Re: still use "aNULL:!aNULL:" in Postfix default cipherlists when tls policy is mandatory, == encrypt?

Tue, 01 Aug 2017 15:28:28 -0700 

On Tue, Aug 01, 2017 at 02:59:35PM -0700, robg...@nospammail.net wrote:

> > The name "CHACHA20" matches any ciphersuite that uses that stream
> > cipher for the bulk crypto:
> 
> Sounds like a group.

It names a set of related ciphersuites.

> >     $ /opt/openssl/1.1.0/bin/openssl ciphers -V CHACHA20
> 
> Ok so 'documented' by openssl directly, nothing Postfix specific.

Correct.

> And subgroups?  If for any group of ciphers to be used in Postfix I want
> to only ever use EC ciphers, so eg "in practice" here, only the 1st two?

Define "EC ciphers"!  Do you want ECDHE key agreement, ECDSA
certificates or both?

> Some shorthand for "EC only"?

    For ECDSA (really not RSA or DSA) certificates with CHACHA20 preferred
    over AES, ...

        smtp_tls_high_cipherlist = 
!aRSA:!aDSS:CHACHA20:-CHACHA20:aNULL:-aNULL:HIGH:@STRENGTH
        smtp_tls_medium_cipherlist = 
!aRSA:!aDSS:CHACHA20:-CHACHA20:aNULL:-aNULL:HIGH:MEDIUM:@STRENGTH

    For ECDHE (really not kRSA or kDHE) key exchange with CHACHA20
    preferred over AES, ...

        smtp_tls_high_cipherlist = 
!kRSA:!kDHE:CHACHA20:-CHACHA20:aNULL:-aNULL:HIGH:@STRENGTH
        smtp_tls_medium_cipherlist = 
!kRSA:!kDHE:CHACHA20:-CHACHA20:aNULL:-aNULL:HIGH:MEDIUM:@STRENGTH

    For ECDHE with ECDSA combine both sets of exclusions:

        smtp_tls_high_cipherlist = 
!kRSA:!kDHE:!aRSA:!aDSS:CHACHA20:-CHACHA20:aNULL:-aNULL:HIGH:@STRENGTH
        smtp_tls_medium_cipherlist = 
!kRSA:!kDHE:!aRSA:!aDSS:CHACHA20:-CHACHA20:aNULL:-aNULL:HIGH:MEDIUM:@STRENGTH

This work by exclusion of stuff you don't want (RSA, DSS, DHE and
RSA key exchange) and don't lock out future improvements by freezing
in today's recommended settings for perpetuity.

> I never really checked.  Is crypto for Postfix always/only provided by
> OpenSSL?

Yes.

> So naming for cipherlists, and related shorthand, is OpenSSL-specific and
> so we look to OpenSSL for the docs?  Or is that set at a standards level
> and naming is consistent across Postfix, Openssl and all other crypto?

The underlying cipher names are from OpenSSL and documented there.

> > Enabling the system-default cert store will only make sense in the
> > context of SMTP STS, if/when Postfix has support for that.  Sadly,
> > the large providers (Google, Yahoo, Microsoft, ...) have difficulties
> > combining DNSSEC with their load-balancing infrastructure, so they
> > are pushing STS, with all its flaws, but arguably better than
> > nothing...
> 
> SMTP STS hadn't even heard of yet.  DNSSEC is on my todo list.

The SMTP STS draft proposed standard is not yet out of working
group last call...

-- 
        Viktor.

Reply via email to