On Fri, Feb 20, 2015 at 08:10:10PM +0100, Peter Koch wrote:
I would wait to disable RC4 for another 2-3 years. With
The RFC first and foremost gives _implementations_ (libs and apps) a hook to cease supporting RC4, so depending on sw vendors and maintainers (and your sw update cycle), you might not have these 2-3 years.
Yes, there is a proposal on the openssl-dev list to reclassify RC4 from "MEDIUM" to "LOW" in the upcoming (end of 2015) 1.1.0 release. I've vocally opposed making this change in the library.
As for applications, Postfix has not disabled RC4 in 3.0.x (2015 release) and will not likely do so in 3.1.x (2016 release).
So I'm working on giving Postfix users the necessary time to not force them into work-arounds.
Though admittedly sending *to* Exchange 2003 (as opposed to receiving from Exchange 2003) already requires some tweaks, because this implementation only looks at the top 64 ciphersuites in the client's proposal, and with OpenSSL 1.0.1 and later RC4-SHA is no longer in the top 64 by default.
One needs to "radically" trim the cipherlist to interoperate with Exchange 2003 receiving systems.
The following trims the list down to just around 50 elements (OpenSSL master branch, fewer with some older releases) above RC4-SHA.
# the "high" and "null" cipherlists don't have RC4, so can be # left alone. # tls_export_cipherlist = aNULL:-aNULL:ALL:-RC4:RC4-SHA:@STRENGTH tls_low_cipherlist = aNULL:-aNULL:ALL:!EXPORT:-RC4:RC4-SHA:@STRENGTH tls_medium_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:-RC4:RC4-SHA:@STRENGTH
smtp_tls_exclude_ciphers = # # No longer used cipher grades # EXPORT, LOW, # # No longer used symmetric algorithms # 3DES, IDEA, # # No longer used digest # MD5, # # Nobody uses DSS # aDSS, aDH, # # SMTP servers don't generally do shared secret key agreement. # SRP, PSK, # # These are too exotic and perhaps slated for deprecation # kECDHr, kECDHe