Re: [exim] Define preferred encryption algorithms

Pàgina inicial
Delete this message
Reply to this message
Autor: Phillip Carroll
Data:  
A: exim-users
Assumpte: Re: [exim] Define preferred encryption algorithms
On 10/11/2019 2:55 AM, Jeremy Harris via Exim-users wrote:
> The openssl_options are fed to the SSL_CTX_set_options() interface
> (via some fairly-obvious processing). The tls_require_ciphers is
> fed to SSL_CTX_set_cipher_list().
>
>
> http://exim.org/exim-html-current/doc/html/spec_html/ch-encrypted_smtp_connections_using_tlsssl.html#SECTreqciphssl
>
> talks about order of the list of ciphers, which to me implies that
> the library uses that order as a preference.
> --
> Cheers,
> Jeremy


@Jeremy:

Apparently IBM agrees with your interpretation:
https://www.ibm.com/support/knowledgecenter/en/SSB23S_1.1.0.15/gtpc2/cpp_ssl_ctx_set_cipher_list.html

Note what IBM support says: "You must specify the ciphers in order of
preference from highest to lowest."

This thread has given me a much deeper understanding of how to manage
cipher negotiation in exim. As a result of this thread I have adopted
Viktor's setting for tls_require_ciphers. (Thanks Viktor)

Following is the cipher list result I see on CentOS 7.7.1908
with openssl 1:1.0.2k-19.el7:
> [root@localhost ~]#openssl ciphers 'DEFAULT:!EXPORT:!LOW:!MEDIUM:!kECDH:!kDH:!aDSS:!PSK'|tr : '\n'
> ECDHE-RSA-AES256-GCM-SHA384
> ECDHE-ECDSA-AES256-GCM-SHA384
> ECDHE-RSA-AES256-SHA384
> ECDHE-ECDSA-AES256-SHA384
> ECDHE-RSA-AES256-SHA
> ECDHE-ECDSA-AES256-SHA
> DHE-RSA-AES256-GCM-SHA384
> DHE-RSA-AES256-SHA256
> DHE-RSA-AES256-SHA
> DHE-RSA-CAMELLIA256-SHA
> AES256-GCM-SHA384
> AES256-SHA256
> AES256-SHA
> CAMELLIA256-SHA
> ECDHE-RSA-AES128-GCM-SHA256
> ECDHE-ECDSA-AES128-GCM-SHA256
> ECDHE-RSA-AES128-SHA256
> ECDHE-ECDSA-AES128-SHA256
> ECDHE-RSA-AES128-SHA
> ECDHE-ECDSA-AES128-SHA
> DHE-RSA-AES128-GCM-SHA256
> DHE-RSA-AES128-SHA256
> DHE-RSA-AES128-SHA
> DHE-RSA-CAMELLIA128-SHA
> AES128-GCM-SHA256
> AES128-SHA256
> AES128-SHA
> CAMELLIA128-SHA


My previous setting (last visited about 4 years ago) resulted in a list
more than double the length of this, with some ciphers considered very
weak included. Although, TLS connections (both directions) typically
result in a TLS1.2 connection using one of the top ciphers in the list.

I also tried adding '@STRENGTH' to the setting but found it produced the
exact same order. Does exim add that, or does openssl automatically sort
by strength?

Phil Carroll