On Fri, Mar 19, 2021 at 07:53:09PM +0100, Matus UHLAR - fantomas wrote:
> I mean, aNULL on port 25 is fine.
>
> aNULL on port 465 and 587 is not fine, is it?
Of course it is fine, if you're not asking for client certs, and the
client is willing to do aNULL (i.e. ignore your certificates), then
forcing ignored certificates into the handshake does nothing to address
the client's negligence.
Authenticating the server is the *client's* responsibility, the
server cannot *force* the client to do it. At least if you
enable aNULL, and the client happens to use it, you'll have
forensic evidence that the client is doing it.
Perhaps Postfix should have a feature where we then refuse to enable
SASL AUTH when "TLS auth only" is enabled, but the ciphersuite is
anonymous, but sadly this capability is going away with TLS 1.3, for
which aNULL ciphers are not presently defined.
- Client-side willingness to negotiate aNULL is a problem, when the
server should be authenticated.
- Server-side willingless to negotiate aNULL is only an issue when
the server expects client certificates. Otherwise, it is a very
useful forensic aid, and could even be used to *harden* client
access control by excluding sloppy clients after negotiating an
aNULL cipher.
--
Viktor.
