I've recently enabled Ephemeral Elliptic Curve Diffie-Hellman (EECDH)
key exchange on our inbound Postfix servers (Postfix compliled and linked
with OpenSSL 1.0.0), by setting:
smtpd_tls_eecdh_grade = strong
Counting recently logged ciphers yields:
33258 DHE-RSA-AES256-SHA
13126 RC4-SHA
3976 RC4-MD5
2972 ADH-AES256-SHA
1620 AES128-SHA
1052 EDH-RSA-DES-CBC3-SHA
971 DHE-RSA-CAMELLIA256-SHA
320 AES256-SHA
---> 302 AECDH-AES256-SHA
168 ADH-CAMELLIA256-SHA
86 DES-CBC3-SHA
---> 18 ECDHE-RSA-AES256-SHA
13 ADH-SEED-SHA
Which shows approximately 1% of clients using EECDH. No problems observed.
The default setting in Postfix is to not enable EECDH (which was a
somewhat "experimental" OpenSSL feature at the time support was added
in Postfix). I think that EECDH is now mature enough for main-stream use,
but more field experience is probably required before it is enabled by
default.
So, if you are running Postfix 2.4 or later, and it is compiled against
OpenSSL 1.0.0 (or today's 1.0.0a), please test EECDH support by setting
"smtpd_tls_eecdh_grade = strong". If there are no problem reports,
perhaps we can enable this by default in Postfix 2.8.
To improve the odds of your Postfix with OpenSSL 1.0.0 SMTP client using
EECDH when servers support it, you need to set:
tls_export_cipherlist = aNULL:-aNULL:ALL:+RC4:@STRENGTH
tls_low_cipherlist = aNULL:-aNULL:ALL:!EXPORT:+RC4:@STRENGTH
tls_medium_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH
tls_high_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
These settings are for OpenSSL 1.0.0 only, do not use these with OpenSSL
0.9.x. The cipherlist order semantics changed in 1.0.0. These settings
will become the default in upcoming Postfix releases and patch-levels
(when compiled with OpenSSL 1.0.0 include files, and presumably also
linked with 1.0.0 libraries).
--
Viktor.
