On 2024-11-22 at 13:24:33 UTC-0500 (Fri, 22 Nov 2024 19:24:33 +0100)
Matus UHLAR - fantomas via Postfix-users <uh...@fantomas.sk>
is rumored to have said:
Now I'm searching for the proper smtpd_tls_exclude_ciphers setting to get at least some, possibly most secure ciphers of those provided in my first mail.

smtpd_tls_exclude_ciphers = 
MD5,SRP,PSK,aDSS,kECDH,kDH,SEED,IDEA,RC2,RC5,RC4,3DES

On 22.11.24 18:20, Bill Cole via Postfix-users wrote:
If you're up to date with Postfix, you probably do not need to list anything in smtpd_tls_exclude_ciphers.

perhaps yes, I have postfix 3.7.11

- IIRC this setting was here to disable weak ciphers in case TLS1.0 is enabled, which is default on 25 with opportunistic encryption

 Cipher Suites (13 suites)
    Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
    Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
    Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
    Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)

On 23.11.24 18:41, Viktor Dukhovni via Postfix-users wrote:
These first four should work fine, unless you're using a version of
OpenSSL that disabled these, at compile time or runtime, perhaps
Redhat/Fedora Crypto policies?

This is Debian 12, postfix 3.7.11 and SSL 3.0.15. smtpd_tls_exclude_ciphers is the only place I tried to raise security level for client connections.

I have even reenabled TLS1.0 in openssl.cnf according to:
https://github.com/openssl/openssl/discussions/22752#discussioncomment-7617584
- this should get used only for client connections so I can run "openssl s_client -tls1"
severs like postfix have their own ssl configuration directives.


Note that these ciphers don't enable "forward-secrecy", they use RSA key
exchange:

   $ openssl ciphers -V -stdname -s -tls1_2 -v 'HIGH+AES+kRSA+CBC:@STRENGTH'
         0x00,0x3D - TLS_RSA_WITH_AES_256_CBC_SHA256               - 
AES256-SHA256                  TLSv1.2 Kx=RSA      Au=RSA   Enc=AES(256)        
       Mac=SHA256
         0x00,0x35 - TLS_RSA_WITH_AES_256_CBC_SHA                  - AES256-SHA 
                    SSLv3   Kx=RSA      Au=RSA   Enc=AES(256)               
Mac=SHA1
         0x00,0x3C - TLS_RSA_WITH_AES_128_CBC_SHA256               - 
AES128-SHA256                  TLSv1.2 Kx=RSA      Au=RSA   Enc=AES(128)        
       Mac=SHA256
         0x00,0x2F - TLS_RSA_WITH_AES_128_CBC_SHA                  - AES128-SHA 
                    SSLv3   Kx=RSA      Au=RSA   Enc=AES(128)               
Mac=SHA1

So, my money is on RSA key exchange being disabled in your OpenSSL,
unless there are other Postfix settings you've not shared that do that.

I can see these ciphers when I fed the command above with contents of tls_medium_cipherlist/tls_high_cipherlist

Looking back at pcap output:

Alert Message
    Level: Fatal (2)
    Description: Handshake Failure (40)


Now I am not even sure it's problem of ciphers (don't that error produce different output?), can this be caused by other property?

Signature Hash Algorithms (10 algorithms)
    Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
    Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
    Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
    Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
    Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
    Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)
    Signature Algorithm: rsa_pkcs1_sha1 (0x0201)
    Signature Algorithm: SHA1 DSA (0x0202)
    Signature Algorithm: ecdsa_sha1 (0x0203)
    Signature Algorithm: MD5 RSA (0x0101)



--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promotional advertisement
"Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to