On 05 Jan 2015, at 19:18, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote:
> On Mon, Jan 05, 2015 at 06:59:06PM +0100, li...@rhsoft.net wrote: > >>> No, this is a bad idea, it is in fact 3DES that is broken with such servers >> >> Shouldn't we start to disable RC4 as well as DES-CBC3-SHA for that horrible >> outdated crap servers and fallback to unencrypted at all instead continue to >> work around them years again? > > The goal of opportunistic TLS in Postfix is to deliver email with > as much and no more security than is available. There is no agenda. > > With Postfix 2.12 such servers will receive mail (slightly delayed) > without manual intervention. > > The number of domains that don't support either AES or CAMELLIA, > but do have working RC4 or 3DES is probably quite low. So if you > disable RC4, 3DES (and presumably all LOW and EXPORT ciphers) in > the SMTP client the impact should be small, but this should not be > necessary. > > Gmail's outbound servers prefers RC4-SHA if offered by the SMTP > server, when Gmail drops RC4 support, these domains will finally > feel real pressure to either disable or fix their TLS stack. Gmail prefers ECDHE-RSA-AES256-SHA, and has for quite some time now, if your inbound MTA supports and encourages it. RC4-SHA and SSLv3 have practically disappeared, but 3DES is still quite active for delivery. We have several customer backend servers that do poorly with incoming connections, preferring older protocols and ciphers, while their outgoing connections negotiate much better terms. TLSv1.2 accounts for a higher percentage of connections than TLSv1 now, too. Of course, this is us. YMMV. Mvg, Joni
