On Fri, Apr 11, 2014 at 10:32:17PM +0100, Sean Wilson wrote: > http://postfix.1071664.n5.nabble.com/Postfix-and-TLS-1-2-td66859.html
> I am battling to understand why my Postfix server doesn't always > use a TLS 1.2 connection with clients that support it. I currently > have the latest version of Postfix installed on FreeBSD 10-STABLE > and I have OpenSSL version 1.0.1g 7 Apr 2014 installed. This is > what happens: When I send an email to someone that uses high grade > encryption the log looks as follows: > > postfix/smtp[2554]: Trusted TLS connection established to > mx.domain.com[xxx.xxx.196.175]:25: > TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) > > All looks good...TLS 1.2 is used and the GCM cipher is used. That's > fine mx.domain.com chooses the most preferred cipher offered by > the TLS client, i.e. your Postfix SMTP server. > > When I receive an email from the same client: > > postfix/smtpd[84316]: Anonymous TLS connection established from > mx.domain.com[xxx.xxx.196.175]: > TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256) As an SMTP/TLS client, possibly for interoperability reasons, this particular MTA chooses to suppress TLSv1.2. > So why is only TLS 1.1 being used? Ask the postmaster of the MTA in question, perhaps they some problems with remote MTAs choking on TLSv1.2 and decided to apply hammer to problem. > Also, why isn't the GCM cipher used, isn't this more secure? Perhaps, but not by much, and perhaps it is a TLA plot, GCM is quite fragile in the face of implementation errors and RNG problems. Many think that GCM is not a good choice for software implementations of AEAD ciphers. > Do I need to tweak the cipher order to use more secure ciphers and TLS > 1.2? No. AES-256-CBC is quite secure enough, the weakest link in protecting your email is probably elsewhere and much weaker than AES-256-CBC. > main.cf contains: > > smtpd_tls_ask_ccert = yes Why? > tls_preempt_cipherlist = yes Not recommended. > smtpd_tls_mandatory_ciphers = high Fine if all your submission clients are suitable capable. > smtpd_tls_ciphers = export Default, but we may at some point change this to "medium", so you should probably not set this explicitly. > smtp_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers > smtp_tls_ciphers = $smtpd_tls_ciphers > lmtp_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers > lmtp_tls_ciphers = $smtpd_tls_ciphers Better define some new parameter: site_mandatory_ciphers = high site_ciphers = medium and define the various parameters using those, rather than alias smtp/lmtp values to smtpd values (which won't work if you ever revert the smtpd values to defaults). -- Viktor.