Warning: Declaration of action_plugin_indexmenu::register(&$controller) should be compatible with DokuWiki_Action_Plugin::register(Doku_Event_Handler $controller) in /home/httpd/vhosts/scratchbook.ch/wiki.scratchbook.ch/lib/plugins/indexmenu/action.php on line 18 Warning: Cannot modify header information - headers already sent by (output started at /home/httpd/vhosts/scratchbook.ch/wiki.scratchbook.ch/lib/plugins/indexmenu/action.php:0) in /home/httpd/vhosts/scratchbook.ch/wiki.scratchbook.ch/inc/auth.php on line 495 Warning: Cannot modify header information - headers already sent by (output started at /home/httpd/vhosts/scratchbook.ch/wiki.scratchbook.ch/lib/plugins/indexmenu/action.php:0) in /home/httpd/vhosts/scratchbook.ch/wiki.scratchbook.ch/inc/actions.php on line 210 How to harden your postfix setup after dhgate [Scratchbook]

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
weakdh:postfix-harden [2015/05/21 00:58]
claude created 		weakdh:postfix-harden [2015/06/18 17:06] (current)
komsat
Line 1: Line 1:
 ====== How to harden your postfix setup after dhgate ====== ====== How to harden your postfix setup after dhgate ======
  
 +This document shows you how to generate and use a
 +custom 2048bit diffie-hellman parameter for postfix and
 +how to disable export cipher suites. This mitigates at
 +least a part of the problem in diffie-hellman found in
 +may 2015, see [0].
 +
 +You need postfix version 2.2 or higher.
 +
 +All commands should normally be run as root.
 +
 +NOTE: Using 2048bit Diffie-Hellman-parameter as proposed by this manual
 +breaks compatibility to some other software. See also [1].
 +If you need the compatibility,​ use 1024 instead of 2048, the essential part
 +to mitigate the DH problem is the generation of a new parameter.
 +
 +Please don't be confused by the use of "​config[uration] param[eter]"​
 +(which means something in the postfix config file) and DH param[eter]
 +(which means Diffie-Hellman parameter, essentially a big prime number or
 +the file containing it).
 +
 +===== Step 1: Generate a new DH parameter file with 2048 bit length =====
 +
 +Generation using openssl-dhparam.
 +
 +NOTE: If you have a separate readable-by-root-only folder
 +(which you should have in a sensible TLS setup) then change
 +the file path below to put the file in that folder.
 +Also substitute your path in all subsequent commands.
 +
 +<​code>​openssl dhparam -out /​etc/​postfix/​dh2048.pem 2048</​code>​
 +
 +The 2048 at the end makes the dh parameter 2048 bits.
 +
 +===== Step 2: Set permissions =====
 +
 +Ensure "​root"​ is file owner and group.
 +
 +You can skip this command if you already know (eg. from "ls -l <​filename>"​)
 +the file has root:root owner/​group.
 +
 +<​code>​chown root:root /​etc/​postfix/​dh2048.pem</​code>​
 +
 +Set <​code>​r-- --- ---</​code>​ (400) permissions for the param file.
 +Nobody should have write or executable access. And read
 +access should be restricted to root.
 +
 +<​code>​chmod 400 /​etc/​postfix/​dh2048.pem</​code>​
 +
 +Postfix reads the file before switching to a less privileged user
 +on startup, so if your postfix instance (or some of its daemons)
 +is not running as root, the parameter file can still be read.
 +
 +===== Step 3: Configure Postfix to use the new parameters =====
 +
 +The config parameter contains "​dh1024",​ because until now 1024bit
 +was recommended (see [1]). You can use a 2048bit file with
 +this config parameter, postfix can handle that. Documentation:​ [2]
 +
 +Add this line to your main.cf:
 +
 +<​code>​smtpd_tls_dh1024_param_file = /​etc/​postfix/​dh2048.pem</​code>​
 +
 +===== Step 4: Ciphersuite configuration =====
 +
 +Maybe this configuration breaks compatibility to some older software.
 +Use this only as a guideline and look up the parameters in case
 +of doubt. See below for some additional information about the ciphers
 +used in the config example.
 +
 +You should already have a TLS configuration,​ check yours against
