Differences

This shows you the differences between two versions of the page.

--- weakdh:postfix-harden [2015/05/21 01:01]
claude
+++ weakdh:postfix-harden [2015/06/18 17:06] (current)
komsat
@@ Line 21: / Line 21: @@
 the file containing it).
+===== Step 1: Generate a new DH parameter file with 2048 bit length =====
-===== Step 1: Generate a new DH parameter file with 2048 bit =====
 Generation using openssl-dhparam.
@@ Line 31: / Line 30: @@
 Also substitute your path in all subsequent commands.
- openssl dhparam -out /etc/postfix/dh2048.pem 2048
+<code>openssl dhparam -out /etc/postfix/dh2048.pem 2048</code>
 The 2048 at the end makes the dh parameter 2048 bits.
@@ Line 42: / Line 41: @@
 the file has root:root owner/group.
- chown root:root /etc/postfix/dh2048.pem
+<code>chown root:root /etc/postfix/dh2048.pem</code>
-Set r-- --- --- (400) permissions for the param file.
+Set <code>r-- --- ---</code> (400) permissions for the param file.
 Nobody should have write or executable access. And read
 access should be restricted to root.
- chmod 400 /etc/postfix/dh2048.pem
+<code>chmod 400 /etc/postfix/dh2048.pem</code>
 Postfix reads the file before switching to a less privileged user
 on startup, so if your postfix instance (or some of its daemons)
-is not running as root, the parameters can still be read.
+is not running as root, the parameter file can still be read.
 ===== Step 3: Configure Postfix to use the new parameters =====
 The config parameter contains "dh1024", because until now 1024bit
-was recommended (see link at top). You can use a 2048bit file with
+was recommended (see [1]). You can use a 2048bit file with
 this config parameter, postfix can handle that. Documentation: [2]
 Add this line to your main.cf:
- smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
+<code>smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem</code>
 ===== Step 4: Ciphersuite configuration =====
-I'm not able to go into detail for each curve selection, maybe
+Maybe this configuration breaks compatibility to some older software.
-this configuration breaks compatibility to some older software.
 Use this only as a guideline and look up the parameters in case
-of doubt.
+of doubt. See below for some additional information about the ciphers
+used in the config example.
 You should already have a TLS configuration, check yours against
@@ Line 78: / Line 76: @@
 THIS IS NOT A FULL POSTFIX TLS CONFIGURATION!
- ## ciphers config (server side)
+<code>
+## ciphers config (server side)
- # Cipher security grade to use.
- # Only for connections/services where TLS is set to mandatory
- # (eg. for SASL connections), smtpd_tls_ciphers is the
- # equivalent for non-mandatory connections
- smtpd_tls_mandatory_ciphers = high
- # set also non-mandatory to high.
- smtpd_tls_ciphers = high
- # Set protocols to not use
- smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
- smtpd_tls_protocols = $smtpd_tls_mandatory_protocols
- # security grade for ephemeral elliptic-curve Diffie-Hellman KEX
- smtpd_tls_eecdh_grade = ultra
- # Exclude unsafe ciphers.
- smtpd_tls_exclude_ciphers =
-         aNULL,
-         MD5,
-         DES,
-         SSLv2,
-         EXP,
-         RC4,
-         NULL,
-         eNULL,
-         EXP-ADH-DES-CBC-SHA,
-         EXP-EDH-RSA-DES-CBC-SHA,
-         EXP-DES-CBC-SHA
- ## Client ciphers
+# Cipher security grade to use.
+# Only for connections/services where TLS is set to mandatory
- # Exclude unsafe ciphers.
+# (eg. for SASL connections), smtpd_tls_ciphers is the
- smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
+# equivalent for non-mandatory connections
- smtp_tls_mandatory_ciphers = high
