On 08/19/2015 08:59 AM, Viktor Dukhovni wrote:
On Wed, Aug 19, 2015 at 08:46:03AM -0700, Alice Wonder wrote:
if [ -d /etc/ssl/private ]; then
mkdir -p /etc/ssl/private
chmod 710 /etc/ssl/private
fi
I ended up specifying smtpd_tls_CAfile
which has both the intermediary certs.
That works well and is not difficult to do
It has the side-effect of sending the DNs of all the CAs in question
in the TLS handshake to clients if you some day enable "smtpd_tls_ask_ccert
= yes", and often loads more CAs into memory than you need.
It is not wrong of course, but it is a more indirect way of getting
the right result.
No cargo-cult settings please.
This is what I am using
smtpd_tls_exclude_ciphers = RC4, 3DES, IDEA
I still have to go through.
It is not (yet) a good idea to disable RC4 or 3DES on the server
side. IDEA is essentially unused, so removing it harmless.
Don't (yet) disable RC4 or 3DES, this just makes it harder for
some systems to send you email.
I'm not that worried about RC4 or 3DES in smtp to smtp
What I'm worried about is a cipher downgrade attack between an e-mail
client and the server that causes a weaker cipher to be used allowed
authentication information to potentially be compromised.
That's why I don't want RC4 and if I could do it without impacting port
25 traffic, go to strict strong ECDHE and maybe DHE ciphers on 587 only,
so it doesn't impact smtp to smtp where login credential theft isn't an
issue.
