On Thu, Apr 24, 2014 at 04:05:54PM +0200, Philipp Gesang wrote:
> > Were the patches in question for Exchange 2003 or for Microsoft's
> > Schannel SSL/TLS library?
>
> According to the client the entire system was on the latest
> patchlevel. I'm afraid I can't be more specific than that.
That's unfortunate.
> > Did you successfully transmit email
> > mesages with "DES-CBC3-SHA" as the only client-side cipher-suite?
>
> We observed the email successfully being relayed using that
> cipher according to the maillog. Here's the line with the host
> anonymized:
>
> Untrusted TLS connection established to
> XXX.FOO.ORG[NNN.NNN.NNN.NNN]:25: TLSv1 with cipher DES-CBC3-SHA
> (128/168 bits)
And the subsequent delivery on that connection completed successfully?
I see, you patched 3DES to 128 bits for sorting purposes, arguably,
because of meet-in-the-middle attacks, the correct strength is 112.
That's why we have SHA2-224 as a companion for 3DES.
> We use OpenSSL 1.x but with 3DES keysize patched to 128 instead
> of 168. Also most servers override the client preferences anyways
> so "@STRENGTH" seems to be of limited value for outgoing connections.
Server preferences are common for Web servers, but rather less
common for SMTP servers. Please resist the urge to assume equivalence
for TLS with SMTP and TLS with HTTPS. I recommend @STRENGTH for
a reason.
> > Postfix 2.12 will by default retry in cleartext not only when the
> > TLS handshake fails, but also when TLS deliveries fail in data
> > transfer. [...]
>
> Thanks for the details. I'll continue lobbying for a Postfix
> upgrade :)
If you do manage to upgrade to Postfix 2.12, please report your
findings. Does the new work-around solve the problem? ...
--
Viktor.
