What are the generally-accepted “best practices” for deploying SMTP STARTTLS? What protocols and cipher suites should be offered?
I currently have a Postfix server using a mostly-default config that will offer STARTTLS on incoming connections and tries to use STARTTLS on outgoing connections. However, as far as I can tell, it:
- doesn’t validate remote certificates
- apparently still accepts cipher suites like RSA_EXPORT_WITH_RC4_40_MD5
However, since STARTTLS is optional anyways and plain unencrypted mail will still be accepted, it’s not clear to me that this is a problem. Is it?
What happens if a remote SMTP server tries to send me mail but does not support any of the offered TLS cipher suites? Will the server retry without TLS? Is it safe to duplicate the SSL Labs A+ config with only PFS for an SMTP server?
Also, how useful are TLS features like OCSP stapling and session resumption for SMTP STARTTLS?