"Correct" way to override cipher list?

Fri, 29 Oct 2021 20:37:32 -0700 

Hey there all,
I'm in the process of vetting historical postfix configs -- comparing so many things in a historic config where prior employees overrode the defaults and perhaps why. 


Wietse, let me say thank you for making it easier than it would be with 
sendmail.cf :)



I see sites like cipherlist.eu suggesting overriding the "medium" cipher 
set to only be:


smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_mandatory_ciphers = medium
tls_medium_cipherlist = EECDH+AESGCM:EDH+AESGCM
tls_preempt_cipherlist = yes


WHich feels like it would break anyone with an older mail server.  We 
*want* to receive mail from everyone -- since we're saying "may" we 
basically default to no cipher if we can't do one.  If someone else thinks 
ECDHE-RSA-AES128-GCM-SHA256 is enough, I'd rather that be used than go 
plaintext.



It also feels like overriding "medium" is a really poor idea here.  Like, 
if you want optimal security, why wouldn't you override high?


When I look at postconf -d, I see:

tls_export_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:LOW:EXPORT:+RC4:@STRENGTH
tls_high_cipherlist = aNULL:-aNULL:HIGH:@STRENGTH
tls_low_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:LOW:+RC4:@STRENGTH
tls_medium_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH

But can't find how @STRENGTH is evaluated.

So the questions (all inter-related):


1) What does @STRENGTH mean in this context?  Where is it defined?  It is 
some kind of bitstrength equivalence?



2) Will postfix allow you to specify a "custom" cipherlist while leaving 
the defaults in, like tls_ourorg_cipherlist?



3) Will the builtin values of these ciphers change over time, for 
example to exclude known-broken or known-deprecated ciphers, inline with 
RFC's perhaps?  (i.e. will "High" change)



4) Is there an equivalent target for tls_protocols, i.e that only reprents 
"high" (as in non-broken) protocols?  For example, it looks like at some 
point postfix stopped doing sslv2 and sslv3 (so the above 
smtpd_tls_protocols is already wrong for a modern postfix?), but with 
tls10 also known-problematic, will that drop out at some point?


Best,

-Dan

--

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
FB:  fb.com/DanielMahoneyIV
LI:   linkedin.com/in/gushi
Site:  http://www.gushi.org
---------------------------























					Reply via email to