SEMI-OT: Prohibiting RC4 Cipher Suites

[Viktor Dukhovni]

On Fri, Feb 20, 2015 at 08:10:10PM +0100, Peter Koch wrote:

> > I would wait to disable RC4 for another 2-3 years.  With
> 
> The RFC first and foremost gives _implementations_ (libs and apps)
> a hook to cease supporting RC4, so depending on sw vendors and
> maintainers (and your sw update cycle), you might not have these 2-3 years.

Yes, there is a proposal on the openssl-dev list to reclassify RC4
from "MEDIUM" to "LOW" in the upcoming (end of 2015) 1.1.0 release.
I've vocally opposed making this change in the library.

As for applications, Postfix has not disabled RC4 in 3.0.x (2015
release) and will not likely do so in 3.1.x (2016 release).

So I'm working on giving Postfix users the necessary time to not
force them into work-arounds.

Though admittedly sending *to* Exchange 2003 (as opposed to receiving
from Exchange 2003) already requires some tweaks, because this
implementation only looks at the top 64 ciphersuites in the client's
proposal, and with OpenSSL 1.0.1 and later RC4-SHA is no longer in
the top 64 by default.

One needs to "radically" trim the cipherlist to interoperate with
Exchange 2003 receiving systems.

The following trims the list down to just around 50 elements (OpenSSL
master branch, fewer with some older releases) above RC4-SHA.

    # the "high" and "null" cipherlists don't have RC4, so can be
    # left alone.
    #
    tls_export_cipherlist = aNULL:-aNULL:ALL:-RC4:RC4-SHA:@STRENGTH
    tls_low_cipherlist = aNULL:-aNULL:ALL:!EXPORT:-RC4:RC4-SHA:@STRENGTH
    tls_medium_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:-RC4:RC4-SHA:@STRENGTH

    smtp_tls_exclude_ciphers = 
	#
	# No longer used cipher grades
	#
	EXPORT, LOW,
	#
	# No longer used symmetric algorithms
	#
	3DES, IDEA,
	#
	# No longer used digest
	#
	MD5,
	#
	# Nobody uses DSS
	#
	aDSS, aDH,
	#
	# SMTP servers don't generally do shared secret key agreement.
	#
	SRP, PSK,
	#
	# These are too exotic and perhaps slated for deprecation 
	#
	kECDHr, kECDHe

-- 
	Viktor.