AES_256_CCM_8 (rsa 2048) - A > > | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A > > | TLS_RSA_WITH_ARIA_128_GCM_SHA256 (rsa 2048) - A > > | TLS_RSA_WITH_ARIA_256_GCM_SHA384 (rsa 2048) - A > > | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A > > | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 (rsa 2048) - A > > | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A > > | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 (rsa 2048) - A Scott _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
