Re: Cannot Start TLS: handshake failure

Fri, 01 May 2015 00:02:52 -0700 

On Fri, May 01, 2015 at 04:51:03AM +0000, Viktor Dukhovni wrote:

> For this server, you need a more "compact" cipherlist as a work-around.
> 
>       smtp_tls_exclude_ciphers = 
>               #
>               # Disable MD5, DSA, SRP and PSK, and the "exotic" fixed DH 
> cipher suites.
>               #
>               MD5, SRP, PSK, aDSS, kECDH, kDH,
>               #
>               # Disable 256-bit ciphers, 128-bit is for now quite strong 
> enough.
>               # Also disable the largely unused SEED, IDEA, RC2, RC5, ...
>               # leaving just AES128, CAMELLIA128, RC4 and 3DES.
>               #
>               AES256, CAMELLIA256, SEED, IDEA, RC2, RC5

Following up, we don't (as yet) even need to disable AES256 or
CAMELLIA256.  Until ChaCha20 and other new cipher-suites show up,
the following still leaves RC4 in the top 64, and does not disable
anything useful in practice:

        smtp_tls_exclude_ciphers = 
                #
                # Disable MD5, DSA, SRP and PSK, and the "exotic" fixed DH 
cipher suites.
                #
                MD5, SRP, PSK, aDSS, kECDH, kDH,
                #
                # Disable 256-bit ciphers, 128-bit is for now quite strong 
enough.
                # Also disable the largely unused SEED, IDEA, RC2, RC5, ...
                # leaving just AES128, CAMELLIA128, RC4 and 3DES.
                #
                SEED, IDEA, RC2, RC5

This even with OpenSSL "master", which has more cipher-suites than older 
releases:

    $ openssl ciphers -v 
'aNULL:-aNULL:HIGH:MEDIUM:LOW:EXPORT:+RC4:@STRENGTH:!kDH:!kECDH:!aDSS:!PSK:!SRP:!MD5:!SEED:!IDEA:!RC2:!RC5'
 | egrep -n 'RC4-SHA|DES-CBC3-SHA'
    49:AECDH-RC4-SHA           SSLv3 Kx=ECDH     Au=None Enc=RC4(128)  Mac=SHA1
    50:ECDHE-RSA-RC4-SHA       SSLv3 Kx=ECDH     Au=RSA  Enc=RC4(128)  Mac=SHA1
    51:ECDHE-ECDSA-RC4-SHA     SSLv3 Kx=ECDH     Au=ECDSA Enc=RC4(128)  Mac=SHA1
    52:RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
    53:AECDH-DES-CBC3-SHA      SSLv3 Kx=ECDH     Au=None Enc=3DES(168) Mac=SHA1
    54:ADH-DES-CBC3-SHA        SSLv3 Kx=DH       Au=None Enc=3DES(168) Mac=SHA1
    55:ECDHE-RSA-DES-CBC3-SHA  SSLv3 Kx=ECDH     Au=RSA  Enc=3DES(168) Mac=SHA1
    56:ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH     Au=ECDSA Enc=3DES(168) 
Mac=SHA1
    57:DHE-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
    58:DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1

So the above setting makes a rather sensible default exclusion
list, while we're still plagued with coddling Exchange 2003 servers.

-- 
        Viktor.

Reply via email to