[Ach] Suggested Postfix config allows some weak ciphers - please review

[christian mock]

On Sat, May 03, 2014 at 09:37:10AM +0100, Thomas Preissler wrote:
> Hello,
> 
> I had a go at your recommended Postfix settings. I am on Debian Wheezy,
> Postfix 2.9.6-2.
> 
> When testing these settings with https://starttls.info/, I get the
> following report:
> 
>   Key exchange
>   Anonymous Diffie-Hellman is accepted. This is suspectible to
>   Man-in-the-Middle attacks.
> 
>   Cipher
>   Weakest accepted cipher: 0.

I think the grading used by starttls.info is sub-optimal[0]. 

The issue is that nobody verifies certificates with opportunistic SMTP
encryption[citation needed], which in turn means there is no security
against MITM anyways.

After all, it is *opportunistic* encryption, and whatever you do to
limit the choices would increase the risk of connections falling back
to good old plain text.

A quick analysis of my log files says:

63% of incoming and 84% of outgoing TLS connections are of the
anonymous DH variant.

Of the outgoing connections, only 10% are ones where a certificate
could be verified.

Disabling RC4 ciphers would lose 3% of the incoming and 0.04% of
outgoing TLS connections.

tl;dr: there's a reason the settings in the paper are what they are.

cm.

-- 
Christian Mock                          Wiedner Hauptstr. 15
Senior Security Engineer                1040 Wien
CoreTEC IT Security Solutions GmbH      +43-1-5037273
FN 214709 z

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
CoreTEC: Web Application Audit - Damit so etwas nicht passiert!

http://heise.de/-1260559

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.