On Thu, Aug 06, 2015 at 10:25:04AM +0200, Michael Str?der wrote:
> > On Thu, Aug 06, 2015 at 09:13:53AM +0200, Sven Schwedas wrote:
> >> Why medium and not high, while we're at it? What clients would have
> >> problems with it?
> >
> > Because cleartext is not stronger than medium. If you make TLS
> > impossible for peers that only support medium, they'll do cleartext.
> > Raising the floor too high lowers security. Security is improved
> > by raising the ceiling (stronger best supported ciphers), not
> > raising the floor (removing weak ciphers that are still best
> > available for a non-negligible set of peers).
>
> Viktor, I have some doubts regarding your point of view on this:
>
> I suspect that many admins maintaining systems only capable using medium
> ciphers
False premise. "smtpd_tls_ciphers = medium" is a *floor* on the
available ciphers, not a ceiling. In practice HIGH ciphers are
used whenever available. The underlying cipherlist is essentially
tls_medium_cipherlist = HIGH:MEDIUM
> simply look whether their system uses STARTTLS or not and won't check
> which particular ciphers are used. IMO it might be a good learning effect for
> them if you disable STARTTLS for them.
This is wrong. RC4 is not worse than cleartext. We'll disable
RC4, once doing so almost never causes downgrades to cleartext.
I posted best-practice settings, that protect as much traffic as
possible, to the extent possible. Asking for more than that just
causes more mail to be sent in the clear. Don't do that.
--
Viktor.
