On Mon, Oct 14, 2013 at 05:52:19PM +0200, Wolfgang Breyha wrote:
> *) Another thing I'm currently trying to achieve is a preferred cipher list
> preferring PFS with ECDHE first, DHE second, no PFS last.
This is the default with OpenSSL 1.x.y. Use the DEFAULT cipherlist,
and the order prefers ECDHE, then DHE, and last no PFS at each key
length.
> tls_require_ciphers = ECDH:kEDH:HIGH:RC4-SHA:!PSK:!KRB5:!aNULL:!MD5:!DES
This cipher preference is broken. Exim SHOULD NOT encourage users
to attempt to manually tweak OpenSSL cipherlists, even modestly
clueful users get this badly wrong.
A better alternative for SMTP clients doing opportunistic TLS (in
other words willing to send plaintext if TLS support is not detected,
and not performing any verification of the peer certificate) is:
# OpenSSL 1.x setting
$ postconf -d tls_medium_cipherlist
tls_medium_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH
# OpenSSL 0.9.x setting
$ postconf -d tls_medium_cipherlist
tls_medium_cipherlist = ALL:!EXPORT:!LOW:+RC4:@STRENGTH
trying to tweak it to make it stronger is counter-productive (more
mail sent plaintext rather than encrypted or degraded security due
to user error).
--
Viktor.
