navigation
search
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
weakdh:postfix-harden [2015/05/21 01:03] claude [Step 5: Restart Postfix.] |
weakdh:postfix-harden [2015/06/18 17:06] (current) komsat |
||
|---|---|---|---|
| Line 21: | Line 21: | ||
| the file containing it). | the file containing it). | ||
| - | ===== Step 1: Generate a new DH parameter file with 2048 bit ===== | + | ===== Step 1: Generate a new DH parameter file with 2048 bit length ===== |
| Generation using openssl-dhparam. | Generation using openssl-dhparam. | ||
| Line 43: | Line 43: | ||
| <code>chown root:root /etc/postfix/dh2048.pem</code> | <code>chown root:root /etc/postfix/dh2048.pem</code> | ||
| - | Set r-- --- --- (400) permissions for the param file. | + | Set <code>r-- --- ---</code> (400) permissions for the param file. |
| Nobody should have write or executable access. And read | Nobody should have write or executable access. And read | ||
| access should be restricted to root. | access should be restricted to root. | ||
| Line 51: | Line 51: | ||
| Postfix reads the file before switching to a less privileged user | Postfix reads the file before switching to a less privileged user | ||
| on startup, so if your postfix instance (or some of its daemons) | on startup, so if your postfix instance (or some of its daemons) | ||
| - | is not running as root, the parameters can still be read. | + | is not running as root, the parameter file can still be read. |
| ===== Step 3: Configure Postfix to use the new parameters ===== | ===== Step 3: Configure Postfix to use the new parameters ===== | ||
| The config parameter contains "dh1024", because until now 1024bit | The config parameter contains "dh1024", because until now 1024bit | ||
| - | was recommended (see link at top). You can use a 2048bit file with | + | was recommended (see [1]). You can use a 2048bit file with |
| this config parameter, postfix can handle that. Documentation: [2] | this config parameter, postfix can handle that. Documentation: [2] | ||
| Line 65: | Line 65: | ||
| ===== Step 4: Ciphersuite configuration ===== | ===== Step 4: Ciphersuite configuration ===== | ||
| - | I'm not able to go into detail for each curve selection, maybe | + | Maybe this configuration breaks compatibility to some older software. |
| - | this configuration breaks compatibility to some older software. | + | |
| Use this only as a guideline and look up the parameters in case | Use this only as a guideline and look up the parameters in case | ||
| - | of doubt. | + | of doubt. See below for some additional information about the ciphers |
| + | used in the config example. | ||
| You should already have a TLS configuration, check yours against | You should already have a TLS configuration, check yours against | ||
| Line 77: | Line 77: | ||
| <code> | <code> | ||
| - | ## ciphers config (server side) | + | ## ciphers config (server side) |
| - | + | ||
| - | # Cipher security grade to use. | + | |
| - | # Only for connections/services where TLS is set to mandatory | + | |
| - | # (eg. for SASL connections), smtpd_tls_ciphers is the | + | |
| - | # equivalent for non-mandatory connections | + | |
| - | smtpd_tls_mandatory_ciphers = high | + | |
| - | + | ||
| - | # set also non-mandatory to high. | + | |
| - | smtpd_tls_ciphers = high | + | |
| - | + | ||
| - | # Set protocols to not use | + | |
| - | smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 | + | |
| - | smtpd_tls_protocols = $smtpd_tls_mandatory_protocols | + | |
| - | + | ||
| - | # security grade for ephemeral elliptic-curve Diffie-Hellman KEX | + | |
| - | smtpd_tls_eecdh_grade = ultra | + | |
| - | + | ||
| - | # Exclude unsafe ciphers. | + | |
| - | smtpd_tls_exclude_ciphers = | + | |
| - | aNULL, | + | |
| - | MD5, | + | |
| - | DES, | + | |
| - | SSLv2, | + | |
| - | EXP, | + | |
| - | RC4, | + | |
| - | NULL, | + | |
| - | eNULL, | + | |
| - | EXP-ADH-DES-CBC-SHA, | + | |
| - | EXP-EDH-RSA-DES-CBC-SHA, | + | |
| - | EXP-DES-CBC-SHA | + | |
| - | ## Client ciphers | + | # Cipher security grade to use. |
| - | + | # Only for connections/services where TLS is set to mandatory | |
| - | # Exclude unsafe ciphers. | + | # (eg. for SASL connections), smtpd_tls_ciphers is the |
| - | smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers | + | # equivalent for non-mandatory connections |
| - | smtp_tls_mandatory_ciphers = high | + | smtpd_tls_mandatory_ciphers = high |
| - | smtp_tls_ciphers = $smtp_tls_mandatory_ciphers | + | |
