Re: [exim] Exclude TLS_RSA_WITH_SEED_CBC_SHA from cipher lis…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Viktor Dukhovni
Date:  
À: exim-users
Sujet: Re: [exim] Exclude TLS_RSA_WITH_SEED_CBC_SHA from cipher list


> On Mar 28, 2018, at 3:10 AM, Konstantin Boyandin via Exim-users <exim-users@???> wrote:
>
> Can someone recommend simplest ciphers selection for Exim, to exclude the mentioned cipher? The settings present on cipherli.st:
>
> tls_require_ciphers = AES128+EECDH:AES128+EDH
> openssl_options = +no_sslv2 +no_sslv3
>
> seem kind of too strict, there were reported problems receiving email after the above were put in effect.


Per RFC7435, some security is better than none, and with opportunistic security one should should not be too strict in disabling weak ciphers. However, one should eventually disable weak ciphers which disappeared from use. Reducing the attack surface is also a worthy goal.

Therefor there are some deprecated ciphers that I recommend for removal to Postfix users.
These should also be suitable for removal in Exim.

    MD5, aDSS, kECDH, kDH, SEED, IDEA, RC2, RC5


To exclude these, your cipherlist would be:

DEFAULT:+RC4:!LOW:!EXPORT:!MD5:!aDSS:!kECDH:!kDH:!SEED:!IDEA:!RC2:!RC6

You can probably also disable RC4 if you like, its use is rather negligible,
just a handful of Microsoft Exchange 2003 systems that most people never get
email from. For that, change "+RC4" (which moves it to the end of the list)
to "!RC4" (which disables it).

In Postfix I enable anonDH ciphers, for reasons in explained in:

https://tools.ietf.org/html/rfc7672#section-8.2

Security scanners tend to also warn you about that, so you'd need to be willing to ignore any such warnings. For that to be useful the anonymous ciphers would have to be preferred, and so the cipherlist becomes:

aNULL:-aNULL:ALL:+RC4:!LOW:!EXPORT:!MD5:!aDSS:!kECDH:!kDH:!SEED:!IDEA:!RC2:!RC6:@STRENGTH

Here the addition and removal of "aNULL" before including "ALL" moves the "aNULL"
ciphers to the front of the list, but @STRENGTH, does a stable sort by bit-stremgth,
so you get aNULL at the front of the list for each key length.

-- 
-- 
    Viktor.