Re: [exim] GnuTLS vs OpenSSL

Interesting discussion ... I am in a slightly different place on our
three public mail servers that handle circa 200,000 mails per day for
about 20-30 domains.

1. I use Devuan 3.1 (Beowulf) and compile Exim from source with OpenSSL
rather than GnuTLS.  NB. No systemd here to fek with things!

2. For maximum compatibility I use a relatively permissive cipher list
and RSA-4096 for incoming connections as Microsoft Outlook servers
refused to talk to Exim with ECC certificates, hence this:

    #
    # Logging options
    #
    log_selector = +subject +tls_cipher +tls_peerdn

    #
    # Enable TLS with strong ciphers
    #
    MAIN_TLS_ENABLE = true

    #
    # OpenSSL options
    #
    openssl_options = -all +no_sslv2 +no_sslv3 +no_compression
+cipher_server_preference

    #
    # RSA 4096-bit certificate so that Microsoft can talk to us.... doh!
    #
    tls_certificate = /etc/ssl/thorcom/RSA/_star_.thorcom.net-bundle.crt
    tls_privatekey = /etc/ssl/thorcom/RSA/_star_.thorcom.net.key
    tls_dhparam = /etc/ssl/thorcom/RSA/dhparam.pem

    # ensure we tell everyone that we do TLS
    tls_advertise_hosts = *

    #
    # Better list of ciphers post debate on Exim mailing list
    #
    tls_require_ciphers = ALL:!LOW:!aDSS:!aNULL:!SSLv2:!PSK:!SRP:@STRENGTH

    # advertise auth to TLS sessions only
    auth_advertise_hosts = ${if eq {$tls_in_cipher}{}{}{*}}

on the basis that its better to receive email (with any encryption)
rather than have it delivered in the clear or not delivered at all...

I assume that my important customers (that require strong encryption
while sending to me) will step up to the mark and will initiate the use
of a decent cipher suite (there is nothing that prevents this).


3. For outgoing email I have to transports:

One called 'remote_smtp_force_tls' and one called 'remote_smtp'.

The first transport is called for important customers (based on a MySQL
query on the destination domain) where they expect (require) encryption
with a minimum strength or a failure to send - think government and
other agencies.  It looks like this:

    #
    # This transport is used for delivering messages over SMTP connections
    # where TLS is mandatory (forced) with high cipher strength. NB. this
    # transport is selected based on the destination domain, so the
hosts that
    # at this point the host(s) that require TLS are 'any' (wildcard)
because we
    # don't care who we're talking to it must use TLS.
    #
    remote_smtp_force_tls:
      driver = smtp
      hosts_require_tls = *
      tls_require_ciphers =
HIGH:!SRP:!PSK:!CHACHA20:!ARIA:!CAMELLIA128:!SHA:@STRENGTH


The other (not important) domains go out over the normal 'remote_smtp'
transport and use optimistic SSL/TLS but they are allowed to fall back
to plain.


Mike


On 18/09/2021 10:58, Sabahattin Gucukoglu via Exim-users wrote:
> Debian always builds Exim against GnuTLS, in its “heavy” variation, but I’ve always resisted by building against OpenSSL (and, incidentally, taken the time to tweak it for me). On the face of it that’s fine, except …
>
> Is there really a good reason? I do it chiefly because I like OpenSSL’s cipher selection (I want very permissive, ordered by @STRENGTH, and TLS 1.3 would be nice). There were also horror stories about RNG entropy starvation caused by GnuTLS.
>
> It’s tedious. I don’t put compilers on my server, and I don’t much enjoy setting up a build environment just to compile Exim against stable libraries and headers. It also makes upgrading much harder.
>
> I appreciate that this is borderline a Debian question, but since there are presumably experienced users of both libraries here, do you think Exim+GnuTLS is actually viable and that if I were to switch to the prebuilt binaries and adapt to GnuTLSisms it would be adequate for a quiet personal server?
>
> Cheers,
> Sabahattin
>
>