On Sun, Nov 08, 2015 at 07:52:27AM -0500, John Allen wrote:
> I ran the ssl-tools tests on my mail server.
> Everything seems to be OK, *BUT* it reports that i am using a weak cipher
> "ECDHE_RSA_WITH_RC4_128_SHA"!
Ignore their report for now. I am tentatively planning to disable
RC4 in default Postfix configurations in the Postfix 3.2 release
in January of 2017. For now RC4 is more useful than harmful. With
opportunistic TLS, it is only used when it is the client's only or
most-preferred ciphersuite.
An active attacker need not waste time downgrading you to RC4, they
can just MITM any of the stong ciphers (with a self-signed certificate)
or just suppress STARTTLS and do cleartext.
A recent paper[1] reports that just under ~0.9% of SMTP servers
exclusively support RC4. While that's low, it is I think not close
enough to zero to drop support for RC4 at this time. One might
the case that large-scale deployment of Postfix 3.1 (to be released
in ~January of 2016) will take a year or more and that perhaps RC4
should be disabled by default in 3.1, rather than 3.2. I'm am not
at present swayed by that argument.
--
Viktor.
[1] No Need for Black Chambers: Testing TLS in the E-mail Ecosystem at Large
Wilfried Mayer, Aaron Zauner, Martin Schmiedecker and Markus Huberâ€
