Warning: Declaration of action_plugin_indexmenu::register(&$controller) should be compatible with DokuWiki_Action_Plugin::register(Doku_Event_Handler $controller) in /home/httpd/vhosts/scratchbook.ch/wiki.scratchbook.ch/lib/plugins/indexmenu/action.php on line 18

Warning: Cannot modify header information - headers already sent by (output started at /home/httpd/vhosts/scratchbook.ch/wiki.scratchbook.ch/lib/plugins/indexmenu/action.php:0) in /home/httpd/vhosts/scratchbook.ch/wiki.scratchbook.ch/inc/auth.php on line 495

Warning: Cannot modify header information - headers already sent by (output started at /home/httpd/vhosts/scratchbook.ch/wiki.scratchbook.ch/lib/plugins/indexmenu/action.php:0) in /home/httpd/vhosts/scratchbook.ch/wiki.scratchbook.ch/inc/actions.php on line 687

Warning: Cannot modify header information - headers already sent by (output started at /home/httpd/vhosts/scratchbook.ch/wiki.scratchbook.ch/lib/plugins/indexmenu/action.php:0) in /home/httpd/vhosts/scratchbook.ch/wiki.scratchbook.ch/inc/actions.php on line 687

Warning: Cannot modify header information - headers already sent by (output started at /home/httpd/vhosts/scratchbook.ch/wiki.scratchbook.ch/lib/plugins/indexmenu/action.php:0) in /home/httpd/vhosts/scratchbook.ch/wiki.scratchbook.ch/inc/actions.php on line 687
====== How to harden your postfix setup after dhgate ======

This document shows you how to generate and use a
custom 2048bit diffie-hellman parameter for postfix and
how to disable export cipher suites. This mitigates at
least a part of the problem in diffie-hellman found in
may 2015, see [0].

You need postfix version 2.2 or higher.

All commands should normally be run as root.

NOTE: Using 2048bit Diffie-Hellman-parameter as proposed by this manual
breaks compatibility to some other software. See also [1].
If you need the compatibility, use 1024 instead of 2048, the essential part
to mitigate the DH problem is the generation of a new parameter.

Please don't be confused by the use of "config[uration] param[eter]"
(which means something in the postfix config file) and DH param[eter]
(which means Diffie-Hellman parameter, essentially a big prime number or
the file containing it).

===== Step 1: Generate a new DH parameter file with 2048 bit length =====

Generation using openssl-dhparam.

NOTE: If you have a separate readable-by-root-only folder
(which you should have in a sensible TLS setup) then change
the file path below to put the file in that folder.
Also substitute your path in all subsequent commands.

<code>openssl dhparam -out /etc/postfix/dh2048.pem 2048</code>

The 2048 at the end makes the dh parameter 2048 bits.

===== Step 2: Set permissions =====

Ensure "root" is file owner and group.

You can skip this command if you already know (eg. from "ls -l <filename>")
the file has root:root owner/group.

<code>chown root:root /etc/postfix/dh2048.pem</code>

Set <code>r-- --- ---</code> (400) permissions for the param file.
Nobody should have write or executable access. And read
access should be restricted to root.

<code>chmod 400 /etc/postfix/dh2048.pem</code>

Postfix reads the file before switching to a less privileged user
on startup, so if your postfix instance (or some of its daemons)
is not running as root, the parameter file can still be read.

===== Step 3: Configure Postfix to use the new parameters =====

The config parameter contains "dh1024", because until now 1024bit
was recommended (see [1]). You can use a 2048bit file with
this config parameter, postfix can handle that. Documentation: [2]

Add this line to your main.cf:

<code>smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem</code>

===== Step 4: Ciphersuite configuration =====

Maybe this configuration breaks compatibility to some older software.
Use this only as a guideline and look up the parameters in case
of doubt. See below for some additional information about the ciphers
used in the config example.

You should already have a TLS configuration, check yours against
this suggestion. The important part is to make sure you don't
use export ciphers, which use dh parameters below 1024bit.

THIS IS NOT A FULL POSTFIX TLS CONFIGURATION!

<code>
## ciphers config (server side)

# Cipher security grade to use.
# Only for connections/services where TLS is set to mandatory
# (eg. for SASL connections), smtpd_tls_ciphers is the
# equivalent for non-mandatory connections
smtpd_tls_mandatory_ciphers = high

# set also non-mandatory to high.
smtpd_tls_ciphers = high

# Set protocols to not use
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = $smtpd_tls_mandatory_protocols

# security grade for ephemeral elliptic-curve Diffie-Hellman KEX
smtpd_tls_eecdh_grade = ultra

# Exclude unsafe ciphers.
smtpd_tls_exclude_ciphers =
        NULL,
        aNULL,
        EXP,
        SSLv2,
        MD5,
        DES,
        RC4,
        aECDH,
        KRB5-DE5,
        CBC3-SHA
 ## Client side

# Exclude unsafe ciphers.
smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
smtp_tls_mandatory_ciphers = high
smtp_tls_ciphers = $smtp_tls_mandatory_ciphers

# exclude unsafe protocols
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_protocols = $smtp_tls_mandatory_protocols
</code>

===== Step 5: Reload Postfix configuration. =====

<code>postfix reload</code>

And you're done!
===== Details about ciphers to be excluded =====

<code>NULL</code>
eNULL or NULL (synonymous) are ciphers without encryption.

<code>aNULL</code>
aNULL are ciphers without authentication.
These begin with a big 'A' letter (eg. ADH-RC4-MD5).

<code>EXP</code>
EXP or EXPORT (synonymous) are the weakened export ciphers.
These include ciphers with Diffie-Hellman parameters below 1024bit.

<code>SSLv2</code>
Old SSLv2 ciphers, you don't want to use them anymore.
On the other hand, these should already be disabled by the use of
''smtpd_tls_ciphers = high'' and ''smtpd_tls[_mandatory]_protocols = !SSLv2, !SSLv3''

<code>MD5, DES, RC4</code>
Old algorithms that are not considered secure anymore.

<code>aECDH</code>
All non-ephemeral elliptic curve Diffie-Hellman ciphers.
Ephemeral means you generate a new keypair for every connection or session.
Without ephemeral you have a static public key (sometimes used for authentication
of your publickey by a third party - not the same as certificate signature by 3rd party).

Without "ephemeral" your connection is not perfect forward secrecy, so you
definitively want to disable these ciphers.

<code>KRB5-DE5, CBC3-SHA</code>
Both are recommended to explicitly be disabled on the weakdh website [0].
KRB5 is Kerberos, normally not available unless you have additional Kerberos
libraries installed. CBC3 is using 3DES. I don't know why exactly weakdh
doesn't want these two. But disabling them won't hurt.

**additional ciphers in the weakdh list**

weakdh explicitly lists
<code>EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA</code>
in addition to my list.
But both are already excluded with
''smtpd_tls_[mandatory_]protocols = !SSLv2, !SSLv3''
If you need to have SSLv3 activated, add both to your excluded ciphers list.


----
This howto is Public Domain (CC-0). If you have suggestions for
improvement of this document (NO support), mail to 0xBE53AA6C0175D01D

Version 2, 2015-05-22

[0] https://weakdh.org/

[1] http://postfix.1071664.n5.nabble.com/Diffie-Hellman-parameters-tp63096p63098.html

[2] http://www.postfix.org/postconf.5.html#smtpd_tls_dh1024_param_file ====