| - | + | # set also non-mandatory to high. | |
| - | # exclude unsafe protocols | + | smtpd_tls_ciphers = high |
| - | smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 | + | |
| - | smtp_tls_protocols = $smtp_tls_mandatory_protocols | + | # Set protocols to not use |
| + | smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 | ||
| + | smtpd_tls_protocols = $smtpd_tls_mandatory_protocols | ||
| + | |||
| + | # security grade for ephemeral elliptic-curve Diffie-Hellman KEX | ||
| + | smtpd_tls_eecdh_grade = ultra | ||
| + | |||
| + | # Exclude unsafe ciphers. | ||
| + | smtpd_tls_exclude_ciphers = | ||
| + | NULL, | ||
| + | aNULL, | ||
| + | EXP, | ||
| + | SSLv2, | ||
| + | MD5, | ||
| + | DES, | ||
| + | RC4, | ||
| + | aECDH, | ||
| + | KRB5-DE5, | ||
| + | CBC3-SHA | ||
| + | ## Client side | ||
| + | |||
| + | # Exclude unsafe ciphers. | ||
| + | smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers | ||
| + | smtp_tls_mandatory_ciphers = high | ||
| + | smtp_tls_ciphers = $smtp_tls_mandatory_ciphers | ||
| + | |||
| + | # exclude unsafe protocols | ||
| + | smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 | ||
| + | smtp_tls_protocols = $smtp_tls_mandatory_protocols | ||
| </code> | </code> | ||
| - | ===== Step 5: Restart Postfix. ===== | + | ===== Step 5: Reload Postfix configuration. ===== |
| - | <code>service postfix restart</code> | + | <code>postfix reload</code> |
| - | NOTE: I don't know whether simply using "postfix reload" does | + | And you're done! |
| - | guarantee the new diffie hellman parameter file is used. | + | ===== Details about ciphers to be excluded ===== |
| + | <code>NULL</code> | ||
| + | eNULL or NULL (synonymous) are ciphers without encryption. | ||
| + | |||
| + | <code>aNULL</code> | ||
| + | aNULL are ciphers without authentication. | ||
| + | These begin with a big 'A' letter (eg. ADH-RC4-MD5). | ||
| + | |||
| + | <code>EXP</code> | ||
| + | EXP or EXPORT (synonymous) are the weakened export ciphers. | ||
| + | These include ciphers with Diffie-Hellman parameters below 1024bit. | ||
| + | |||
| + | <code>SSLv2</code> | ||
| + | Old SSLv2 ciphers, you don't want to use them anymore. | ||
| + | On the other hand, these should already be disabled by the use of | ||
| + | ''smtpd_tls_ciphers = high'' and ''smtpd_tls[_mandatory]_protocols = !SSLv2, !SSLv3'' | ||
| + | |||
| + | <code>MD5, DES, RC4</code> | ||
| + | Old algorithms that are not considered secure anymore. | ||
| + | |||
| + | <code>aECDH</code> | ||
| + | All non-ephemeral elliptic curve Diffie-Hellman ciphers. | ||
| + | Ephemeral means you generate a new keypair for every connection or session. | ||
| + | Without ephemeral you have a static public key (sometimes used for authentication | ||
| + | of your publickey by a third party - not the same as certificate signature by 3rd party). | ||
| + | |||
| + | Without "ephemeral" your connection is not perfect forward secrecy, so you | ||
| + | definitively want to disable these ciphers. | ||
| + | |||
| + | <code>KRB5-DE5, CBC3-SHA</code> | ||
| + | Both are recommended to explicitly be disabled on the weakdh website [0]. | ||
| + | KRB5 is Kerberos, normally not available unless you have additional Kerberos | ||
| + | libraries installed. CBC3 is using 3DES. I don't know why exactly weakdh | ||
| + | doesn't want these two. But disabling them won't hurt. | ||
| + | |||
| + | **additional ciphers in the weakdh list** | ||
| + | |||
| + | weakdh explicitly lists | ||
| + | <code>EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA</code> | ||
| + | in addition to my list. | ||
| + | But both are already excluded with | ||
| + | ''smtpd_tls_[mandatory_]protocols = !SSLv2, !SSLv3'' | ||
| + | If you need to have SSLv3 activated, add both to your excluded ciphers list. | ||
| Line 134: | Line 174: | ||
| improvement of this document (NO support), mail to 0xBE53AA6C0175D01D | improvement of this document (NO support), mail to 0xBE53AA6C0175D01D | ||
| - | Version 1, 2015-05-20 | + | Version 2, 2015-05-22 |
| [0] https://weakdh.org/ | [0] https://weakdh.org/ | ||
| Line 140: | Line 180: | ||
| [1] http://postfix.1071664.n5.nabble.com/Diffie-Hellman-parameters-tp63096p63098.html | [1] http://postfix.1071664.n5.nabble.com/Diffie-Hellman-parameters-tp63096p63098.html | ||
| - | [2] http://www.postfix.org/postconf.5.html#smtpd_tls_dh1024_param_file | + | [2] http://www.postfix.org/postconf.5.html#smtpd_tls_dh1024_param_file ==== |
