thank you very much for all that informations i will add this message to my documentation archive and have a look how hard it is really needed to tweak here - also saw consumer grade routers breaking TLS until restart them
somehow i do not expect that Outllok 2010 on Windows 8 has more problems than on WinXP which was recently the problem with no time to debug this deeper Am 08.11.2013 02:17, schrieb Viktor Dukhovni: > On Fri, Nov 08, 2013 at 01:05:33AM +0100, [email protected] wrote: > >>>>> Note that Postfix will still apply implicit and configured exclusions >>>>> to these based on context (!aNULL when verifying peer certificates) >>> >>> READ THE ABOVE "Note" carefully. The exclusions are applied on >>> top of the cipher grade at run time. They don't modify the underlying >>> cipher list that defines the base ciphers for the grade. >> >> I read it carefully, but I still do not find a way to get SMTP >> configured with exactly the same ciphers in the same order >> nor see a way to get the effective list > > The effective list is the ${tls_<grade>_cipherlist} plus any > exclusions. The grade is determined via ${smtpd_tls_ciphers} (for > smtpd_tls_security_level = may) and ${smtpd_tls_mandatory_ciphers} > (for smtpd_tls_security_level = encrypt). > > The Postfix default cipher-suites are chosen to avoid freezing-in > any particular OpenSSL's version's cipher choices. Instead of > explicit choices of discrete ciphers, cipher properties are used > to sort the lists, and make appropriate exclusions. > > If you don't like the default value of: > > tls_medium_cipherlist > tls_export_cipherlist > > and for your site you prefer a different setting (generally > interoperability suffers when everyone goes their own way) > you can change this to whatever you want. > >> The intention is that I see clients with broken TLS handshakes on >> SMTP while they work pretty fine on dovecot with the hardcoded >> cipherlist and it's hard to impossible debug this with endusers > > tcpdump + wireshark always tell the whole story. > >>> Pilot error >> >> How is it a pilot error ... > > You're expecting tls_medium_cipherlist, ... to reflect cipher > exclusions. They don't. Cipher exclusions are applied *after* > these parameters are read. Setting "smtpd_tls_loglevel = 2" > (on a non-default port) and connecting to that port with > "openssl s_client -starttls smtp" (or similar) will log > the actual cipherlist used by smtpd(8). > > Bottom line: > > - Postfix has cipher grades, they make life easier for most users. > > - Postfix has configurable OpenSSL cipherlists for each grade. Tweak > these if you must. > > - Postfix appends dynamic exclusions to the ciphergrade lists as > documented. The combined list (with exclusions appended) is not > directly visible via postconf. > > With smtpd(8) there are no implicit exclusions so you can build the > full list yourself if you want. For example with opportunistic TLS > (may): > > $ server_ciphers() { > local use skip ciphers exclude e > case $1 in > may) > use="tls_export_cipherlist" > skip="smtpd_tls_exclude_ciphers";; > encrypt) > use="tls_medium_cipherlist" > skip="smtpd_tls_mandatory_exclude_ciphers";; > esac > ciphers="$(postconf -xh $use)" > exclude="$(postconf -xh $skip)" > if [ -n "${exclude}" ]; then > OIFS="$IFS"; IFS=":,$OFS" > set -- $exclude > IFS="$OIFS" > for e; do ciphers="$ciphers:"'!'"$e"; done > fi > openssl ciphers -v "$ciphers" > } > > $ server_ciphers encrypt > > Server cipherlists don't matter much (the more the merrier), since > all the server has to do is accept one element from the client's > list. So tuning server cipher lists is not that useful. For > submission, you just want to exclude "EXPORT" and "LOW". Leaving > out ciphers can just cause interoperability problems. > > If the server is configured to pre-empt the client preference list, > it may be able to choose better than the client, but the client > should not offer ciphers it can't do, so this should not impact > interoperability significantly. > > Finally, if you build your own Postfix server, it may be using a > more recent OpenSSL toolkit, and that can make a big difference. > Most interoperability issues are due to many new features in TLSv1.2, > instead of messing around with ciphers you could try disabling TLSv1.2, > and report whether this helps: > > smtpd_tls_protocols = !SSLv2, !TLSv1.2 > > Good luck! This should be everything you need to know. If you > find any particular combinations of settings that cause or resolve > common client interoperability issues, please report the details. > > I have little interest in encouraging cipherlist tinkering, if > everyone chooses a different subset of supported ciphers interoperability > goes down. The low level interface supports carefully targetted > work-arounds for well-defined problems.
