Forcing TLS 1.2 on submission

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Forcing TLS 1.2 on submission

J Doe
Hi,

I am attempting to restrict the TLS protocol version used by my SMTP AUTH’d clients on the submission service.

In master.cf I have added the following to the submission service:

    -o smtpd_tls_ciphers=high
    -o smtpd_tls_exclude_ciphers=EXPORT,MEDIUM
    -o smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1,TLSv1.2

…however, when I test via the OpenSSL client:

    openssl s_client -connect example.com:587 -starttls smtp -tls1

…it connects and negotiates TLS 1.0.  It will also negotiate TLS 1.1 and TLS 1.2 on successive tests.

What am I doing wrong ?

Thanks,

- J
Reply | Threaded
Open this post in threaded view
|

Re: Forcing TLS 1.2 on submission

Viktor Dukhovni


> On Mar 29, 2018, at 2:56 PM, J Doe <[hidden email]> wrote:
>
> I am attempting to restrict the TLS protocol version used by my SMTP AUTH’d clients on the submission service.
>
> In master.cf I have added the following to the submission service:
>
>    -o smtpd_tls_ciphers=high
>    -o smtpd_tls_exclude_ciphers=EXPORT,MEDIUM
>    -o smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1,TLSv1.2

Given that TLS is typically mandatory for submission (you should have
"-o smtpd_tls_security_level=encrypt" already set), it simpler to just
set "smtpd_tls_mandatory_protocols" in main.cf.  The recommended syntax
is to just eliminate the negative, but not accentuate the positive:

        smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1

If TLS 1.3 happens someday to be supported by both ends, no need to
preclude its use at that time.

> …however, when I test via the OpenSSL client:
>
>    openssl s_client -connect example.com:587 -starttls smtp -tls1
>
> …it connects and negotiates TLS 1.0.  It will also negotiate TLS 1.1 and TLS 1.2 on successive tests.
>
> What am I doing wrong ?

Perhaps a missing "postfix reload" or some syntax issue with master.cf.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Forcing TLS 1.2 on submission

J Doe
Hi Viktor

> On Mar 29, 2018, at 3:15 PM, Viktor Dukhovni <[hidden email]> wrote:
>
>
>
>> On Mar 29, 2018, at 2:56 PM, J Doe <[hidden email]> wrote:
>>
>> I am attempting to restrict the TLS protocol version used by my SMTP AUTH’d clients on the submission service.
>>
>> In master.cf I have added the following to the submission service:
>>
>>   -o smtpd_tls_ciphers=high
>>   -o smtpd_tls_exclude_ciphers=EXPORT,MEDIUM
>>   -o smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1,TLSv1.2
>
> Given that TLS is typically mandatory for submission (you should have
> "-o smtpd_tls_security_level=encrypt" already set), it simpler to just
> set "smtpd_tls_mandatory_protocols" in main.cf.  The recommended syntax
> is to just eliminate the negative, but not accentuate the positive:
>
> smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1
>
> If TLS 1.3 happens someday to be supported by both ends, no need to
> preclude its use at that time.
>
>> …however, when I test via the OpenSSL client:
>>
>>   openssl s_client -connect example.com:587 -starttls smtp -tls1
>>
>> …it connects and negotiates TLS 1.0.  It will also negotiate TLS 1.1 and TLS 1.2 on successive tests.
>>
>> What am I doing wrong ?
>
> Perhaps a missing "postfix reload" or some syntax issue with master.cf.

Thanks for your reply.

Ok, I have to say I feel pretty pleased with myself - I found a solution roughly around when your e-mail came it, so I tried my solution first and it worked!

I ran nmap against the server to enumerate the TLS versions in use and the output noted that the cipher preference was set to “client”.  Googling for server preference in Postfix brought me to the Postfix web page on TLS [1] which mentioned the “mandatory” set of settings.  I then edited the list I sent in my previous e-mail, restarted Postfix and ran the nmap enumeration again and it now supports only TLS 1.2.

Your e-mail confirms my results - thank you.

- J

Sources:

[1] http://www.postfix.org/TLS_README.html#server_cipher
Reply | Threaded
Open this post in threaded view
|

Re: Forcing TLS 1.2 on submission

Viktor Dukhovni


> On Mar 29, 2018, at 3:26 PM, J Doe <[hidden email]> wrote:
>
> Ok, I have to say I feel pretty pleased with myself - I found a solution roughly around when your e-mail came it, so I tried my solution first and it worked!
>
> I ran nmap against the server to enumerate the TLS versions in use and the output noted that the cipher preference was set to “client”.  Googling for server preference in Postfix brought me to the Postfix web page on TLS [1] which mentioned the “mandatory” set of settings.  I then edited the list I sent in my previous e-mail, restarted Postfix and ran the nmap enumeration again and it now supports only TLS 1.2.
>
> Your e-mail confirms my results - thank you.

Note that the cipher settings (and whether the client's or server's
list is used to rank ciphers) don't affect protocol version selection.
The highest shared protocol version is selected first, and only
then a suitable shared cipher.

Therefore, if it works now, it is likely because you ran "postfix reload",
or because changes in main.cf are seen by each smtpd(8) process at startup,
but changes in master.cf require a reload to take effect.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Forcing TLS 1.2 on submission

@lbutlr
In reply to this post by Viktor Dukhovni
On 2018-03-29 (13:15 MDT), Viktor Dukhovni <[hidden email]> wrote:
>
> smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1

If you do this, then you do not need smtpd_tls_exclude_ciphers, right?

Also, do the setting above also exclude the weaker protocols like MD5 and RC2?

--
Chico: You sing-a high. Connie: Yes, I have a falsetto voice. Chico:
That's-a funny; my last pupil she had-a false set-a teeth.

Reply | Threaded
Open this post in threaded view
|

Re: Forcing TLS 1.2 on submission

Viktor Dukhovni


> On Mar 29, 2018, at 5:03 PM, @lbutlr <[hidden email]> wrote:
>
> If you do this, then you do not need smtpd_tls_exclude_ciphers, right?

No, protocol versions and ciphersuites are different beasts.  But with
"smtpd_tls_mandatory_ciphers = high" there's generally not much need
for any further ciphersuite exclusions.

> Also, do the setting above also exclude the weaker protocols like MD5 and RC2?

MD5 and RC2 are classes of ciphersuites, NOT protocols.

Neither are used in any "high" grade ciphers.

--
        Viktor.