Hello Marius and everyone having responded.
Thanks, the pieces of advice taken and studied. Looks like I have,
indeed, to allow weaker ciphers for the time being and watch the mail
server for possible problems, otherwise I risk rejecting legitimate mail
sent from ancient mail servers.
Do I understand correctly, that *tls_require_ciphers accepts
OpenSSL-style list (the one also used by Apache and Dovecot), i.e.
something like
tls_require_ciphers = ALL:!LOW:!SSLv2:!EXP:!aNULL
or I should use notation like TLS_RSA_WITH_SEED_CBC_SHA ?
Thanks for insights.
Sincerely,
Konstantin
On 28.03.2018 15:36, Cyborg via Exim-users wrote:
> Am 28.03.2018 um 09:10 schrieb Konstantin Boyandin via Exim-users:
>> After having scanned 4.90.1 installation with OpenVAS, the below was
>> reported:
>>
>> 'Weak' cipher suites accepted by this service via the
>> TLSv1.0/TLSv1.1/TLSv1.2 protocols: TLS_RSA_WITH_SEED_CBC_SHA
>>
>> Default settings (no explicit "tls_require_ciphers",
>> "openssl_options") are in use.
>>
>> Can someone recommend simplest ciphers selection for Exim, to exclude
>> the mentioned cipher? The settings present on cipherli.st:
>>
>> tls_require_ciphers = AES128+EECDH:AES128+EDH
>> openssl_options = +no_sslv2 +no_sslv3
>>
>> seem kind of too strict, there were reported problems receiving email
>> after the above were put in effect.
>
> in theorie:
>
> If you disable sslv3 your doing the world a big favor, but
> unfortunately, the world hates you for it.
>
> in practis:
>
> A "*******" of mailserver implementations worldwide still uses sslv3 to
> connect to your mailserver.
> Disabling it, removes your ability to get that email, which result in
> all sorts of problems.
>
> You can find a list of ciphers typically used here:
>
>
https://marius.bloggt-in-braunschweig.de/2017/05/30/haeufigkeit-von-tls-ciphern/
>
> This statistics was made by analyzing our mailservercluster ( which has
> also lead to
> some f****** hilarious discoveries in crypto fails in germanies "secure"
> goverment infrastructure . I could still LOL all the day :D )
>
> As you can see from the list, a lot of connections are made with TLS
> 1.0, which has the same problems as sslv3
> and should not be used. Even TLS 1.1 should not be used, but (again) a
> lot of systems don't care.
>
> If you rely on TLS 1.2 alone, your mailbox will stay empty most of the
day.
>
> General guideline :
>
> First, make sure your server favors tls1.2 over any other protocol (
> exim ensures it, so your good )
> Second, make sure it favors a good cipher over weak ones. Use -LOW:-MID
>
> "You can only be as secure, as the other part of the connection wants
> you to be secure."
>
> Whats a good cipher ? Let others decide this, who know it better than
> you and me ;)
>
> https://www.owasp.org/index.php/TLS_Cipher_String_Cheat_Sheet
>
> Cipherlist : A+ => A => B => C => C-
>
>
> best regards,
> Marius