> On Oct 29, 2021, at 10:01 PM, Viktor Dukhovni <postfix-us...@dukhovni.org>
> wrote:
>
> On Fri, Oct 29, 2021 at 08:36:38PM -0700, Dan Mahoney (Gushi) wrote:
>
>> I see sites like cipherlist.eu suggesting overriding the "medium" cipher
>> set to only be:
>
> Ignore much of their misguided advice..
>> When I look at postconf -d, I see:
>>
>> tls_high_cipherlist = aNULL:-aNULL:HIGH:@STRENGTH
>> tls_medium_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH
>> tls_low_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:LOW:+RC4:@STRENGTH
>> tls_export_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:LOW:EXPORT:+RC4:@STRENGTH
>
> The export and low ciphers are no longer supported by OpenSSL (1.1.x and
> 3.0.0), the parameters are dead code, but no need to remove them, just
> annoys users with warnings.
So those lists come from openssl, not a postfix define. Gotcha.
>
>> But can't find how @STRENGTH is evaluated.
>
> Just a stable sort on the symmetric bulk cipher key size (AES256
> comes out ahead of AES128).
>
>> 1) What does @STRENGTH mean in this context? Where is it defined? It is
>> some kind of bitstrength equivalence?
>
> See above. Ensures the symmetric bulk ciphers with longer keys have
> priority.
Okay, so it's a macro that says "everything we haven't omitted, from strongest
to weakest", versus some minimum number that can be defined elsewhere in the
config file (or a compile-time define).
That was my other thought, that you could, e.g. set @strength = 240 and not
allow ciphers with an equivalency below that (kind of like ssl labs measures
relative strengths of things, even where that number doesn't make sense).
[snip]
> I am not aware of any substantive issues with TLS 1.0 in SMTP that
> would suggest it is important to disable it in opportunistic TLS.
I'm just going by the way ssllabs seems to score things for HTTPS, which seems
to be where a lot of these cipher recommendations are based. You're still
supporting TLS1.1? NOT WORTHY.
Recently, I went to drive for a food delivery company as a means of "testing
the waters" for my partner, who is a new driver. When they ran my license, I
found a "phantom accident" (in a state I wasn't even in) on my driving record
that I still haven't managed to track down. It turns out it didn't affect my
insurance rates, but it still showed me the brokenness of a system. I'm still
concerned about that record being there.
On the same note, I became aware a few weeks ago that there are companies that
will passively scan your network and sell it to your company's would-be
insurers as some kind of credit rating, as a reason to deny you a policy, or to
not do business with you, and that has had my paranoia up a bit of late.
What we believe is reasonable security versus not losing mail might not be what
the consultant-with-his-shiny-new-CEH-certification (that sold the test to your
insurer) believes.
-Dan
