Hello!
Viktor Dukhovni <postfix-us...@dukhovni.org> schrieb am 05.03.20 um 18:52:55
Uhr:
> On Fri, Mar 06, 2020 at 12:26:06AM +0100, ratatouille wrote:
>
> > I have just too TLSv1 connections this month:
> > ...
> > 11 TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)
> > 9 TLSv1.2 with cipher CAMELLIA256-SHA (256/256 bits)
> > 9 TLSv1.2 with cipher CAMELLIA128-SHA (128/128 bits)
> > 9 TLSv1.1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
> > 8 TLSv1.1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)
> > 8 TLSv1.1 with cipher AES256-SHA (256/256 bits)
> > 8 TLSv1.1 with cipher AES128-SHA (128/128 bits)
> > 7 TLSv1.1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)
> > 7 TLSv1.1 with cipher DHE-RSA-CAMELLIA128-SHA (128/128 bits)
> > 7 TLSv1.1 with cipher DHE-RSA-AES128-SHA (128/128 bits)
> > 7 TLSv1.1 with cipher CAMELLIA256-SHA (256/256 bits)
> > 7 TLSv1.1 with cipher CAMELLIA128-SHA (128/128 bits)
> > 4 TLSv1.2 with cipher ECDHE-RSA-DES-CBC3-SHA (112/168 bits)
> > 2 TLSv1.2 with cipher DES-CBC3-SHA (112/168 bits)
> > 1 TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
> > 1 TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)
>
> That's two out of not very many total, are these actual message
> deliveries, or just probes (tests)?
That were two probes without deliveries.
On another machine I use for communicating with this maillingist I
have 25 TLSv1-connections, 23 from and 2 to connections, all with this
mailinglist.
> > > If not, then perhaps disabling TLSv1 will be harmless, but if you do,
> > > perhaps prod the senders to upgrade first, before you prevent them
> > > from establishing TLS connections to your MTA.
> >
> > internet.nl says TLS 1.1 should be phased out and criticises this.
>
> Just because they say it, doesn't mean it is actually the wise thing to do.
>
> > It also critcises the key exchange paramert DH-4096 as insufficient
>
> See above.
>
> > I just created that key and made it available with
> > smtpd_tls_dh1024_param_file = ${config_directory}/dh_4096.pem
>
> Frankly, 2048-bit DH is quite sufficient, and 4096 is slow, and not be
> supported in some client stacks.
Went back to DH-2048.
> > Ok, thank you very much! Competent as always. I'll keep TLSv1 enabled
> > for now.
>
> You can keep an eye on your logs and decide when it is time to drop
> support. The most important thing is supporting stronger options that
> most clients will negotiate. Removing weaker options is less of a
> priority except when they enable a downgrade attack.
>
> In the case of TLSv1 there's no known (to me anyway) downgrade attack
> from TLSv1.2. SMTP MTAs don't do TLS version fallback, like browsers
> used to do. There's no urgent need to drop support TLSv1 inbound.
Would it to any harm if I drop TLSv1 outbound? Will this cut off the handshake
with this mailinglist for example?
> Just make sure that you support at least TLSv1.2, and ignore the
> checklists that try to shame you for leaving TLSv1 enabled.
yes, ok.
--
Andreas
