Viktor Dukhovni <postfix-us...@dukhovni.org> writes:

>> On Apr 12, 2019, at 10:46 AM, micah anderson <mi...@riseup.net> wrote:
>> 
>> I know that 'hardening postfix' threads have been posted here a number
>> of times, I've read them and I understand the recommendations if you
>> want to continue delivering and accepting email from the internet. What
>> I'm trying to find out if there is a way to thread the needle: favor
>> "better" ciphers, while limiting the impact to ancient software. I say
>> 'limit' because I realize that even just turning on
>> `tls_preempt_cipher_list=yes` will already cause problems with Windows
>> 2000 Microsoft Exchange, but I feel that may be an acceptable trade-off
>> at this point.
>
> Any reasonably recent version of OpenSSL will by default favour stronger
> ciphers, including listing ciphers that do forward-secrecy above the rest.
> For example, with OpenSSL 1.0.2 I get:

Indeed, you are right, if I simply set `tls_preempt_cipher_list=yes`,
then this will work that way.

> That said, I would recommend reducing the attack surface by dropping some
> ciphers nobody is using that would not be a good idea to use:
>
>       smtpd_tls_exclude_ciphers = aDSS, kDH, kECDH, SEED, IDEA

what about aNULL, MD5 and DES? They seem relatively safe to disable as well

Reply via email to