Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung Nächste ÜberarbeitungBeide Seiten der Revision | ||
centos:mail_c7:postfix3_5 [14.02.2019 21:49. ] – [testssl] django | centos:mail_c7:postfix3_5 [15.02.2019 10:04. ] – [ankommender TLS-Verkehr] django | ||
---|---|---|---|
Zeile 3595: | Zeile 3595: | ||
Der verschlüsselte Transportweg wird in der Headerzeilen einer eMail entsprechend vermerkt: | Der verschlüsselte Transportweg wird in der Headerzeilen einer eMail entsprechend vermerkt: | ||
< | < | ||
- | by mx1.nausch.org (Postfix) with ESMTP for < | + | by mx1.nausch.org (Postfix) with ESMTP for < |
Auch im **Maillog** wird die gesicherte Kommunikation protokolliert: | Auch im **Maillog** wird die gesicherte Kommunikation protokolliert: | ||
- | < | + | < |
- | Mar 26 23:40:40 nss postfix/ | + | Feb 14 19:13:37 nss postfix/ |
- | Mar 26 23:40:52 nss postfix/ | + | Feb 14 19:13:37 nss postfix/ |
==== TLS-Verkehrsstatistik ==== | ==== TLS-Verkehrsstatistik ==== | ||
- | Bei bedarf | + | Bei Bedarf |
+ | |||
+ | |||
+ | |||
+ | <WRAP center round todo 30%> | ||
+ | FIXME FIXME FIXME | ||
+ | * //**... in Überarbeitung!**// | ||
+ | FIXME FIXME FIXME | ||
+ | </ | ||
=== ankommender TLS-Verkehr === | === ankommender TLS-Verkehr === | ||
Zeile 3610: | Zeile 3619: | ||
| | ||
+ | # egrep "TLS connection established from.*with cipher" | ||
+ | | sort | uniq -c | sort -nr | ||
+ | < | ||
+ | 3981 TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 | ||
+ | 705 TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 | ||
+ | 614 TLSv1 with cipher DHE-RSA-AES256-SHA | ||
+ | 440 TLSv1.2 with cipher ECDHE-ECDSA-AES256-SHA384 | ||
+ | 265 TLSv1 with cipher ECDHE-RSA-AES256-SHA | ||
+ | 75 TLSv1 with cipher ECDHE-ECDSA-AES256-SHA | ||
+ | 62 TLSv1.2 with cipher AES256-GCM-SHA384 | ||
+ | 41 TLSv1.2 with cipher DHE-RSA-AES256-SHA256 | ||
+ | 40 TLSv1.2 with cipher ECDHE-RSA-AES256-SHA | ||
+ | 39 TLSv1.1 with cipher ECDHE-RSA-AES256-SHA | ||
+ | 25 TLSv1.1 with cipher ECDHE-ECDSA-AES256-SHA | ||
+ | 21 TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 | ||
+ | 20 TLSv1.2 with cipher AES256-SHA256 | ||
+ | 20 TLSv1.2 with cipher AES256-SHA | ||
+ | 20 TLSv1.2 with cipher AES128-GCM-SHA256 | ||
+ | 19 TLSv1.2 with cipher AES128-SHA256 | ||
+ | 19 TLSv1.2 with cipher AES128-SHA | ||
+ | 16 TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 | ||
+ | 16 TLSv1.2 with cipher ECDHE-RSA-AES128-SHA | ||
+ | 16 TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 | ||
+ | 16 TLSv1.2 with cipher DHE-RSA-CAMELLIA256-SHA | ||
+ | 16 TLSv1.2 with cipher DHE-RSA-CAMELLIA128-SHA | ||
+ | 16 TLSv1.2 with cipher DHE-RSA-AES256-SHA | ||
+ | 16 TLSv1.2 with cipher DHE-RSA-AES128-SHA256 | ||
+ | 16 TLSv1.2 with cipher DHE-RSA-AES128-SHA | ||
+ | 16 TLSv1.2 with cipher DHE-RSA-AES128-GCM-SHA256 | ||
+ | 15 TLSv1.1 with cipher AES256-SHA | ||
+ | 14 TLSv1 with cipher AES256-SHA | ||
+ | 14 TLSv1 with cipher AES128-SHA | ||
+ | 12 TLSv1.2 with cipher CAMELLIA256-SHA | ||
+ | 11 TLSv1.2 with cipher ECDHE-ECDSA-AES256-SHA | ||
+ | 11 TLSv1.2 with cipher CAMELLIA128-SHA | ||
+ | 11 TLSv1.1 with cipher AES128-SHA | ||
+ | 10 TLSv1 with cipher ECDHE-RSA-AES128-SHA | ||
+ | 10 TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA | ||
+ | 10 TLSv1 with cipher DHE-RSA-CAMELLIA128-SHA | ||
+ | 10 TLSv1 with cipher DHE-RSA-AES128-SHA | ||
+ | 10 TLSv1 with cipher CAMELLIA256-SHA | ||
+ | 10 TLSv1 with cipher CAMELLIA128-SHA | ||
+ | 8 TLSv1.2 with cipher ECDHE-ECDSA-AES128-SHA256 | ||
+ | 8 TLSv1.2 with cipher ECDHE-ECDSA-AES128-SHA | ||
+ | 8 TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 | ||
+ | 7 TLSv1.1 with cipher ECDHE-RSA-AES128-SHA | ||
+ | 7 TLSv1.1 with cipher DHE-RSA-CAMELLIA256-SHA | ||
+ | 7 TLSv1.1 with cipher DHE-RSA-CAMELLIA128-SHA | ||
+ | 7 TLSv1.1 with cipher DHE-RSA-AES256-SHA | ||
+ | 7 TLSv1.1 with cipher DHE-RSA-AES128-SHA | ||
+ | 7 TLSv1.1 with cipher CAMELLIA256-SHA | ||
+ | 7 TLSv1.1 with cipher CAMELLIA128-SHA | ||
+ | 6 TLSv1 with cipher ECDHE-ECDSA-AES128-SHA | ||
+ | 5 TLSv1.1 with cipher ECDHE-ECDSA-AES128-SHA</ | ||
=== ausgehender TLS-Verkehr === | === ausgehender TLS-Verkehr === | ||
# grep 'TLS connection established to' / | # grep 'TLS connection established to' / |