Viktor Dukhovni wrote: > On Thu, Aug 06, 2015 at 10:25:04AM +0200, Michael Str?der wrote: > >>> On Thu, Aug 06, 2015 at 09:13:53AM +0200, Sven Schwedas wrote: >>>> Why medium and not high, while we're at it? What clients would have >>>> problems with it? >>> >>> Because cleartext is not stronger than medium. If you make TLS >>> impossible for peers that only support medium, they'll do cleartext. >>> Raising the floor too high lowers security. Security is improved >>> by raising the ceiling (stronger best supported ciphers), not >>> raising the floor (removing weak ciphers that are still best >>> available for a non-negligible set of peers). >> >> Viktor, I have some doubts regarding your point of view on this: >> >> I suspect that many admins maintaining systems only capable using medium >> ciphers > > False premise.
No, right premise. > "smtpd_tls_ciphers = medium" is a *floor* on the > available ciphers, not a ceiling. In practice HIGH ciphers are > used whenever available. The underlying cipherlist is essentially > > tls_medium_cipherlist = HIGH:MEDIUM I understand this all quite well since many years. >> simply look whether their system uses STARTTLS or not and won't check >> which particular ciphers are used. IMO it might be a good learning effect for >> them if you disable STARTTLS for them. > > This is wrong. RC4 is not worse than cleartext. We'll disable > RC4, once doing so almost never causes downgrades to cleartext. Yes, that's your opinion on that. But my opinion is that forcing clear-text might make admins wake up. The point is that many people simply look at whether STARTTLS was used or not, and not at the protocol and cipher details. Frankly I also consider your enquiry about statistics on RC4 usage to be pretty much useless. > I posted best-practice settings, that protect as much traffic as > possible, to the extent possible. ...at the risk that admins justify everything's ok forever because STARTTLS was used. Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
