On Fri, Nov 08, 2013 at 01:05:33AM +0100, [email protected] wrote:
> >>> Note that Postfix will still apply implicit and configured exclusions
> >>> to these based on context (!aNULL when verifying peer certificates)
> >
> > READ THE ABOVE "Note" carefully. The exclusions are applied on
> > top of the cipher grade at run time. They don't modify the underlying
> > cipher list that defines the base ciphers for the grade.
>
> I read it carefully, but I still do not find a way to get SMTP
> configured with exactly the same ciphers in the same order
> nor see a way to get the effective list
The effective list is the ${tls_<grade>_cipherlist} plus any
exclusions. The grade is determined via ${smtpd_tls_ciphers} (for
smtpd_tls_security_level = may) and ${smtpd_tls_mandatory_ciphers}
(for smtpd_tls_security_level = encrypt).
The Postfix default cipher-suites are chosen to avoid freezing-in
any particular OpenSSL's version's cipher choices. Instead of
explicit choices of discrete ciphers, cipher properties are used
to sort the lists, and make appropriate exclusions.
If you don't like the default value of:
tls_medium_cipherlist
tls_export_cipherlist
and for your site you prefer a different setting (generally
interoperability suffers when everyone goes their own way)
you can change this to whatever you want.
> The intention is that I see clients with broken TLS handshakes on
> SMTP while they work pretty fine on dovecot with the hardcoded
> cipherlist and it's hard to impossible debug this with endusers
tcpdump + wireshark always tell the whole story.
> > Pilot error
>
> How is it a pilot error ...
You're expecting tls_medium_cipherlist, ... to reflect cipher
exclusions. They don't. Cipher exclusions are applied *after*
these parameters are read. Setting "smtpd_tls_loglevel = 2"
(on a non-default port) and connecting to that port with
"openssl s_client -starttls smtp" (or similar) will log
the actual cipherlist used by smtpd(8).
Bottom line:
- Postfix has cipher grades, they make life easier for most users.
- Postfix has configurable OpenSSL cipherlists for each grade. Tweak
these if you must.
- Postfix appends dynamic exclusions to the ciphergrade lists as
documented. The combined list (with exclusions appended) is not
directly visible via postconf.
With smtpd(8) there are no implicit exclusions so you can build the
full list yourself if you want. For example with opportunistic TLS
(may):
$ server_ciphers() {
local use skip ciphers exclude e
case $1 in
may)
use="tls_export_cipherlist"
skip="smtpd_tls_exclude_ciphers";;
encrypt)
use="tls_medium_cipherlist"
skip="smtpd_tls_mandatory_exclude_ciphers";;
esac
ciphers="$(postconf -xh $use)"
exclude="$(postconf -xh $skip)"
if [ -n "${exclude}" ]; then
OIFS="$IFS"; IFS=":,$OFS"
set -- $exclude
IFS="$OIFS"
for e; do ciphers="$ciphers:"'!'"$e"; done
fi
openssl ciphers -v "$ciphers"
}
$ server_ciphers encrypt
Server cipherlists don't matter much (the more the merrier), since
all the server has to do is accept one element from the client's
list. So tuning server cipher lists is not that useful. For
submission, you just want to exclude "EXPORT" and "LOW". Leaving
out ciphers can just cause interoperability problems.
If the server is configured to pre-empt the client preference list,
it may be able to choose better than the client, but the client
should not offer ciphers it can't do, so this should not impact
interoperability significantly.
Finally, if you build your own Postfix server, it may be using a
more recent OpenSSL toolkit, and that can make a big difference.
Most interoperability issues are due to many new features in TLSv1.2,
instead of messing around with ciphers you could try disabling TLSv1.2,
and report whether this helps:
smtpd_tls_protocols = !SSLv2, !TLSv1.2
Good luck! This should be everything you need to know. If you
find any particular combinations of settings that cause or resolve
common client interoperability issues, please report the details.
I have little interest in encouraging cipherlist tinkering, if
everyone chooses a different subset of supported ciphers interoperability
goes down. The low level interface supports carefully targetted
work-arounds for well-defined problems.
--
Viktor.