On Fri, Oct 29, 2021 at 10:39:50PM -0700, Dan Mahoney wrote:
> >> tls_export_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:LOW:EXPORT:+RC4:@STRENGTH
> >
> > The export and low ciphers are no longer supported by OpenSSL (1.1.x and
> > 3.0.0), the parameters are dead code, but no need to remove them, just
> > annoys users with warnings.
>
> So those lists come from openssl, not a postfix define. Gotcha.
No, they don't come from OpenSSL, but they can't add back what OpenSSL
no longer supports. They filter the available OpenSSL ciphers, and
obsolete code points disappear from OpenSSL over time.
Note that if you're using a sufficiently recent Postfix version your
*protocol version* lists should use the ">=minvers" and "<=maxvers"
syntax, rather than a list of individual versions. See the docs.
> > See above. Ensures the symmetric bulk ciphers with longer keys have
> > priority.
>
> Okay, so it's a macro that says "everything we haven't omitted, from
> strongest to weakest", versus some minimum number that can be defined
> elsewhere in the config file (or a compile-time define).
There is no configuration for the minimum bit strength, but in practice
you get 128-bits or better, all the others are gone.
> > I am not aware of any substantive issues with TLS 1.0 in SMTP that
> > would suggest it is important to disable it in opportunistic TLS.
>
> I'm just going by the way ssllabs seems to score things for HTTPS,
> which seems to be where a lot of these cipher recommendations are
> based. You're still supporting TLS1.1? NOT WORTHY.
The crypto maximalists are misguided. We need *widely-used* crypto
more than we need ludicrously storng crypto, especially if it is
ludicrously strong or else NOTHING. See RFC7435.
> What we believe is reasonable security versus not losing mail might
> not be what the consultant-with-his-shiny-new-CEH-certification (that
> sold the test to your insurer) believes.
Sounds like a business opportunity for insurers with clue,
but perhaps there are none left.
If you're in the market for that kind of insurance, sure make my day,
deploy those 16kbit RSA keys, TLS >= 1.3, AES GCM only, &c. This will
make your email less secure, as more of it will be in cleartext, but
hey, you might get cheaper insurance...
--
Viktor.
