On Tue, Oct 15, 2013 at 05:34:21PM +0200, Wolfgang Breyha wrote:
> > [ Postfix has cipher grades (null, export, low, medium, high), users
> > choose one of these, and leave the underlying cipherlists alone! ]
>
> Sure. I wont touch cipher strings if the defaults are reasonable. But the
> results of sites like ssllabs.com testing my webservers suggest the opposite.
With OpenSSL, the defaults are almost certainly better than tweaks
based on an incomplete understanding of the details.
Also keep in mind that SMTP use of TLS is almost universally
*opportunistic*, TLS is used without authentication when possible,
and plaintext is used otherwise or as a fallback when TLS handshakes
fail (at least in Postfix).
Therefore, despite all the recent publicity about TLA surveillance
users should not rush to implement knee-jerk crypto hardening.
Often the result is worse than the original configuration.
Enabling TLS for SMTP with default settings is about as good as it
gets today. For more security, in the next year or two implement
DNSSEC for your domain and publish DANE TLSA records. Wait for
your MTA to implement more secure cipher-suite defaults where
appropriate. DO NOT follow guidelines for HTTPS security, the SMTP
threat model is substantially different.
--
Viktor.