Improve Transport Encryption #681
Description
Hello. Kindly,
Thank you for prioritizing TLS_AES_256_GCM_SHA384 and x25519 in the default DeltaChat nginx configuration.
However, the overall state of this TLS configuration is not good. You're defaulting to RSA-2048 asymmetric keys. Please only support RSA-4096. You're supporting a myriad of legacy protocols and cipher suites. TLS 1.2 is 17 years old, please turn off TLS 1.2. We are in 2025; OpenSSL 3.5, now 3.6, supports MLKEM groups. When arguing on fedi about why DeltaChat is "better" than Signal, then you should have some basic quantum resistance.
Here are some suggestions -- with OpenSSL 3.6:
certbot certonly -d <hostname> --key-type rsa --rsa-key-size 4096
ssl_protocols TLSv1.3;
ssl_conf_command Groups X25519MLKEM768:SecP384r1MLKEM1024:SecP256r1MLKEM768:MLKEM1024:X25519:secp384r1;
ssl_conf_command Options +ServerPreference;
ssl_conf_command Options +PrioritizeChaCha;
#ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384;
You can test DeltaChat servers for PCQ groups with this script:
https://github.com/yawnbox/test-pqc/
Control:
$ ./test-pqc.sh
Enter domain to test (e.g. example.com): yawnbox.eu
Target : yawnbox.eu
Server : nginx
OpenSSL: 3.5.1 1 Jul 2025 (Library: OpenSSL 3.5.1 1 Jul 2025)
Key TLS Group Cipher Res
───────────────────────────────────────────────────────────────────────────────────────────────────
RSA(4096) TLSv1.3 SecP384r1MLKEM1024 TLS_AES_256_GCM_SHA384 OK
RSA(4096) TLSv1.3 SecP384r1MLKEM1024 TLS_CHACHA20_POLY1305_SHA256 OK
RSA(4096) TLSv1.3 SecP384r1MLKEM1024 TLS_AES_128_GCM_SHA256 OK
RSA(4096) TLSv1.3 SecP256r1MLKEM768 TLS_AES_256_GCM_SHA384 OK
RSA(4096) TLSv1.3 SecP256r1MLKEM768 TLS_CHACHA20_POLY1305_SHA256 OK
RSA(4096) TLSv1.3 SecP256r1MLKEM768 TLS_AES_128_GCM_SHA256 OK
RSA(4096) TLSv1.3 X25519MLKEM768 TLS_AES_256_GCM_SHA384 OK
RSA(4096) TLSv1.3 X25519MLKEM768 TLS_CHACHA20_POLY1305_SHA256 OK
RSA(4096) TLSv1.3 X25519MLKEM768 TLS_AES_128_GCM_SHA256 OK
RSA(4096) TLSv1.3 MLKEM1024 TLS_AES_256_GCM_SHA384 OK
RSA(4096) TLSv1.3 MLKEM1024 TLS_CHACHA20_POLY1305_SHA256 OK
RSA(4096) TLSv1.3 MLKEM1024 TLS_AES_128_GCM_SHA256 OK
RSA(4096) FAIL MLKEM768 TLS_AES_256_GCM_SHA384 FAIL
RSA(4096) FAIL MLKEM768 TLS_CHACHA20_POLY1305_SHA256 FAIL
RSA(4096) FAIL MLKEM768 TLS_AES_128_GCM_SHA256 FAIL
RSA(4096) FAIL MLKEM512 TLS_AES_256_GCM_SHA384 FAIL
RSA(4096) FAIL MLKEM512 TLS_CHACHA20_POLY1305_SHA256 FAIL
RSA(4096) FAIL MLKEM512 TLS_AES_128_GCM_SHA256 FAIL
RSA(4096) FAIL X448MLKEM1024 TLS_AES_256_GCM_SHA384 FAIL
RSA(4096) FAIL X448MLKEM1024 TLS_CHACHA20_POLY1305_SHA256 FAIL
RSA(4096) FAIL X448MLKEM1024 TLS_AES_128_GCM_SHA256 FAIL
Summary: 12 OK, 9 FAIL (timeout=3s)
DeltaChat:
$ ./test-pqc.sh
Enter domain to test (e.g. example.com): delta.disobey.net
Target : delta.disobey.net
Server : nginx
OpenSSL: 3.5.1 1 Jul 2025 (Library: OpenSSL 3.5.1 1 Jul 2025)
Key TLS Group Cipher Res
───────────────────────────────────────────────────────────────────────────────────────────────────
RSA(2048) FAIL SecP384r1MLKEM1024 TLS_AES_256_GCM_SHA384 FAIL
RSA(2048) FAIL SecP384r1MLKEM1024 TLS_CHACHA20_POLY1305_SHA256 FAIL
RSA(2048) FAIL SecP384r1MLKEM1024 TLS_AES_128_GCM_SHA256 FAIL
RSA(2048) FAIL SecP256r1MLKEM768 TLS_AES_256_GCM_SHA384 FAIL
RSA(2048) FAIL SecP256r1MLKEM768 TLS_CHACHA20_POLY1305_SHA256 FAIL
RSA(2048) FAIL SecP256r1MLKEM768 TLS_AES_128_GCM_SHA256 FAIL
RSA(2048) FAIL X25519MLKEM768 TLS_AES_256_GCM_SHA384 FAIL
RSA(2048) FAIL X25519MLKEM768 TLS_CHACHA20_POLY1305_SHA256 FAIL
RSA(2048) FAIL X25519MLKEM768 TLS_AES_128_GCM_SHA256 FAIL
RSA(2048) FAIL MLKEM1024 TLS_AES_256_GCM_SHA384 FAIL
RSA(2048) FAIL MLKEM1024 TLS_CHACHA20_POLY1305_SHA256 FAIL
RSA(2048) FAIL MLKEM1024 TLS_AES_128_GCM_SHA256 FAIL
RSA(2048) FAIL MLKEM768 TLS_AES_256_GCM_SHA384 FAIL
RSA(2048) FAIL MLKEM768 TLS_CHACHA20_POLY1305_SHA256 FAIL
RSA(2048) FAIL MLKEM768 TLS_AES_128_GCM_SHA256 FAIL
RSA(2048) FAIL MLKEM512 TLS_AES_256_GCM_SHA384 FAIL
RSA(2048) FAIL MLKEM512 TLS_CHACHA20_POLY1305_SHA256 FAIL
RSA(2048) FAIL MLKEM512 TLS_AES_128_GCM_SHA256 FAIL
RSA(2048) FAIL X448MLKEM1024 TLS_AES_256_GCM_SHA384 FAIL
RSA(2048) FAIL X448MLKEM1024 TLS_CHACHA20_POLY1305_SHA256 FAIL
RSA(2048) FAIL X448MLKEM1024 TLS_AES_128_GCM_SHA256 FAIL
Summary: 0 OK, 21 FAIL (timeout=3s)
I understand that legacy mail servers need to support a broader range of transport encryption. However, I have absolutely no interest in passing legacy email. We run a relay to support DeltaChat only.
My testing was performed on our relay, delta.disobey.net. Thank you for your work.