> On Oct 10, 2019, at 10:30 AM, jmedard--- via Exim-users <exim-users@exim.org> > wrote: > > More and more Internet security diagnostic tools (such as Immuniweb and > Hardenize) specify that mail servers should be able to offer their preferred > encryption algorithms. They consider it a security risk if the server must > not be configured to select the best-available suite.
Some of these tools are developed by folks without a long history of experience in TLS for SMTP, and who may not have internalized the message of https://tools.ietf.org/html/rfc7435 In particular, with opportunistic TLS, it is more important to interoperate than to set a high strict "floor" on TLS security. The reason is that failure to negotiate common TLS parameters often results in transmission in the clear as a fallback. Which is hardly an improvement. Therefore, resist the temptation to crank up security to 11, and try to avoid being overly prescriptive in your cipher choices. You can certainly disable the most obvious obsolete ciphers that nobody uses anymore, but otherwise should generally use the default settings of your TLS library. That said, enabling server cipher preference is not unreasonable for MTAs, and should be largely harmless. If you feel you must specify the ciphers, with OpenSSL I recommend: DEFAULT:!EXPORT:!LOW:!aDSS:!kECDH:!kDH:!MD5:!RC4:!3DES:!SEED:!RC2:!RC5:!IDEA This does not exclude future strong ciphers by specifying only a specific list of current candidates, by using the default list, and only subtracting legacy ciphers that may still be enabled in your library depending on how old it is. * !DSS - disable support for DSA certificates nobody uses * !kECDH - disable support "fixed ECDH" that lacks forward secrecy, is not and should not be used * !kDH - ditto for "fixed DH" * !MD5 - Just in case you somehow failed to disable SSLv2, disabling MD5 also disables all SSLv2 ciphers. * The rest are obsolete encryption algorithms that are almost never used. In the case of RC4 and 3DES, it is possible that you'll break TLS with a tiny fraction of peers. You could check your logs for evidence of extant use after enabling server cipher preference, and leaving these enabled initially to see whether they're still needed for your mail traffic. -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/