Viktor Dukhovni <postfix-us...@dukhovni.org> writes: >> On Apr 12, 2019, at 10:46 AM, micah anderson <mi...@riseup.net> wrote: >> >> I know that 'hardening postfix' threads have been posted here a number >> of times, I've read them and I understand the recommendations if you >> want to continue delivering and accepting email from the internet. What >> I'm trying to find out if there is a way to thread the needle: favor >> "better" ciphers, while limiting the impact to ancient software. I say >> 'limit' because I realize that even just turning on >> `tls_preempt_cipher_list=yes` will already cause problems with Windows >> 2000 Microsoft Exchange, but I feel that may be an acceptable trade-off >> at this point. > > Any reasonably recent version of OpenSSL will by default favour stronger > ciphers, including listing ciphers that do forward-secrecy above the rest. > For example, with OpenSSL 1.0.2 I get:
Indeed, you are right, if I simply set `tls_preempt_cipher_list=yes`, then this will work that way. > That said, I would recommend reducing the attack surface by dropping some > ciphers nobody is using that would not be a good idea to use: > > smtpd_tls_exclude_ciphers = aDSS, kDH, kECDH, SEED, IDEA what about aNULL, MD5 and DES? They seem relatively safe to disable as well