Re: [exim] GnuTLS vs OpenSSL

Página Inicial
Delete this message
Reply to this message
Autor: Andrew C Aitchison
Data:  
Para: Viktor Dukhovni via Exim-users
Assunto: Re: [exim] GnuTLS vs OpenSSL
On Mon, 20 Sep 2021, Viktor Dukhovni via Exim-users wrote:
>On Mon, 20 Sep 2021 "Thomas" wrote:
>> Any site, that does not support at least TLS 1.2 is running absolutely
>> outdated software. GnuTLS handshake errors are logged very few times
>> (<<1% of the messages), I suppose that enabling TLS1.1 and lower would
>> not increase encrypted connections very much.
>
> Indeed, but my take is that some encryption is better than no
> encryption, see <https://datatracker.ietf.org/doc/html/rfc7435>.
>
>> Anyway: My main goal is to protect credentials of my users, if I would
>> enable TLS1.1 and lower, I would risk that this communication is not
>> secured adequately.
>
> Indeed, that's why I would recommend a floor of TLS 1.2 for portss 587
> and 465, but not necessarily port 25.
>
>> Additionally, I enforce encryption (TLS1.2+) on outgoing connections
>> (only very few sites do not support that, I maintain a list of
>> exceptions, when I see mails lingering in the queue).
>
> This is where our priorities differ. Barring a practical downgrade
> attack on SMTP STARTTLS made possible by keeping TLS 1.0 enabled, I
> see little reason yet to force the remaining TLS 1.0 to use cleartext.
> (Yes I'm aware of past cross-protocol attacks, see the author list of
> DROWN: <https://drownattack.com/drown-attack-paper.pdf>)


> Anyway, your call of course. My take is that supporting TLS 1.0 does
> not in any practical way reduce the security of email sent to sites that
> support TLS 1.2 or 1.3. TLS version negotiation is downgrade resistant.
> Downgrades would in any case require an active attack, and SMTP STARTTLS
> does not defend against active attacks. Far easier to just strip
> STARTTLS than to perform TLS version downgrades.


DROWN makes me think it would be sensible not to use the same
certificate for SMTP with TLS 1.0 or 1.1 and any non-SMTP service
- particularly webmail.

-- 
Andrew C. Aitchison                    Kendal, UK
             andrew@???