+smtpd_tls_mandatory_ciphers = high
- smtp_tls_ciphers = $smtp_tls_mandatory_ciphers
- # exclude unsafe protocols
- smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
- smtp_tls_protocols = $smtp_tls_mandatory_protocols
-===== Step 5: Restart Postfix. =====
+# set also non-mandatory to high.
+smtpd_tls_ciphers = high
- service postfix restart
+# Set protocols to not use
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+smtpd_tls_protocols = $smtpd_tls_mandatory_protocols
-NOTE: I don't know whether simply using "postfix reload" does
+# security grade for ephemeral elliptic-curve Diffie-Hellman KEX
-guarantee the new diffie hellman parameter file is used.
+smtpd_tls_eecdh_grade = ultra
+# Exclude unsafe ciphers.
+smtpd_tls_exclude_ciphers =
+        NULL,
+        aNULL,
+        EXP,
+        SSLv2,
+        MD5,
+        DES,
+        RC4,
+        aECDH,
+        KRB5-DE5,
+        CBC3-SHA
+ ## Client side
+# Exclude unsafe ciphers.
+smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
+smtp_tls_mandatory_ciphers = high
+smtp_tls_ciphers = $smtp_tls_mandatory_ciphers
---
+# exclude unsafe protocols
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+smtp_tls_protocols = $smtp_tls_mandatory_protocols
+</code>
+===== Step 5: Reload Postfix configuration. =====
+<code>postfix reload</code>
+And you're done!
+===== Details about ciphers to be excluded =====
+<code>NULL</code>
+eNULL or NULL (synonymous) are ciphers without encryption.
+<code>aNULL</code>
+aNULL are ciphers without authentication.
+These begin with a big 'A' letter (eg. ADH-RC4-MD5).
+<code>EXP</code>
+EXP or EXPORT (synonymous) are the weakened export ciphers.
+These include ciphers with Diffie-Hellman parameters below 1024bit.
+<code>SSLv2</code>
+Old SSLv2 ciphers, you don't want to use them anymore.
+On the other hand, these should already be disabled by the use of
+''smtpd_tls_ciphers = high'' and ''smtpd_tls[_mandatory]_protocols = !SSLv2, !SSLv3''
+<code>MD5, DES, RC4</code>
+Old algorithms that are not considered secure anymore.
+<code>aECDH</code>
+All non-ephemeral elliptic curve Diffie-Hellman ciphers.
+Ephemeral means you generate a new keypair for every connection or session.
+Without ephemeral you have a static public key (sometimes used for authentication
+of your publickey by a third party - not the same as certificate signature by 3rd party).
+Without "ephemeral" your connection is not perfect forward secrecy, so you
+definitively want to disable these ciphers.
+<code>KRB5-DE5, CBC3-SHA</code>
+Both are recommended to explicitly be disabled on the weakdh website [0].
+KRB5 is Kerberos, normally not available unless you have additional Kerberos
+libraries installed. CBC3 is using 3DES. I don't know why exactly weakdh
+doesn't want these two. But disabling them won't hurt.
+**additional ciphers in the weakdh list**
+weakdh explicitly lists
+<code>EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA</code>
+in addition to my list.
+But both are already excluded with
+''smtpd_tls_[mandatory_]protocols = !SSLv2, !SSLv3''
+If you need to have SSLv3 activated, add both to your excluded ciphers list.
+----
 This howto is Public Domain (CC-0). If you have suggestions for
 improvement of this document (NO support), mail to 0xBE53AA6C0175D01D
-Version 1, 2015-05-20
+Version 2, 2015-05-22
 [0] https://weakdh.org/
 [1] http://postfix.1071664.n5.nabble.com/Diffie-Hellman-parameters-tp63096p63098.html
-[2] http://www.postfix.org/postconf.5.html#smtpd_tls_dh1024_param_file
+[2] http://www.postfix.org/postconf.5.html#smtpd_tls_dh1024_param_file ====

weakdh/postfix-harden.1432162881.txt · Last modified: 2015/05/21 01:01 by claude

Back to top