New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[enhancement]: Cipher suite configuration is fragile and limited #80
Comments
Thank you for the suggestion, the TLS documentation has now been updated. Please note that in the configuration file distributed with Stalwart the Regarding TLSv1.1 and cipher suite support, Stalwart Mail Server delegates encryption to the rustls library which supports the following cipher suites:
I agree with your point that bad encryption is better than no encryption. However, since |
Awesome! Thanks.
I guess that could be mentioned in documentation as well. It seems that with at least rusttls it isn't possible to increase compatibility by defining a custom set of ciphersuites. If anything, considering the current ciphersuite support, it would be good to emit a warning if someone does define a list.
Thanks for the list. It's a pity that AES-CCM ciphersuites are missing.
That is somewhat unfortunate but understandable. |
I agree, I'll add that to the roadmap.
In case you want to take a look at why |
AES+CCM ciphersuites that are part of TLSv1.2 seem to provide Perfect Forward Security and AFAIK CCM is separate from MAC-then-encrypt modes. This conclusion seems to be supported by rustls/rustls#1034 still being open. This is however mostly out of the scope of this project. |
Which feature or improvement would you like to request?
I'd like to see TLS ciphersuite functionality a bit more robust against (mis)configurations.
Cipher suites that aren't supported shouldn't always cause a fatal error. This makes it really difficult to figure out what ciphers are supported (or which primitive is lacking) as there's no
HIGH:MEDIUM:!LOW
shorthand (like OpenSSL has). This will cause really annoying issues should any of the ciphersuites be deprecated in the future and not included in the builds.Too restrictive of a cipher set should be warned against. E.g. only two "strong" TLSv1.2 ciphersuites is really not a good idea. Ideally it would also fall back to a safe default if there are none valid for a specific protocol. Security-related misconfigurations should in general be hard.
The example configuration should also include ciphers needed for elliptic certificates. So
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
in addition to currentTLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
. This omission can cause misconfigurations.Support of secure (PFS) ciphers such as
TLS_ECDHE_ECDSA_WITH_AES_256_CCM
,TLS_ECDHE_ECDSA_WITH_AES_128_CCM
(and their RSA equivalents) should be added to the Docker images.Support for TLSv1.1 in the Docker images.
I will note that I would certainly love to run a TLSv1.3-only MTA, but considering how the fallback is usually going to be plaintext, TLSv1.1 and/or "sufficient" ciphersuites are infinitely more preferable.
Code of Conduct
The text was updated successfully, but these errors were encountered: