The site https://hardenize.com provides relatively decent Email reports,
along with other reports. It checks a number of things including certs,
MTA-STS, TLS-RPT, DANE, SPF, DMARC, and then also TLS. These are all
good checks and recommendations, with the exception of the TLS one, I do
not see how its possible to meet their standards, and provide an email
server on the internet. However, I could be wrong, so I'm interested to
know if I am.

1. TLS versions: They don't like that TLS v1.1 and v1.0 are possible. If
you turn this off, then those clients that only support v1.2 will fall
back to clear-text, this is not optimal. I don't see a way around this
one.

2. Server suite preferences: they break down each preferred cipher
selection for each TLS verison, and are unhappy about the cipher suite
configuration being suboptimal, specifically that the forward secrecy
ciphers (ECDHE or DHE) and authenticated encryption (GCM or CHACHA20)
are not 'at the top' of the cipher preferences.

I know its possible to set `tls_preempt_cipher_list=yes` and risk
Windows 2003 Microsoft Exchange clients having an issue[0]. But, to get
the preferences to order the forward secrecy and auth encryption ciphers
first, I'd have to specify a custom cipherlist with
tls_medium_cipherlist, which would be ugly[0]. It is also unclear how
this would work with tls1.2, vs. tls1.1 vs. tls1.0 (for example tls1.2
has TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 and if I set that as the
first cipher in tls_medium_cipherlist, what happens with tls1.1 and
tls1.0, which does not support that cipher?).

I know that 'hardening postfix' threads have been posted here a number
of times, I've read them and I understand the recommendations if you
want to continue delivering and accepting email from the internet. What
I'm trying to find out if there is a way to thread the needle: favor
"better" ciphers, while limiting the impact to ancient software. I say
'limit' because I realize that even just turning on
`tls_preempt_cipher_list=yes` will already cause problems with Windows
2000 Microsoft Exchange, but I feel that may be an acceptable trade-off
at this point. 

micah


0. http://www.postfix.org/postconf.5.html#tls_preempt_cipherlist

1. not even sure this would be the right format, but this would be the order:

tls_medium_cipherlist=TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_RSA_WITH_AES_128_CBC_SHA:TLS_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_DHE_RSA_WITH_AES_128_CBC_SHA:TLS_DHE_RSA_WITH_AES_256_CBC_SHA:TLS_RSA_WITH_AES_128_CBC_SHA256:TLS_RSA_WITH_AES_256_CBC_SHA256:TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA:TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384:TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA:TLS_RSA_WITH_SEED_CBC_SHA:TLS_DHE_RSA_WITH_SEED_CBC_SHA:TLS_RSA_WITH_AES_128_GCM_SHA256:TLS_RSA_WITH_AES_128_CCM:TLS_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_CCM:TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:TLS_DHE_RSA_WITH_AES_128_CCM:TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:TLS_DHE_RSA_WITH_AES_256_CCM:TLS_RSA_WITH_AES_128_CCM_8:TLS_RSA_WITH_AES_256_CCM_8:TLS_DHE_RSA_WITH_AES_128_CCM_8:TLS_DHE_RSA_WITH_AES_256_CCM_8:TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256:TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256:TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256

Reply via email to