 +this suggestion. The important part is to make sure you don't
 +use export ciphers, which use dh parameters below 1024bit.
 +
 +THIS IS NOT A FULL POSTFIX TLS CONFIGURATION!
 +
 +<​code>​
 +## ciphers config (server side)
 +
 +# Cipher security grade to use.
 +# Only for connections/​services where TLS is set to mandatory
 +# (eg. for SASL connections),​ smtpd_tls_ciphers is the
 +# equivalent for non-mandatory connections
 +smtpd_tls_mandatory_ciphers = high
 +
 +# set also non-mandatory to high.
 +smtpd_tls_ciphers = high
 +
 +# Set protocols to not use
 +smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
 +smtpd_tls_protocols = $smtpd_tls_mandatory_protocols
 +
 +# security grade for ephemeral elliptic-curve Diffie-Hellman KEX
 +smtpd_tls_eecdh_grade = ultra
 +
 +# Exclude unsafe ciphers.
 +smtpd_tls_exclude_ciphers =
 +        NULL,
 +        aNULL,
 +        EXP,
 +        SSLv2,
 +        MD5,
 +        DES,
 +        RC4,
 +        aECDH,
 +        KRB5-DE5,
 +        CBC3-SHA
 + ## Client side
 +
 +# Exclude unsafe ciphers.
 +smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
 +smtp_tls_mandatory_ciphers = high
 +smtp_tls_ciphers = $smtp_tls_mandatory_ciphers
 +
 +# exclude unsafe protocols
 +smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
 +smtp_tls_protocols = $smtp_tls_mandatory_protocols
 +</​code>​
 +
 +===== Step 5: Reload Postfix configuration. =====
 +
 +<​code>​postfix reload</​code>​
 +
 +And you're done!
 +===== Details about ciphers to be excluded =====
 +
 +<​code>​NULL</​code>​
 +eNULL or NULL (synonymous) are ciphers without encryption.
 +
 +<​code>​aNULL</​code>​
 +aNULL are ciphers without authentication.
 +These begin with a big '​A'​ letter (eg. ADH-RC4-MD5).
 +
 +<​code>​EXP</​code>​
 +EXP or EXPORT (synonymous) are the weakened export ciphers.
 +These include ciphers with Diffie-Hellman parameters below 1024bit.
 +
 +<​code>​SSLv2</​code>​
 +Old SSLv2 ciphers, you don't want to use them anymore.
 +On the other hand, these should already be disabled by the use of
 +''​smtpd_tls_ciphers = high''​ and ''​smtpd_tls[_mandatory]_protocols = !SSLv2, !SSLv3''​
 +
 +<​code>​MD5,​ DES, RC4</​code>​
 +Old algorithms that are not considered secure anymore.
 +
 +<​code>​aECDH</​code>​
 +All non-ephemeral elliptic curve Diffie-Hellman ciphers.
 +Ephemeral means you generate a new keypair for every connection or session.
 +Without ephemeral you have a static public key (sometimes used for authentication
 +of your publickey by a third party - not the same as certificate signature by 3rd party).
 +
 +Without "​ephemeral"​ your connection is not perfect forward secrecy, so you
 +definitively want to disable these ciphers.
 +
 +<​code>​KRB5-DE5,​ CBC3-SHA</​code>​
 +Both are recommended to explicitly be disabled on the weakdh website [0].
 +KRB5 is Kerberos, normally not available unless you have additional Kerberos
 +libraries installed. CBC3 is using 3DES. I don't know why exactly weakdh
 +doesn'​t want these two. But disabling them won't hurt.
 +
 +**additional ciphers in the weakdh list**
 +
 +weakdh explicitly lists
 +<​code>​EDH-DSS-DES-CBC3-SHA,​ EDH-RSA-DES-CDC3-SHA</​code>​
 +in addition to my list.
 +But both are already excluded with
 +''​smtpd_tls_[mandatory_]protocols = !SSLv2, !SSLv3''​
 +If you need to have SSLv3 activated, add both to your excluded ciphers list.
 +
 +
 +----
 +This howto is Public Domain (CC-0). If you have suggestions for
 +improvement of this document (NO support), mail to 0xBE53AA6C0175D01D
 +
 +Version 2, 2015-05-22
 +
 +[0] https://​weakdh.org/​
 +
 +[1] http://​postfix.1071664.n5.nabble.com/​Diffie-Hellman-parameters-tp63096p63098.html
 +
 +[2] http://​www.postfix.org/​postconf.5.html#​smtpd_tls_dh1024_param_file ====
  
weakdh/postfix-harden.1432162708.txt ยท Last modified: 2015/05/21 00:58 by claude
Back to top
GNU Free Documentation License 1.3
chimeric.de = chi`s home Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0