On Thu, Aug 06, 2015 at 09:13:53AM +0200, Sven Schwedas wrote:
> > You should in most cases update main.cf by setting:
> >
> > # Exclude obsolete weak crypto.
> > #
> > smtpd_tls_protocols = !SSLv2, !SSLv3
> > smtpd_tls_ciphers = medium
> > smtp_tls_protocols = !SSLv2, !SSLv3
> > smtp_tls_ciphers = medium
>
> Why medium and not high, while we're at it? What clients would have
> problems with it?
Because cleartext is not stronger than medium. If you make TLS
impossible for peers that only support medium, they'll do cleartext.
Raising the floor too high lowers security. Security is improved
by raising the ceiling (stronger best supported ciphers), not
raising the floor (removing weak ciphers that are still best
available for a non-negligible set of peers).
https://tools.ietf.org/html/rfc7435
> Is usage of tls_preempt_cipherlist still recommended?
This has not been recommended, because it can cause interoperability
problems with Exchange 2003 systems. To avoid those, you'd need
to rank 3DES below RC4:
tls_medium_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:@STRENGTH:+RC4:+3DES
pnly then can you "safely" set:
tls_preempt_cipherlist = yes
Note also that I strongly discourage non-expert tweaks to the
"tls_<mumble>_cipherlist" parameters. It is too easy to mess up,
the underlying OpenSSL cipherlist syntax is rather subtle. Basically,
do not change these to values that did not originate from me.
--
Viktor.
