On Tue, Feb 08, 2011 at 11:39:14AM -0800, Quanah Gibson-Mount wrote:
> OpenSSL.org states:
>
> aNULL
>
> the cipher suites offering no authentication. This is currently the
> anonymous DH algorithms. These cipher suites are vulnerable to a ``man in
> the middle'' attack and so their use is normally discouraged.
>
> However, this cipher suite is enabled by default with postfix for the smtpd
> process:
>
> smtp_tls_mandatory_ciphers = medium
> tls_medium_cipherlist = ALL:!EXPORT:!LOW:+RC4:@STRENGTH
>
> Shouldn't it be excluded by default? I got rid of it by adding it to
> smtpd_tls_exclude_ciphers
No, it SHOULD NOT be disabled.
http://www.postfix.org/TLS_README.html#server_cipher
By default anonymous ciphers are enabled. They are automatically
disabled when remote SMTP client certificates are requested. If
clients are expected to always verify the Postfix SMTP
server certificate you may want to disable anonymous ciphers
by setting "smtpd_tls_mandatory_exclude_ciphers = aNULL" or
"smtpd_tls_exclude_ciphers = aNULL", as appropriate. One can't
force a remote SMTP client to check the server certificate,
so excluding anonymous ciphers is generally unnecessary.
http://www.postfix.org/TLS_README.html#client_cipher
By default anonymous ciphers are allowed, and automatically
disabled when remote SMTP server certificates are verified. If
you want to disable anonymous ciphers even at the "encrypt"
security level, set "smtp_tls_mandatory_exclude_ciphers = aNULL";
and to disable anonymous ciphers even with opportunistic TLS,
set "smtp_tls_exclude_ciphers = aNULL". There is generally no
need to take these measures. Anonymous ciphers save bandwidth
and TLS session cache space, if certificates are ignored, there
is little point in requesting them.
Without certificate checks, you vulnerable to MITM regardless of the
cipher-suite. SMTP TLS is almost always opportunistic, or "encrypt"
nobody but lunatics like myself uses "secure-channel" TLS with SMTP.
--
Viktor.
