On Fri, Oct 04, 2013 at 11:21:34AM -0400, micah wrote:
> > By default the server picks the client's most preferred cipher that
> > is also available on the server. You can set "tls_preempt_cipherlist
> > = yes" to have the server use its most preferred cipher supported
> > by the client. This could break some fragile clients that offer
> > ciphers (at a low preference) whose implementation is broken.
>
> That is interesting. I tried to preempt the cipherlist and disable ECDHE
> to avoid the NIST curves, but couldn't get postfix to exclude that
> cipher using smtpd_tls_exclude_ciphers.
You using an interface that is too low level. To disable EECDH support
set the EECDH grade to "none"
smtpd_tls_eecdh_grade = none
You don't need to change the preempt setting for this, disabled
algorithms are never selected.
> It wasn't clear to me from
> http://www.postfix.org/postconf.5.html#smtpd_tls_exclude_ciphers what
> the correct syntax to use there is, I tried kxECDHE but that didn't work
> either. Do you what format those are specified in?
I prefer to discourage explicit use of the low level OpenSSL cipher
settings. They are there for emergencies, but Postfix works hard
to avoid any need for users to set these.
As I mentioned before, there is really no rational basis for making
any changes in this space. We don't know which of the crypto
primitives are compromised if any. If you are using TLS, that's
much stronger than plaintext, the rest is largely immaterial.
--
Viktor.
