On 2015-06-23 at 16:35 +0200, Johann Klasek wrote: > On Sat, Jun 20, 2015 at 11:33:00AM -0500, Frank Bulk wrote: > > http://www.circleid.com/posts/20150620_logjam_openssl_and_email_deliverabili > > ty/ > > > > FYI, just a heads up. > > OpenSSL now rejects handshakes using DH parameters shorter than 768 bits > as a countermeasure against the Logjam attack (CVE-2015-4000). At least > Debian and Ubuntu is enforcing stricter DH handling with their current > Openssl version. > Consequently, depending on their configuration, some mail servers are > unable to talk to MX servers which do not offer a key of sufficient > length.
For clarity here: Debian ships with Exim as the default MTA and used to patch it to raise the DH size offered to 2048 bits, but did so in such a way that they also raised the client's minimum allowed size to 2048 bits. As of Exim 4.80 (May 2012), we (Exim) split the options and I believe (but am not 100% sure) that it was around then that Debian folks made sure that the patches for older maintained versions would do something similar. As of Exim 4.80, Exim has defaulted to using IKE id 23 from RFC 5114 for DH parameters, making DH available by default, with 2048 bit parameters. At that time, we also set the minimum allowed bit-size when using GnuTLS (as Debian does) to 1024 bits. I believe that we're continuing to accept OpenSSL's defaults, when using OpenSSL. We can revisit that issue. A key issue though is that by default, Exim will fall back to unencrypted because encryption to MX is opportunistic. Given how widespread Debian servers are (in count of server installs, not volume of mail, in which case nobody but Gmail+Yahoo+AOL+Hotmail counts), folks only now encountering DH interop issues because they're using fewer than 768 bits have not been working with folks who mandate TLS. I'm not saying that such sites don't exist. I am saying that: * if you mandate TLS for remote sites which you don't control and haven't arranged TLS with, then you have issues; DH failure blocking delivery should only be affecting Submission or DANE-secured MX mail * the number of sites only now seeing issues is likely far smaller than the fuss would seem to suggest and such sites likely only communicate with specific constrained patterns of senders/receivers, rather than the open Internet. -Phil _______________________________________________ mailop mailing list [email protected] http://chilli.nosignal.org/mailman/listinfo/mailop
