Viktor Dukhovni wrote on 3/10/2016 11:57 AM:
On Thu, Mar 10, 2016 at 05:22:22AM -0700, @lbutlr wrote:
smtpd_tls_exclude_ciphers =
EXPORT, LOW, MD5, SEED, IDEA, RC2
smtp_tls_exclude_ciphers =
EXPORT, LOW, MD5, aDSS, kECDHe, kECDHr, kDHd, kDHr, SEED, IDEA, RC2
With opportunistic TLS one should be somewhat cautious about
excluding ciphersuites that are potentially needed for interoperability,
and are not known to be harmful.
I understand that reasoning, but isn't that the same argument (the
"they're not hurting anything" argument) that resulted in SSLv2 and
export ciphers being left enabled in software for a decade or two past
their usefulness? If the ciphers are obsolete or could be used to
provide a weak side channel for breaking a certificate (aka DROWN),
shouldn't they be removed at some point simply because they are likely
to be a problem sooner or later?
