On Fri, Jan 29, 2021 at 06:53:09PM +0100, Matus UHLAR - fantomas wrote:
> >> smtpd_tls_exclude_ciphers=MD5,SRP,PSK,aDSS,kECDH,kDH,SEED,IDEA,RC2,RC5,RC4,3DES
> >> smtpd_tls_mandatory_exclude_ciphers=aNULL
> >
> >Mostly harmless, but not necessary.
>
> yes, but when the policy is encryption required for client-server
> connections, aNULL would break that IIUC
> - please correct me if I'm wrong
You're wrong. The "a" in aNULL ciphers stands for "authentication".
These ciphers just do anonymous Diffie-Hellman, but do not authenticate
either party. They encrypt the traffic just as well as the ciphers
that present certificates that you ignore anyway.
> >> smtp_tls_mandatory_protocols could have ,!TLSv1 appended though.
> >> (some seem to recommend even ,!TLSv1.1)
> >
> >No. That's unwise. Causes needless downgrades to cleartext.
>
> not for tls_mandatory* where it should cause temporary error.
Yes. OK, for mandatory TLS.
--
Viktor.
