On Tue, Oct 15, 2013 at 06:48:02PM -0400, Phil Pennock wrote:
> > [ Postfix has cipher grades (null, export, low, medium, high), users
> > choose one of these, and leave the underlying cipherlists alone! ]
>
> For clarity, Exim's philosophy in such matters, as I interpret this, has
> been to try to do the right thing by default, document to discourage
> playing when an option is dangerous, but expose the full power of the
> underlying API so that those who _do_ know enough can do so.
Sorry, I did not make myself clear. Postfix provides a simplified
abstraction of the OpenSSL ciphersuites, but also exposes the
underlying cipherlists with a stern warning that users should not
change them unless they know exactly what they are doing.
The expectation is that those are "break the glass settings", which
users will set only in an emergency under instruction from experts.
Thus the high level interface safe to expose to users is:
smtp_tls_ciphers = export | low | medium | high
smtp_tls_mandatory_ciphers = export | low | medium | high
and the low level interface is:
# Settings when compiled with OpenSSL 1.0.0 or later.
#
# The aNULL ciphers are automatically suppressed when the client
# is going to authenticate the server, but not otherwise.
#
tls_null_cipherlist = eNULL:!aNULL
tls_export_cipherlist = aNULL:-aNULL:ALL:+RC4:@STRENGTH
tls_low_cipherlist = aNULL:-aNULL:ALL:!EXPORT:+RC4:@STRENGTH
tls_medium_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH
tls_high_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
> We provide a tool which professional postmasters can use as they see
> fit and shy away from being a nanny. We'll _encourage_ people to play
> safe, with sane defaults, but we rarely stop people who _choose_ to
> shoot themselves in the foot.
I've yet to see anyone other than OpenSSL code contributors not
shoot themselves in the foot when tuning cipherlists. So there
needs to be an intermediate interface between "default" and "raw
OpenSSL cipherlist".
Thus an administrator can set the cipher grade for a given destination
to "high" and not have to worry about all the internal details of
what that means in terms of OpenSSL cipherlists.
So yes, I agree that the low level bits need to be accessible, but
they should not be the primary customization interface.
GnuTLS takes a step in that direction with priority strings, but
sadly stumbles over the client-side minimum EDH group sizes.
I am suggesting that perhaps Exim should expose a higher-level
interface that for most users hides the underlying toolkit primitives.
Yes, expose the low-level plumbing too, but make it unnecessary to
use it even when users want typical non-default settings.
--
Viktor.
