all looks good except _outgoing_ mail that still uses
ECDHE-RSA-AES128-GCM-SHA256. Incoming mail is using
ECDHE-ECDSA-AES256-GCM-SHA384 and clients as well are using
ECDHE-ECDSA-AES256-GCM-SHA384.
so where is problem ? settings are:
smtp_tls_ciphers = high
smtp_tls_mandatory_ciphers = high
smtpd_tls_ciphers = high
smtpd_tls_mandatory_ciphers = high
tls_high_cipherlist =
ECDSA:AESGCM:aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
_
Zbyszek Żółkiewski
> Wiadomość napisana przez Philip Paeps <phi...@trouble.is> w dniu 13.04.2017,
> o godz. 16:04:
>
> On 2017-04-13 15:55:12 (+0200), Zbyszek Żółkiewski <t...@onefellow.com> wrote:
>>> Wiadomość napisana przez Philip Paeps <phi...@trouble.is> w dniu
>>> 13.04.2017, o godz. 15:50:
>>> On 2017-04-13 14:53:50 (+0200), Zbyszek Żółkiewski <t...@onefellow.com>
>>> wrote:
>>>> Wiadomość napisana przez Zbyszek Żółkiewski <t...@onefellow.com> w dniu
>>>> 13.04.2017, o godz. 13:33:
>>>>> Question: postfix 2.11: I have configured both RSA and ECDSA support on
>>>>> the server (smtpd_tls_cert_file and smtpd_tls_eccert_file) and support
>>>>> for ECDSA works great - however ECDSA is _never_ selected as cipher for
>>>>> sending or receiving mails.
>>>>> To check if it is properly configured i have disabled RSA support and
>>>>> running server only with ECDSA and i confirm it works with gmail servers
>>>>> for example (cipher ECDHE-ECDSA…).
>>>>> Is there any way i can force postfix to first try ECDHE-ECDSA… and then
>>>>> fallback to RSA? Note, i have tried custom tls_high_cipherlist but no
>>>>> luck…
>>>>
>>>> I think i found solution to this, by modifying default high list to:
>>>>
>>>> tls_high_cipherlist =
>>>> ECDSA:aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
>>>>
>>>> server now prefers ECDSA over RSA. Can someone cross-check if that is
>>>> correct solution for a problem and not pose any risk?
>>>
>>> This poses an interoperability risk. You should carefully check your
>>> maillogs for the ciphers you're excluding with this.
>>>
>>> Try something like:
>>>
>>> egrep "TLS connection established from.*with cipher" \
>>> /var/log/maillog* | awk \
>>> '{printf("%s %s %s %s\n", $12, $13, $14, $15)}' | \
>>> sort | uniq -c | sort -n
>>>
>>> This will give you a list of ciphers negotiated by occurence.
>>>
>>> I would not recommend fiddling with the default TLS cipherlists unless you
>>> have a very specific need.
>>>
>>> Note that many senders will fall back to plain SMTP if they can't negotiate
>>> TLS with you. I feel a little security is better than no security at all.
>>
>> thanks for the comment. But please not that i am using defaults postfix
>> „high” settings - my only change is to force ECDSA at the beginning of the
>> cipher list.
>
> Sorry. I missed that you were on Postfix 2.11. I looked at ``postconf -d
> tls_high_cipherlist`` on my Postfix 3.1.4 installation and it does not list
> !MEDIUM or +RC4.
>
>> adding ECDSA causes to change order only to the defaults. This could be also
>> some kind of feature requests to postfix maintainers - to have option to
>> sort (not change) cipher list.
>
> You can achieve that using ``tls_{high,medium,low}_cipherlist`` together with
> ``tls_preempt_cipherlist = yes``. I don't really think Postfix is the
> correct place to sort ciphers by preference. That's something to do in
> OpenSSL.
>
> Philip
>
> --
> Philip Paeps
> Senior Reality Engineer
> Ministry of Information
