> On May 1, 2015, at 12:01 AM, Viktor Dukhovni <postfix-us...@dukhovni.org> > wrote: > > On Fri, May 01, 2015 at 04:51:03AM +0000, Viktor Dukhovni wrote: > >> For this server, you need a more "compact" cipherlist as a work-around. >> >> smtp_tls_exclude_ciphers = >> # >> # Disable MD5, DSA, SRP and PSK, and the "exotic" fixed DH >> cipher suites. >> # >> MD5, SRP, PSK, aDSS, kECDH, kDH, >> # >> # Disable 256-bit ciphers, 128-bit is for now quite strong >> enough. >> # Also disable the largely unused SEED, IDEA, RC2, RC5, ... >> # leaving just AES128, CAMELLIA128, RC4 and 3DES. >> # >> AES256, CAMELLIA256, SEED, IDEA, RC2, RC5 > > Following up, we don't (as yet) even need to disable AES256 or > CAMELLIA256. Until ChaCha20 and other new cipher-suites show up, > the following still leaves RC4 in the top 64, and does not disable > anything useful in practice: > > smtp_tls_exclude_ciphers = > # > # Disable MD5, DSA, SRP and PSK, and the "exotic" fixed DH > cipher suites. > # > MD5, SRP, PSK, aDSS, kECDH, kDH, > # > # Disable 256-bit ciphers, 128-bit is for now quite strong > enough. > # Also disable the largely unused SEED, IDEA, RC2, RC5, ... > # leaving just AES128, CAMELLIA128, RC4 and 3DES. > # > SEED, IDEA, RC2, RC5 > > This even with OpenSSL "master", which has more cipher-suites than older > releases: > > $ openssl ciphers -v > 'aNULL:-aNULL:HIGH:MEDIUM:LOW:EXPORT:+RC4:@STRENGTH:!kDH:!kECDH:!aDSS:!PSK:!SRP:!MD5:!SEED:!IDEA:!RC2:!RC5' > | egrep -n 'RC4-SHA|DES-CBC3-SHA' > 49:AECDH-RC4-SHA SSLv3 Kx=ECDH Au=None Enc=RC4(128) Mac=SHA1 > 50:ECDHE-RSA-RC4-SHA SSLv3 Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1 > 51:ECDHE-ECDSA-RC4-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=RC4(128) > Mac=SHA1 > 52:RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 > 53:AECDH-DES-CBC3-SHA SSLv3 Kx=ECDH Au=None Enc=3DES(168) Mac=SHA1 > 54:ADH-DES-CBC3-SHA SSLv3 Kx=DH Au=None Enc=3DES(168) Mac=SHA1 > 55:ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1 > 56:ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) > Mac=SHA1 > 57:DHE-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 > 58:DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 > > So the above setting makes a rather sensible default exclusion > list, while we're still plagued with coddling Exchange 2003 servers. > > -- > Viktor.
Viktor- Thank you! This has indeed solved the problem. We will nudge these people to upgrade their mail server software, but I won't be holding my breath. Tom
