Am 05.01.2015 um 19:43 schrieb DTNX Postmaster:
On 05 Jan 2015, at 19:18, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote:
On Mon, Jan 05, 2015 at 06:59:06PM +0100, li...@rhsoft.net wrote:
No, this is a bad idea, it is in fact 3DES that is broken with such servers
Shouldn't we start to disable RC4 as well as DES-CBC3-SHA for that horrible
outdated crap servers and fallback to unencrypted at all instead continue to
work around them years again?
The goal of opportunistic TLS in Postfix is to deliver email with
as much and no more security than is available. There is no agenda.
With Postfix 2.12 such servers will receive mail (slightly delayed)
without manual intervention.
The number of domains that don't support either AES or CAMELLIA,
but do have working RC4 or 3DES is probably quite low. So if you
disable RC4, 3DES (and presumably all LOW and EXPORT ciphers) in
the SMTP client the impact should be small, but this should not be
necessary.
Gmail's outbound servers prefers RC4-SHA if offered by the SMTP
server, when Gmail drops RC4 support, these domains will finally
feel real pressure to either disable or fix their TLS stack.
Gmail prefers ECDHE-RSA-AES256-SHA, and has for quite some time now, if
your inbound MTA supports and encourages it.
no true back in 2014/10
at least not without "tls_preempt_cipherlist = yes" and after that AES
was used, there are a few servers out there which are completly broken
and need DES or RC4 or fail completly to deliver
hence the settings below on the inbound MX turned out to receive 99% of
all mail encrypted and a few senders fall back to unencrypted which
previously failed to deliver until re-enable DES-SHA1
tls_preempt_cipherlist = yes
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_ciphers = medium
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_eecdh_grade = strong
smtpd_tls_exclude_ciphers = EXP, IDEA, KRB5, MD5, RC2, RC4, SEED, SRP,
ECDH+ECDSA, ECDHE-RSA-DES-CBC3-SHA, ECDH-RSA-DES-CBC3-SHA,
EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA
RC4-SHA and SSLv3 have practically disappeared, but 3DES is still quite
active for delivery. We have several customer backend servers that do
poorly with incoming connections, preferring older protocols and
ciphers, while their outgoing connections negotiate much better terms.
i face the opposite, see above
TLSv1.2 accounts for a higher percentage of connections than TLSv1 now,
too.
correct
