Update security settings for ssl and tls #2494
Conversation
|
This is great. Thanks for doing this. Can submission and smtpd have different settings? I feel like submission could be >=TLS1.3 as all the major email UA's support it, but incoming mail from non-users (smptd) be less restrictive (not sure on TLS level). I looked briefly and it appears like the postfix TLS configuration applies to both submission and smtpd, so maybe not doable. I would also like to see |
You can actually make a difference between the two. However, it is not on submission versus smtpd, but by looking at the
Noted on wishlist 😉 |
|
👍 |
| tls_medium_cipherlist=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA \ | ||
| smtpd_tls_exclude_ciphers=aNULL,RC4 \ | ||
| tls_preempt_cipherlist=no \ | ||
| tls_medium_cipherlist="@SECLEVEL=0:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA" \ |
There was a problem hiding this comment.
According to Mozilla's SSL config page (cool tool, btw), it only adds @SECLEVEL=0 if you configure for "old" which they describe as "Compatible with a number of very old clients, and should be used only as a last resort".
This page describes what SECLEVEL 0 means: https://docs.openssl.org/3.5/man3/SSL_CTX_set_security_level/#description.
I'm wondering why we're going with the weakest config here unless people are reporting that they're running into problems communicating with ancient servers. Won't this effectively weaken our security?
There was a problem hiding this comment.
I think the logic is indeed that we don't want to be too strict. I didn't change the logic, the current Mail-in-a-Box configuration also references Mozilla's "Old" recommendations. I just updated them with the versions of postfix and openssl we're now using.
Note that there are a few more ciphers excluded (see line 146)
|
I did some more thinking and looked more carefully at the internet.nl email security test. I think I was a little too enthousiastic on which ciphers to exclude.
Implementing this logic still gives a 100% score on the internet.nl email test, but it leaves some remarks as tlsv1.0 and 1.1 and some ciphers are marked to be phased out. Note you need to have DNSSEC enabled, otherwise DANE won't function. Further changes:
For further reference: gmail also allows TLS1.0 and 1.1 by default (see https://support.google.com/a/answer/9795993?hl=nl&ref_topic=9973342&sjid=2864150685381691207-EU) |
Update of the tls and ssl settings according to:
The only thing I did not include was removal of support for TLS v1.0 and v1.1, following the comment "some mail servers out in the world are very far behind and if we disable too much, they may not be able to use TLS and won't fall back to cleartext. So we don't disable too much."
I don't know what the email landscape looks like. Should we also disable TLS v1.0 and v1.1? Do we also need older cipher that are disabled by this pull request? Love to hear feedback on this, how do we weigh security against supporting older installations?