thanks for the comment. But please not that i am using defaults postfix „high”
settings - my only change is to force ECDSA at the beginning of the cipher
list.
Full list from openssl is:
ciphers 'ECDSA:aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH’
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:AECDH-AES256-SHA:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ADH-AES256-SHA:ADH-CAMELLIA256-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:AECDH-AES128-SHA:ADH-AES128-GCM-SHA256:ADH-AES128-SHA256:ADH-AES128-SHA:ADH-CAMELLIA128-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA:ECDHE-ECDSA-NULL-SHA
adding ECDSA causes to change order only to the defaults. This could be also
some kind of feature requests to postfix maintainers - to have option to sort
(not change) cipher list.
Side note: it’s weird having @STRENGTH while it do not actually sort ciphers….
(not sure that is bug in openssl or what…)
_
Zbyszek Żółkiewski
> Wiadomość napisana przez Philip Paeps <phi...@trouble.is> w dniu 13.04.2017,
> o godz. 15:50:
>
> On 2017-04-13 14:53:50 (+0200), Zbyszek Żółkiewski <t...@onefellow.com> wrote:
>> Wiadomość napisana przez Zbyszek Żółkiewski <t...@onefellow.com> w dniu
>> 13.04.2017, o godz. 13:33:
>>> Question: postfix 2.11: I have configured both RSA and ECDSA support on the
>>> server (smtpd_tls_cert_file and smtpd_tls_eccert_file) and support for
>>> ECDSA works great - however ECDSA is _never_ selected as cipher for sending
>>> or receiving mails.
>>> To check if it is properly configured i have disabled RSA support and
>>> running server only with ECDSA and i confirm it works with gmail servers
>>> for example (cipher ECDHE-ECDSA…).
>>> Is there any way i can force postfix to first try ECDHE-ECDSA… and then
>>> fallback to RSA? Note, i have tried custom tls_high_cipherlist but no luck…
>>
>> I think i found solution to this, by modifying default high list to:
>>
>> tls_high_cipherlist =
>> ECDSA:aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
>>
>> server now prefers ECDSA over RSA. Can someone cross-check if that is
>> correct solution for a problem and not pose any risk?
>
> This poses an interoperability risk. You should carefully check your
> maillogs for the ciphers you're excluding with this.
>
> Try something like:
>
> egrep "TLS connection established from.*with cipher" \
> /var/log/maillog* | awk \
> '{printf("%s %s %s %s\n", $12, $13, $14, $15)}' | \
> sort | uniq -c | sort -n
>
> This will give you a list of ciphers negotiated by occurence.
>
> I would not recommend fiddling with the default TLS cipherlists unless you
> have a very specific need.
>
> Note that many senders will fall back to plain SMTP if they can't negotiate
> TLS with you. I feel a little security is better than no security at all.
>
> Philip
>
> --
> Philip Paeps
> Senior Reality Engineer
> Ministry of Information
