[pfx] Re: SHA224 Phase out

Sun, 10 May 2026 12:04:03 -0700 

On Sun, May 10, 2026 at 07:33:39PM +0200, luca-lists--- via Postfix-users wrote:

> I like to be in compliance with the internet.nl mail server test.

My recommendation is finding a better use of your time.  There is no
relevant risk.  Its 112-bite collision resistance protects your mail far
better than the RSA signatures you'd pair it with (not post-quantum and
all that).

> Recently I got an advisory that SHA224 is to be phased out.

Of no relevance in Postfix or TLS.

> smtpd_tls_signature_exclusion = SHA224

    1. SHA224 is not a signature algorithm.
    2. It is not used with any TLS 1.3 signature schemes.
    3. It can be a component of a TLS 1.2 signature scheme, but is
       never negotiated in practice.
    4. Postfix does not have a smtpd_tls_signature_exclusion parameter,
       if you want to restrict the signature algorithms advertised by
       OpenSSL, you need to do it in an "openssl.cnf"-style file loaded
       by and specifically create for Postfix.

> and also:
> 
> tls_medium_cipherlist = 
> EECDH+AESGCM:EDH+AESGCM:ECDHE+CHACHA20:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA224

1.  Signature schemes are not ciphers, they're negotiated separately.
2. Don't change this parameter, it is not intended for non-experts.

> AI suggested:
> 
> tls_config_file = /etc/postfix/tls_config.conf

The AIs have been reading Postfix documentation, and/or the mailing
list.

> with contents:
> 
> openssl_conf = postfix_tls
> 
> [postfix_tls]
> ssl_conf = postfix_ssl_sect
> 
> [postfix_ssl_sect]
> system_default = postfix_system_default
> 
> [postfix_system_default]
> SignatureAlgorithms =
> RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512

That list is too restrictive, you need additional entries for TLS 1.3.
And you'll end up freezing the list at a setting that eventually will
omit stronger algorithms.

You really SHOULD NOT attempt to "solve" this non-problem.  Any such
"solution" will be counterproductive.

> This works - just wondering if it is normal that
> smtpd_tls_signature_exclusion = SHA224 does not offer the desired
> result alone.

Made up parameter names have no effect other than warnings in your logs
that the parameter is made up.

-- 
    Viktor.  🇺🇦 Слава Україні!
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to