On Tue, May 20, 2014 at 02:25:49PM +0200, Thomas Leuxner wrote:
> In any case you miserably failed to elaborate how to mitigate
> the issue other than stating 'revert the change'.
Without defending the tone of that advice, I'd like to affirm its
technical content. Receiving MTAs should not disable SSLv3, they
gain nothing by doing so, all that happens is that clients that
are only capable of SSLv3 are forced to send in the clear.
Even sending MTAs should not disable SSLv3, since it is possible
and normal to send all relevant TLSv1 and later extensions in SSLv3
HELLO messages (provided the client also offers to negotiate
TLSv1 or greater), they just get ignored by SSLv3-only servers.
Opportunistic TLS is sometimes counter-intuitive, attempting to
make it stronger by removing weaker features actually makes it
weaker. Don't give in to the urge to tweak TLS settings, they
are largely fine as they are.
In an upcoming Postfix 2.12 snapshot, I will change the definition
of tls_export_cipherlist to by default exclude "EXPORT" and "LOW"
ciphers, you can achieve the same effect now by setting:
smtp_tls_exclude_ciphers = EXPORT, LOW
smtpd_tls_exclude_ciphers = EXPORT, LOW
The reason this is safe, is that fortunately there are no longer
any systems that are not capable of using one of the stronger
ciphersuites, at least RC4-128 or 3DES.
Most other "hardening" configuration changes are likely to reduce,
rather than improve SMTP transport security.
--
Viktor.
