Re: [exim] GnuTLS vs OpenSSL

Pàgina inicial
Delete this message
Reply to this message
Autor: exim-users
Data:  
A: exim-users
Assumpte: Re: [exim] GnuTLS vs OpenSSL
Hi Andrew,

On 18.09.21 22:45, Andrew C Aitchison via Exim-users wrote:
>> I use testssl.sh (https://testssl.sh/) to verify my configuration
>> (as there is nothing handy like the Qualys Test for HTTPS, IMHO).
>
> Hardenize https://www.hardenize.com/ is not bad.


Yes, Hardenize is a good start, I like their holistic approach. Compared to the Qualys SSL test however,
the TLS information is not as detailed as it could be.

>> Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4
>>
>> PFS is offered (OK)          TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305 TLS_AES_128_GCM_SHA256 TLS_AES_128_CCM_SHA256
>> ECDHE-RSA-AES128-GCM-SHA256
>> Elliptic curves offered:     prime256v1 secp384r1 secp521r1 X25519 X448
>> Finite field group:          ffdhe2048 ffdhe3072 ffdhe4096 ffdhe6144 ffdhe8192
>>
>> Testing server preferences
>>
>> Has server cipher order?     yes (OK) -- TLS 1.3 and below
>> Negotiated protocol          TLSv1.3
>> Negotiated cipher            TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256)
>> Cipher order
>>    TLSv1.2:   ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES128-GCM-SHA256 AES256-GCM-SHA384 AES256-CCM AES128-GCM-SHA256 AES128-CCM
>>    TLSv1.3:   TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256 TLS_AES_128_CCM_SHA256
>
>> Besides this: About 85% of the incoming traffic is still unencrypted
>> (for my statistics, mainly because some high volume mailing list
>> servers do not use TLS), about 10% uses TLS1.3, 5% still uses TLS1.2
>> (I log TLS ciphers via +tls_cipher in Exim).


> It looks as though you do not allow TLSv1.1 - I suspect that a substantial faction of that 85% would use it if you allowed it.
> For email it is probably better to allow TLSv1.1 than reject it
> and end up receiving the message in plain.


TLS1.2+ is state of the art, I intentionally disabled anything below that. That unencrypted fraction is mainly
from LMKL, their host does not even try STARTTLS. Which is okay for a public mailing list server, imho.

Regards,
Thomas