[Dovecot] patch for ssl_prefer_server_ciphers in dovecot 2.1

Reindl Harald h.reindl at thelounge.net
Sun Oct 20 03:24:09 EEST 2013


Am 20.10.2013 01:58, schrieb Darren Pilgrim:
> On 10/18/2013 5:32 AM, Reindl Harald wrote:
>> Am 18.10.2013 14:22, schrieb Adi Kriegisch:
>>>>> PS: I need that feature to enable PFS while allowing Outlook to still
>>>>> connect and the others not to fall back to a different cipher; I was
>>>>> unable to find a PFS cipher that is supported by Outlook and OpenSSL
>>>>
>>>> ssl_cipher_list =
>>>> EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SSLv2:@STRENGTH
>>>>
>>>> ssl_prefer_server_ciphers = yes
>>>>
>>>> Outlook, at least on WinXP any version, continues to use RC4 ciphers
>>>> but any sane mail client is using PFS ciphers
>>> Thanks for sharing; I opted for disabling RC4 completely and came up with
>>> the following (formatted for readability)
>>>    HIGH:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:
>>>         EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:ECDHE-RSA-AES256-SHA:
>>>         +DHE-RSA-AES256-SHA:!AES256-SHA256:!AES256-GCM-SHA384:!CAMELLIA256-SHA:
>>>         !AES128:!CAMELLIA128:
>>>         !aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SSLv2:!RC4:!SEED:
>>>         +AES256-SHA
>>> which disables every cipher with less than 256bit and leaves AES256-SHA as
>>> a last resort for Outlook...
>>
>> this does *not work* with Outlook 2003-2010 on Windows XP
> 
> It's not Outlook's fault.  Office, IE, etc. all use stunnel which, on XP/2003, is as outdated as OpenSSL 0.9.8.
> 
> Enable 3DES to support XP clients

and how does that give you any gain over RC4?

http://en.wikipedia.org/wiki/Triple_DES#Security
http://en.wikipedia.org/wiki/RC4#Security

>>> It is noteworthy, however, that RC4, being a stream cipher, is the only common
>>> cipher which is immune[9] to the 2011 BEAST attack on TLS 1.0, which exploits a
>>> known weakness in the way cipher block chaining mode is used with all of the other
>>> ciphers supported by TLS 1.0, which are all block ciphers

why do you waste that much time?

sane clients with the ciphers i provided use secure encryption without break
XP users and more you can't do - period



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20131020/caf311d0/attachment.bin>


More information about the dovecot mailing list