On Tue, Aug 01, 2017 at 01:59:54PM -0700, robg...@nospammail.net wrote:
> > I strongly recommend against
> > listing individual explicit cipher names. Later there will be
> > better key exchange algorithms, better hashes, ...
>
> Yeah I noticed you used just 'CHACHA20', which I guess is the group name?
> Or is that still just an abbreviated, explicit cipher name?
The name "CHACHA20" matches any ciphersuite that uses that stream
cipher for the bulk crypto:
$ /opt/openssl/1.1.0/bin/openssl ciphers -V CHACHA20
0xCC,0xA9 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH
Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
0xCC,0xA8 - ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH
Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
0xCC,0xAA - DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA
Enc=CHACHA20/POLY1305(256) Mac=AEAD
0xCC,0xAE - RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK Au=RSA
Enc=CHACHA20/POLY1305(256) Mac=AEAD
0xCC,0xAD - DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK Au=PSK
Enc=CHACHA20/POLY1305(256) Mac=AEAD
0xCC,0xAC - ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK
Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
0xCC,0xAB - PSK-CHACHA20-POLY1305 TLSv1.2 Kx=PSK Au=PSK
Enc=CHACHA20/POLY1305(256) Mac=AEAD
The four PSK variants can't be used by most TLS applications
(including Postfix), so in practice CHACHA20 means just the first
three.
> I've been using the full/explicit cipher name so far because I havent
> found the right doc that lists the group name (CHACHA20) that includes
> it.
https://www.openssl.org/docs/man1.1.0/apps/ciphers.html
> > I recommend an empty setting here. Tastes great, less filling.
>
> Ok. So if the docs say
>
> Specify "smtp_tls_CApath = /path/to/system_CA_directory" to use
> ONLY the system-supplied default Certification Authority
> certificates.
If that's what you want.
>
> Specify "tls_append_default_CA = no" to prevent Postfix from
> appending the system-supplied default CAs and trusting third-party
> certificates.
If that's what you want.
> and I set
>
> smtp_tls_CApath =
> tls_append_default_CA = no
>
> Then it
>
> won't ONLY use sys default CA certs
No, it will trust no CAs at all. A pox on all their houses. As
for "tls_append_default_CA = no". These have been the default
setting for ages.
$ postconf -d smtp_tls_CApath tls_append_default_CA
smtp_tls_CApath =
tls_append_default_CA = no
> So what exactly IS it gonna do?
Not trust any CAs. When you want to authenticate some peer, use
the "tafile" feature of the policy table to specify a sensible list
of trust-anchors for that peer.
Enabling the system-default cert store will only make sense in the
context of SMTP STS, if/when Postfix has support for that. Sadly,
the large providers (Google, Yahoo, Microsoft, ...) have difficulties
combining DNSSEC with their load-balancing infrastructure, so they
are pushing STS, with all its flaws, but arguably better than
nothing...
--
Viktor.
