On Sat, Apr 12, 2014 at 07:38:30AM +0100, Sean Wilson wrote:
> > > So why is only TLS 1.1 being used?
> >
> > Ask the postmaster of the MTA in question, perhaps they some problems
> > with remote MTAs choking on TLSv1.2 and decided to apply hammer to
> > problem.
>
> *This is what I don't understand...*I* am the postmaster of the MTA in
> question. I am trying to get ALL connections that are compatible with TLS
> 1.2 to use TLS 1.2. How can I accomplish this? When I look in the logs it
> just seems so randon as to what is using TLS 1 or TLS 1.2.*
The *sending MTA* in question. Your MTA is the receiving MTA.
> *Fair enough but can I use it if it is supported by client/server? If so
> how? Most of the ciphers logged are: TLSv1 with cipher ECDHE-RSA-AES256-SHA
> (256/256 bits) is this the most secure I can make it?*
Only if the sending MTA is willing to use TLSv1.2, which clearly
it is not.
> *What about: ECDHE-RSA-AES256-SHA, is this secure enough ?*
The weakest link in your security is not AES-256-CBC. All reasonably
modern ciphers are good enough to be incomparably stronger than
then your end-point security, user password management, ... You're
wasting time increasing the height of a mile-high post to defend
your fort, when the moat is dry and only one side of the fort is
walled off.
> > > smtpd_tls_ask_ccert = yes
> >
> > Why?
>
> *Should this be set to no rather?*
Don't set it at all, the default is chosen with care.
> > > tls_preempt_cipherlist = yes
> >
> > Not recommended.
>
> *Why? I thought this chose the most secure cipher on the SERVER side?*
This is believed to cause interoperability problems with some
Exchange 2003 MTAs (based on evidence from their TLS limitations
as receiving systems). Your mileage may vary, but caution suggests
that it is not worth it quite yet. And you won't get TLSv1.2 from
a client that disables it no matter how many tweaks you apply.
> > > smtpd_tls_ciphers = export
> >
> > Default, but we may at some point change this to "medium", so
> > you should probably not set this explicitly.
>
> *Isn't it better to use export so that older clients can at least have SOME
> encryption rather than reverting back to an unencrypted connection?*
That's why it is the historical default, however it is a decade
after TLS was integrated in Postfix, and MTAs only capable of
export-grade ciphers and SSLv2 are no longer believed to be a
presence on the public Internet. We'll probably change the default
to "medium" in Postfix 2.12 or so, and you'll benefit from that when
you upgrade.
The defaults are chosen with care, don't change them unless you're
an expert. Beyond enabling TLS, you typically don't need to tweak
low-level Postfix crypto settings, you'll typically make things
worse, not better.
--
Viktor.
