On 05 Jan 2015, at 19:51, li...@rhsoft.net wrote: >>> Gmail's outbound servers prefers RC4-SHA if offered by the SMTP >>> server, when Gmail drops RC4 support, these domains will finally >>> feel real pressure to either disable or fix their TLS stack. >> >> Gmail prefers ECDHE-RSA-AES256-SHA, and has for quite some time now, if >> your inbound MTA supports and encourages it. > > no true back in 2014/10
I sampled a few days in October, and they all show the same cipher as I listed above, no others. This is with "tls_preempt_cipherlist = yes" active, which we've had since for almost a year now. > at least not without "tls_preempt_cipherlist = yes" and after that AES was > used, there are a few servers out there which are completly broken and need > DES or RC4 or fail completly to deliver > > hence the settings below on the inbound MX turned out to receive 99% of all > mail encrypted and a few senders fall back to unencrypted which previously > failed to deliver until re-enable DES-SHA1 > > tls_preempt_cipherlist = yes > smtpd_tls_mandatory_ciphers = medium > smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 > smtpd_tls_ciphers = medium > smtpd_tls_protocols = !SSLv2, !SSLv3 > smtpd_tls_eecdh_grade = strong > smtpd_tls_exclude_ciphers = EXP, IDEA, KRB5, MD5, RC2, RC4, SEED, SRP, > ECDH+ECDSA, ECDHE-RSA-DES-CBC3-SHA, ECDH-RSA-DES-CBC3-SHA, > EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA Unless there's some unique configuration that breaks delivery, and requires an override, I would recommend against using those settings. Otherwise it's basically premature optimization, which quite often leads to less reliable delivery. These are the relevant TLS settings on our relay servers, from 'postconf -n'; == smtp_tls_exclude_ciphers = EXPORT, LOW smtp_tls_loglevel = 1 smtp_tls_protocols = !SSLv2 smtp_tls_security_level = may smtpd_tls_dh1024_param_file = /etc/postfix/dh_2048.pem smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem smtpd_tls_eecdh_grade = strong smtpd_tls_exclude_ciphers = EXPORT, LOW smtpd_tls_loglevel = 1 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2 smtpd_tls_received_header = no smtpd_tls_security_level = may tls_preempt_cipherlist = yes == Minimal interference with the Postfix defaults, while still encouraging the use of modern ciphers. Which works out very well so far; RC4 or SSLv3 isn't used a whole lot, but still available if it's the only non-plaintext option. We are seeing 'EDH-RSA-DES-CBC3-SHA' for incoming mail as well, by the way. It may not be the best option available, but certainly not the worst. Why prevent its usage? Oh, and as far as ECDSA is concerned; AFAIK, those won't be used unless you have a ECDSA certificate, in which case you want those ciphers available. No gain from excluding those, if I am not mistaken? Mvg, Joni
