Re: bits of encryption
On 13.11.2016 07:55, li...@lazygranch.com wrote: > On Sun, 13 Nov 2016 01:43:17 -0500 > "Bill Cole"wrote: > > >> If the NSA/GCHQ capturing all of your SMTP traffic and saving it for >> hypothetical future decryption is a realistic and significant >> scenario in your threat model, you should reconsider your use of >> email. >> > > I'm in the USA and getting ready for life post Jan 20, 2017. It is very > likely the NSA will be after my email. > > I'll just try the tips in > https://blog.tinned-software.net/harden-the-ssl-configuration-of-your-mailserver/ > > They're just lines in a configure file. Save the old file and you back > to where you were. Just go with the tips from BetterCrypto.org - as the site above suggests, too. Juri
Re: bits of encryption
On Sun, 13 Nov 2016 01:43:17 -0500 "Bill Cole"wrote: > If the NSA/GCHQ capturing all of your SMTP traffic and saving it for > hypothetical future decryption is a realistic and significant > scenario in your threat model, you should reconsider your use of > email. > I'm in the USA and getting ready for life post Jan 20, 2017. It is very likely the NSA will be after my email. I'll just try the tips in https://blog.tinned-software.net/harden-the-ssl-configuration-of-your-mailserver/ They're just lines in a configure file. Save the old file and you back to where you were.
Re: bits of encryption
On 12 Nov 2016, at 18:59, li...@lazygranch.com wrote: # postconf tls_high_cipherlist tls_high_cipherlist = aNULL:-aNULL:HIGH:@STRENGTH verified Assuming the default "high" setting is sufficient, why wouldn't I change this parameter to high rather than medium. postconf smtpd_tls_mandatory_ciphers smtpd_tls_mandatory_ciphers = medium Because if you set it to 'high' then you will be unable to negotiate ANY encryption with some senders, and they will either fall back to sending in cleartext or they will keep trying to negotiate TLS sessions with you, fail, and retry until their queue timeout has passed. With the default 'medium' setting, you still use the (probably) stronger ciphersuites when possible, so using 'medium' only switches some sessions from cleartext to encrypted and some others from slow failure to normal success. The difference between "high" and "medium" ciphersuites is roughly the difference between whether the NSA/GCHQ will be able to crack your SMTP sessions in 10 years or >20 years, assuming that they are capturing and archiving it today. Unless you have "smtpd_tls_security_level=encrypt" in your config, most of the SMTP sessions that could use the 'medium' ciphersuites would end up running in the clear, so the practical difference is between readable in realtime with 'high' and readable (maybe) many years from now with 'medium'. If the NSA/GCHQ capturing all of your SMTP traffic and saving it for hypothetical future decryption is a realistic and significant scenario in your threat model, you should reconsider your use of email. Actually smtp_tls_mandatory_protocols = high, !SSLv2, !SSLv3 since I excluded sslv2 and v3 after drown. What makes you think "high" is a valid token for that parameter or for its server-side equivalent analog smtpd_tls_mandatory_protocols? Seriously: RTFM. It's pretty clear that you haven't done that or carefully read my messages in this thread, so I'm unlikely to waste any more time on it.
Re: bits of encryption
On Sat, 12 Nov 2016 15:29:54 -0500 "Bill Cole"wrote: > On 11 Nov 2016, at 14:31, li...@lazygranch.com wrote: > > > On Fri, 11 Nov 2016 09:54:48 -0500 > > "Bill Cole" wrote: > > [big snip...] > > >> The bottom line (if you've made it this far...) is that the > >> settings that involve deep encryption parameters in modern Postfix > >> are best left at their default values unless you have very > >> specific uncommon security needs, can accept outright insoluble > >> breakage in place of imperfect security, and understand every > >> sentence of the TLS_README, the relevant bits of postconf(5), and > >> everything Viktor Dukhovni has ever written about encryption on > >> this list. > > > > My postfix setup lacks the tls_high_cipherlist parameter, > > Unlikely. It is much more likely that your postfix setup simply uses > the default value: > > # postconf tls_high_cipherlist > tls_high_cipherlist = aNULL:-aNULL:HIGH:@STRENGTH > > > > > as shown here: > > https://blog.tinned-software.net/harden-the-ssl-configuration-of-your-mailserver/ > > > > Is the advice on that link reasonable? I see the setup echoed over > > the interwebs, but of course bad advice bounces around the internet > > as well. > > I stand by what I said above, which I THINK answers your question. Is > it unclear? # postconf tls_high_cipherlist tls_high_cipherlist = aNULL:-aNULL:HIGH:@STRENGTH verified Assuming the default "high" setting is sufficient, why wouldn't I change this parameter to high rather than medium. postconf smtpd_tls_mandatory_ciphers smtpd_tls_mandatory_ciphers = medium Actually smtp_tls_mandatory_protocols = high, !SSLv2, !SSLv3 since I excluded sslv2 and v3 after drown.
Re: bits of encryption
On 11 Nov 2016, at 14:31, li...@lazygranch.com wrote: On Fri, 11 Nov 2016 09:54:48 -0500 "Bill Cole"wrote: [big snip...] The bottom line (if you've made it this far...) is that the settings that involve deep encryption parameters in modern Postfix are best left at their default values unless you have very specific uncommon security needs, can accept outright insoluble breakage in place of imperfect security, and understand every sentence of the TLS_README, the relevant bits of postconf(5), and everything Viktor Dukhovni has ever written about encryption on this list. My postfix setup lacks the tls_high_cipherlist parameter, Unlikely. It is much more likely that your postfix setup simply uses the default value: # postconf tls_high_cipherlist tls_high_cipherlist = aNULL:-aNULL:HIGH:@STRENGTH as shown here: https://blog.tinned-software.net/harden-the-ssl-configuration-of-your-mailserver/ Is the advice on that link reasonable? I see the setup echoed over the interwebs, but of course bad advice bounces around the internet as well. I stand by what I said above, which I THINK answers your question. Is it unclear?