On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote:> On 12/1/2014 4:43 PM, Will Yardley wrote: > > Can you use both ssl_protocols *and* ssl_cipher_list in the same config > > (in a way that's sane)? > > > Is there a way to exclude these ciphers, while still keeping my config > > easy to parse and avoiding duplicative or deprecated configs? > > Yes to both. If you need to support older clients: > > ssl_cipher_list = HIGH:!RC4:!MD5:!SRP:!PSK:!aNULL:@STRENGTH > ssl_dh_parameters_length = 2048 > ssl_parameters_regenerate = 0 > ssl_protocols = !SSLv2 !SSLv3 TLSv1 TLSv1.1 TLSv1.2But why does ssl_protocols behave differently depending on if $ssl_cipher_list is defined? Shouldn't !SSLv2 and !SSLv3 be sufficient? It seems that if ssl_cipher_list is defined, ssl_protocols = !SSLv2 !SSLv3 results in TLS1.2 being the only one active, but if it is defined, 1.0, 1.1, and 1.2 are all active? w
Am 02.12.2014 um 06:44 schrieb Will Yardley:> On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: >> On 12/1/2014 4:43 PM, Will Yardley wrote: >>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config >>> (in a way that's sane)? >> >>> Is there a way to exclude these ciphers, while still keeping my config >>> easy to parse and avoiding duplicative or deprecated configs? >> >> Yes to both. If you need to support older clients: >> >> ssl_cipher_list = HIGH:!RC4:!MD5:!SRP:!PSK:!aNULL:@STRENGTH >> ssl_dh_parameters_length = 2048 >> ssl_parameters_regenerate = 0 >> ssl_protocols = !SSLv2 !SSLv3 TLSv1 TLSv1.1 TLSv1.2 > > But why does ssl_protocols behave differently depending on if > $ssl_cipher_list is defined? Shouldn't !SSLv2 and !SSLv3 be sufficient? > > It seems that if ssl_cipher_list is defined, > ssl_protocols = !SSLv2 !SSLv3 > > results in TLS1.2 being the only one active, but if it is defined, 1.0, > 1.1, and 1.2 are all active?ssl_protocols = !SSLv2 !SSLv3 and you are fine, aynthing else is nonsense because when TLSv1.3 will be released you go to each and every server to add it to the config? likely not! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20141202/c94573a4/attachment.sig>
On 12/2/2014 1:32 AM, Reindl Harald wrote:> > Am 02.12.2014 um 06:44 schrieb Will Yardley: >> On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: >>> On 12/1/2014 4:43 PM, Will Yardley wrote: >>>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config >>>> (in a way that's sane)? >>> >>>> Is there a way to exclude these ciphers, while still keeping my config >>>> easy to parse and avoiding duplicative or deprecated configs? >>> >>> Yes to both. If you need to support older clients: >>> >>> ssl_cipher_list = HIGH:!RC4:!MD5:!SRP:!PSK:!aNULL:@STRENGTH >>> ssl_dh_parameters_length = 2048 >>> ssl_parameters_regenerate = 0 >>> ssl_protocols = !SSLv2 !SSLv3 TLSv1 TLSv1.1 TLSv1.2 >> >> But why does ssl_protocols behave differently depending on if >> $ssl_cipher_list is defined? Shouldn't !SSLv2 and !SSLv3 be sufficient? >> >> It seems that if ssl_cipher_list is defined, >> ssl_protocols = !SSLv2 !SSLv3 >> >> results in TLS1.2 being the only one active, but if it is defined, 1.0, >> 1.1, and 1.2 are all active? > > ssl_protocols = !SSLv2 !SSLv3 > > and you are fine, aynthing else is nonsense because when TLSv1.3 will be > released you go to each and every server to add it to the config? likely > not!Configuration management. :) Also, no, you need to do more than just disable SSLv3. You need to disable several cipher groups allowed in TLSv1.0 and TLSv1.1, bump up the DH parameter size, and, if your client base allows it, only allow ciphers with forward secrecy.
On 12/1/2014 9:44 PM, Will Yardley wrote:> On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: >> On 12/1/2014 4:43 PM, Will Yardley wrote: >>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config >>> (in a way that's sane)? >> >>> Is there a way to exclude these ciphers, while still keeping my config >>> easy to parse and avoiding duplicative or deprecated configs? >> >> Yes to both. If you need to support older clients: >> >> ssl_cipher_list = HIGH:!RC4:!MD5:!SRP:!PSK:!aNULL:@STRENGTH >> ssl_dh_parameters_length = 2048 >> ssl_parameters_regenerate = 0 >> ssl_protocols = !SSLv2 !SSLv3 TLSv1 TLSv1.1 TLSv1.2 > > But why does ssl_protocols behave differently depending on if > $ssl_cipher_list is defined? Shouldn't !SSLv2 and !SSLv3 be sufficient? > > It seems that if ssl_cipher_list is defined, > ssl_protocols = !SSLv2 !SSLv3 > > results in TLS1.2 being the only one active, but if it is defined, 1.0, > 1.1, and 1.2 are all active?Where are you see this behaviour? What tool is reporting this?
On Tue, Dec 02, 2014 at 08:34:50AM -0800, Darren Pilgrim wrote:> On 12/1/2014 9:44 PM, Will Yardley wrote: > > On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: > >> On 12/1/2014 4:43 PM, Will Yardley wrote:> >>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config > >>> (in a way that's sane)? > >> > >> Yes to both. If you need to support older clients:> > But why does ssl_protocols behave differently depending on if > > $ssl_cipher_list is defined? Shouldn't !SSLv2 and !SSLv3 be sufficient? > > > > It seems that if ssl_cipher_list is defined, > > ssl_protocols = !SSLv2 !SSLv3 > > > > results in TLS1.2 being the only one active, but if it is defined, 1.0, > > 1.1, and 1.2 are all active? > > Where are you see this behaviour? What tool is reporting this?I have mostly been testing with nmap, e.g., nmap -p 993 --script ssl-enum-ciphers [target] This then breaks down the ciphers by protocol suite. I'll test with your ssl_cipher_list example and see if it's reproducible. w