The /usr/share/crypto-policies/DEFAULT/opensslcnf.txt on RHEL 9 looks identical to what you posted for Fedora.
I am not a RHEL expert but I have not see any references to opt out of the crypto policy on a per application basis. You can customize an existing crypto policy or create your own. I think as long as people are follow best practices of running Postfix on a dedicated system they should be able to tweak the system-wide policy should they really need to do so, absent any options for granular application configuration. Comparing the DEFAULT policy with the LEGACY policy seems to reduce the security of the system by allowing "..SHA-1 in the TLS hash, signature and algorithm. CBC-mode ciphers are allowed to be used with SSH. Applications using GNUTLS allow certificates with SHA-1" Other than this the TLS, IKEv2, SSH2 protocols are the same as DEFAULT. The RSA keys and Diffie-Hellman parameters are also the same. On Fri, May 5, 2023 at 8:30 PM Viktor Dukhovni via Postfix-users < postfix-users@postfix.org> wrote: > On Fri, May 05, 2023 at 08:28:48PM -0400, Viktor Dukhovni via > Postfix-users wrote: > > > You should of course also share ( > https://www.postfix.org/DEBUG_README.html#mail) > > > > $ postconf -nf > > $ postconf -Mf > > > > without any changes in whitespace, including line breaks. Attaching > > these as text files may be simplest if your mail client won't coöperate. > > And, if applicable, post the content of: > > /usr/share/crypto-policies/DEFAULT/opensslcnf.txt > > Which on a sample Fedora36 system holds: > > CipherString = > @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:kRSAPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 > Ciphersuites = > TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256 > TLS.MinProtocol = TLSv1.2 > TLS.MaxProtocol = TLSv1.3 > DTLS.MinProtocol = DTLSv1.2 > DTLS.MaxProtocol = DTLSv1.2 > SignatureAlgorithms = > ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 > > [openssl_init] > alg_section = evp_properties > > [evp_properties] > rh-allow-sha1-signatures = yes > > Postfix (at least in a default configuration) is not affected by: > > CipherString > TLS.MinProtocol > TLS.MaxProtocol > DTLS.MinProtocol > DTLS.MaxProtocol > > But currently has no controls to override: > > # TLS 1.3 ciphersuites (not a priority to fine-tune) > Ciphersuites = ... > > # TLS 1.2 signature algorithm negotiation (the RH list is fine) > SignatureAlgorithms = ... > > # If this is set to "no", TLS 1.0 key exchange is likely to break. > # In some cases certificate verification may break. > rh-allow-sha1-signatures = yes > > I don't even know whether RedHat exposes any mechanisms for applications > to opt-out of crypto policy and use only application-driven OpenSSL > configuration. This is should perhaps be looked into in the Postfix 3.9 > timeframe. > > -- > Viktor. > _______________________________________________ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org >
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
