Re: [exim] Define preferred encryption algorithms

Top Page
This message is part of the following thread:
M--\the complete thread tree sorted by date
M+\MViktor Dukhovni at <-
MMMJeremy Harris at ->
Delete this message
Reply to this message
Author: Phillip Carroll
Date:  
To: exim-users
Subject: Re: [exim] Define preferred encryption algorithms
On 10/11/2019 2:55 AM, Jeremy Harris via Exim-users wrote:
> The openssl_options are fed to the SSL_CTX_set_options() interface
> (via some fairly-obvious processing). The tls_require_ciphers is
> fed to SSL_CTX_set_cipher_list().
>
>
> http://exim.org/exim-html-current/doc/html/spec_html/ch-encrypted_smtp_connections_using_tlsssl.html#SECTreqciphssl
>
> talks about order of the list of ciphers, which to me implies that
> the library uses that order as a preference.
> --
> Cheers,
> Jeremy

@Jeremy:

Apparently IBM agrees with your interpretation:
https://www.ibm.com/support/knowledgecenter/en/SSB23S_1.1.0.15/gtpc2/cpp_ssl_ctx_set_cipher_list.html

Note what IBM support says: "You must specify the ciphers in order of
preference from highest to lowest."

This thread has given me a much deeper understanding of how to manage
cipher negotiation in exim. As a result of this thread I have adopted
Viktor's setting for tls_require_ciphers. (Thanks Viktor)

Following is the cipher list result I see on CentOS 7.7.1908
with openssl 1:1.0.2k-19.el7:
> [root@localhost ~]#openssl ciphers 'DEFAULT:!EXPORT:!LOW:!MEDIUM:!kECDH:!kDH:!aDSS:!PSK'|tr : '\n'
> ECDHE-RSA-AES256-GCM-SHA384
> ECDHE-ECDSA-AES256-GCM-SHA384
> ECDHE-RSA-AES256-SHA384
> ECDHE-ECDSA-AES256-SHA384
> ECDHE-RSA-AES256-SHA
> ECDHE-ECDSA-AES256-SHA
> DHE-RSA-AES256-GCM-SHA384
> DHE-RSA-AES256-SHA256
> DHE-RSA-AES256-SHA
> DHE-RSA-CAMELLIA256-SHA
> AES256-GCM-SHA384
> AES256-SHA256
> AES256-SHA
> CAMELLIA256-SHA
> ECDHE-RSA-AES128-GCM-SHA256
> ECDHE-ECDSA-AES128-GCM-SHA256
> ECDHE-RSA-AES128-SHA256
> ECDHE-ECDSA-AES128-SHA256
> ECDHE-RSA-AES128-SHA
> ECDHE-ECDSA-AES128-SHA
> DHE-RSA-AES128-GCM-SHA256
> DHE-RSA-AES128-SHA256
> DHE-RSA-AES128-SHA
> DHE-RSA-CAMELLIA128-SHA
> AES128-GCM-SHA256
> AES128-SHA256
> AES128-SHA
> CAMELLIA128-SHA

My previous setting (last visited about 4 years ago) resulted in a list
more than double the length of this, with some ciphers considered very
weak included. Although, TLS connections (both directions) typically
result in a TLS1.2 connection using one of the top ciphers in the list.

I also tried adding '@STRENGTH' to the setting but found it produced the
exact same order. Does exim add that, or does openssl automatically sort
by strength?

Phil Carroll

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] tls_sni = $host for all outgoing connectionsRe: [exim] Define preferred encryption algorithms->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)