Re: ECDSA and RSA: setting preference

Thu, 13 Apr 2017 07:05:45 -0700 

On 2017-04-13 15:55:12 (+0200), Zbyszek Żółkiewski <t...@onefellow.com> wrote:

Wiadomość napisana przez Philip Paeps <phi...@trouble.is> w dniu 13.04.2017, o 
godz. 15:50:
On 2017-04-13 14:53:50 (+0200), Zbyszek Żółkiewski <t...@onefellow.com> wrote:

Wiadomość napisana przez Zbyszek Żółkiewski <t...@onefellow.com> w dniu 
13.04.2017, o godz. 13:33:
Question: postfix 2.11: I have configured both RSA and ECDSA support on the server (smtpd_tls_cert_file and smtpd_tls_eccert_file) and support for ECDSA works great - however ECDSA is _never_ selected as cipher for sending or receiving mails. To check if it is properly configured i have disabled RSA support and running server only with ECDSA and i confirm it works with gmail servers for example (cipher ECDHE-ECDSA…). Is there any way i can force postfix to first try ECDHE-ECDSA… and then fallback to RSA? Note, i have tried custom tls_high_cipherlist but no luck… 

I think i found solution to this, by modifying default high list to:

tls_high_cipherlist = ECDSA:aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH


server now prefers ECDSA over RSA. Can someone cross-check if that is 
correct solution for a problem and not pose any risk?



This poses an interoperability risk.  You should carefully check your 
maillogs for the ciphers you're excluding with this.


Try something like:

  egrep "TLS connection established from.*with cipher" \
  /var/log/maillog* | awk \
  '{printf("%s %s %s %s\n", $12, $13, $14, $15)}' | \
  sort | uniq -c | sort -n

This will give you a list of ciphers negotiated by occurence.


I would not recommend fiddling with the default TLS cipherlists unless 
you have a very specific need.



Note that many senders will fall back to plain SMTP if they can't 
negotiate TLS with you.  I feel a little security is better than no 
security at all.



thanks for the comment. But please not that i am using defaults postfix 
„high” settings - my only change is to force ECDSA at the beginning of 
the cipher list.



Sorry.  I missed that you were on Postfix 2.11.  I looked at ``postconf 
-d tls_high_cipherlist`` on my Postfix 3.1.4 installation and it does 
not list !MEDIUM or +RC4.



adding ECDSA causes to change order only to the defaults. This could be 
also some kind of feature requests to postfix maintainers - to have 
option to sort (not change) cipher list.



You can achieve that using ``tls_{high,medium,low}_cipherlist`` together 
with ``tls_preempt_cipherlist = yes``.  I don't really think Postfix is 
the correct place to sort ciphers by preference.  That's something to do 
in OpenSSL.


Philip

--
Philip Paeps
Senior Reality Engineer
Ministry of Information






















					Reply via email to