On 2017-04-13 17:28:44 (+0200), Zbyszek Żółkiewski
<t...@onefellow.com> wrote:
Wiadomość napisana przez Philip Paeps <phi...@trouble.is> w dniu
13.04.2017, o godz. 16:04:
On 2017-04-13 15:55:12 (+0200), Zbyszek Żółkiewski
<t...@onefellow.com> wrote:
Wiadomość napisana przez Philip Paeps <phi...@trouble.is> w dniu
13.04.2017, o godz. 15:50:
On 2017-04-13 14:53:50 (+0200), Zbyszek Żółkiewski
<t...@onefellow.com> wrote:
Wiadomość napisana przez Zbyszek Żółkiewski
<t...@onefellow.com> w dniu 13.04.2017, o godz. 13:33:
Question: postfix 2.11: I have configured both RSA and ECDSA
support on the server (smtpd_tls_cert_file and
smtpd_tls_eccert_file) and support for ECDSA works great -
however ECDSA is _never_ selected as cipher for sending or
receiving mails.
To check if it is properly configured i have disabled RSA support
and running server only with ECDSA and i confirm it works with
gmail servers for example (cipher ECDHE-ECDSA…).
Is there any way i can force postfix to first try ECDHE-ECDSA…
and then fallback to RSA? Note, i have tried custom
tls_high_cipherlist but no luck…
I think i found solution to this, by modifying default high list
to:
tls_high_cipherlist =
ECDSA:aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
server now prefers ECDSA over RSA. Can someone cross-check if that
is correct solution for a problem and not pose any risk?
This poses an interoperability risk. You should carefully check
your maillogs for the ciphers you're excluding with this.
[...]
Note that many senders will fall back to plain SMTP if they can't
negotiate TLS with you. I feel a little security is better than no
security at all.
thanks for the comment. But please not that i am using defaults
postfix „high” settings - my only change is to force ECDSA at
the beginning of the cipher list.
Sorry. I missed that you were on Postfix 2.11. I looked at
``postconf -d tls_high_cipherlist`` on my Postfix 3.1.4 installation
and it does not list !MEDIUM or +RC4.
adding ECDSA causes to change order only to the defaults. This could
be also some kind of feature requests to postfix maintainers - to
have option to sort (not change) cipher list.
You can achieve that using ``tls_{high,medium,low}_cipherlist``
together with ``tls_preempt_cipherlist = yes``. I don't really think
Postfix is the correct place to sort ciphers by preference. That's
something to do in OpenSSL.
all looks good except _outgoing_ mail that still uses
ECDHE-RSA-AES128-GCM-SHA256. Incoming mail is using
ECDHE-ECDSA-AES256-GCM-SHA384 and clients as well are using
ECDHE-ECDSA-AES256-GCM-SHA384.
Are you sure the servers you are talking to actually support ECDSA? :)
Did you check the TLS handshake with tcpdump to verify the cipherlist
offered by the server? By default TLS servers allow clients to select
their preferred cipher but they can override this default.
so where is problem ? settings are:
smtp_tls_ciphers = high
smtp_tls_mandatory_ciphers = high
smtpd_tls_ciphers = high
smtpd_tls_mandatory_ciphers = high
tls_high_cipherlist =
ECDSA:AESGCM:aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
These settings look fine. You could perhaps add
``tls_preempt_cipherlist`` but this only affects smtpd, it has no effect
on the smtp client.
Please check the TLS handshake to verify the ordering of ciphers in the
client hello and whether the server offers ECDSA in the server hello and
that it doesn't preempt the client's offered ciphers.
Philip
--
Philip Paeps
Senior Reality Engineer
Ministry of Information
