Re: Security & Compatibility

Mon, 25 May 2015 06:09:22 -0700 

On 25 May 2015, at 14:35, DTNX Postmaster <postmas...@dtnx.net> wrote:

> On 25 May 2015, at 13:23, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote:
> 
>> On Mon, May 25, 2015 at 10:36:24AM +0200, DTNX Postmaster wrote:
>> 
>>> I am talking about the MSA here, Viktor, not MTA to MTA traffic. That's 
>>> what the previous poster was asking about;
>> 
>> My advice stands.  Avoid overly explicit cipher lists.  Go with
>> broad categories, with some exclusions as necessary.
>> 
>> The main thing that's changed since Postfix default settings were
>> put in place is that it is no longer necessary or advisavle to
>> support "export" or "low" ciphersuites.   We'll likely disable
>> "export" and "low" by default in Postfix 3.1 (subject to a suitable
>> compatibility control).
>> 
>> -- 
>>      Viktor.
> 
> No, not for submission, where clients will submit their authentication 
> details, allowing them to bypass most of the restrictions that are in 
> place for MTA to MTA communication.
> 
> Especially older clients have less than optimal cipher selections if 
> you leave the choice to the connecting software, whereas deliberately 
> specifying a fairly strict set of ciphers and enforcing the cipher 
> order leads to better behaviour.
> 
> There is no reason to let Outlook Express on Windows XP prefer RC4 over 
> 3DES, for example. But that's what Schannel clients on XP/2003 will do 
> if you let them, and I bet it isn't the only older toolkit that does 
> this.
> 
> For the MSA, be overly specific. Enforce cipher order. Enforce 
> STARTTLS, make sure there is no plain text fallback.
> 
> If you think you might still need RC4, add 'RC4-SHA' at the end of the 
> list, then monitor your logs for actual usage. There's a pretty big 
> chance you'll be able to disable it altogether, followed by 3DES at a 
> later date, when the need arises.

In fact, let me be even more specific. For your MSA, support only the 
ciphers you actually NEED. 

What your MSA needs varies per setup, depends on what your client 
profile looks like. Log the relevant data, make informed decisions 
based on what that data tells you about the backwards compatibility you 
need, and then proactively move to stronger encryption as needed.

If your logs show that all your authenticating clients support TLSv1.2 
and SHA2 ECDHE ciphers, disable everything else on your MSA. If there's 
no need for RC4, 3DES, static AES ciphers, TLSv1 compatibility and 
such, there's no need to risk leaving yourself open to whatever 
vulnerability comes next.

Configure your MSA based on your actual needs and requirements. For the 
MTA, listen to Victor's advice.

Mvg,
Joni

Reply via email to