Re: Mitigating DROWN

Thu, 03 Mar 2016 07:05:13 -0800 

Viktor Dukhovni wrote on 3/1/2016 11:16 AM:

    # Suggested, not strictly needed:
    #
    smtpd_tls_exclude_ciphers =
         EXPORT, LOW, MD5, SEED, IDEA, RC2
    smtp_tls_exclude_ciphers =
         EXPORT, LOW, MD5, aDSS, kECDHe, kECDHr, kDHd, kDHr, SEED, IDEA, RC2
I noticed your exclude list seems a bit more conservative than others (SSLLabs, digicert for example). Would you recommend also excluding aNULL ciphers?
For reference, digicert provides the following information about available ciphers when your recommendations are followed on an up to date RHEL6 server and postfix 2.11.7: 

TLS 1.2, TLS 1.1, TLS 1.0

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_anon_WITH_AES_256_CBC_SHA [insecure]
TLS_ECDH_anon_WITH_AES_128_CBC_SHA [insecure]
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA [insecure]
TLS_ECDH_anon_WITH_RC4_128_SHA [insecure]
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_DH_anon_WITH_AES_256_GCM_SHA384 [insecure]
TLS_DH_anon_WITH_AES_128_GCM_SHA256 [insecure]
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA [insecure]
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DH_anon_WITH_AES_256_CBC_SHA256 [insecure]
TLS_DH_anon_WITH_AES_128_CBC_SHA256 [insecure]
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA [insecure]
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_DH_anon_WITH_AES_256_CBC_SHA [insecure]
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA [insecure]
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA [insecure]
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA [insecure]
Including aNULL in the exclude list removes the _anon_ ciphers from the server's available ciphers.

Reply via email to