gromox/{imap,pop3} don't support configuration of TLSv1.2/1.3 ciphers (and ordering)

[robert-scheck]

As of writing, gromox/{imap,pop3} don't support configuration of TLSv1.2/1.3 ciphers (and ordering). What is missing equals actually NGINX settings ssl_ciphers (TLSv1.2), ssl_prefer_server_ciphers (TLSv1.2) and ssl_ecdh_curve (TLSv1.3). Any chance to have this in the future?

IIRC Zarafa (and later Kopano Core as a fork) supported at least the TLSv1.2-compatible part due to https://github.com/robert-scheck/zarafa-patches/blob/main/zarafa-7.1.10-ssl_protocols_ciphers.patch, which might be an inspiration for implementation.

Technical Guideline TR-02102-2: Cryptographic Mechanisms: Recommendations and Key Lengths from the German Federal Office for Information Security ("BSI") recommends specific ciphers, which unfortunately can currently not be configured in gromox/{imap,pop3}.

[jengelh]

Having to edit cipher lists for every individual daemon does not scale very well for an administrator. Gromox thus decided not to offer this and instead just reuse the global (system-wide) configuration. If you want to include or exclude specific TLS versions or ciphers, you do that via openssl.cnf, cf. config(5) manpage section "SSL Configuration".
In SUSE (and RHEL), there is a mechanism called crypto-policies that not only does it for openssl.cnf but a handful of daemons. In addition, there are a few predefined levels provided for convenience, including one that is aptly named BSI.

https://en.opensuse.org/SDB:Crypto-policies
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening

[robert-scheck]

I kindly disagree, because especially "crypto-policies" have the disadvantage to only provide one crypto policy per crypto (library) implementation, but not one per specific daemon/service/software. Aside of that, I don't see how "crypto-policies" would allow to configure server-side ordering preference of ciphers (e.g. performance optimized ciphers vs. stronger ciphers first).

To avoid misunderstandings: My expectation would be to have whatever OpenSSL and crypto-policies define as system-wide defaults, but allow optionally to override using specific settings in the corresponding gromox configuration files (it already works like this for other system services, such as Postfix).