Question about disabling SSLv2 and SSLv3 and Opportunistic TLS

classic Classic list List threaded Threaded
32 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Question about disabling SSLv2 and SSLv3 and Opportunistic TLS

Sean Son
Hello all

I have opportunistic TLS (offering STARTLS)  configured in my main.cf file.  I have been tasked to disable SSLv2 and SSLv3 as well as disable medium strength ciphers (to use high strength ones instead) in my postfix server.  If I was to add the following to my main.cf:


smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_protocols=!SSLv2,!SSLv3
smtp_tls_protocols=!SSLv2,!SSLv3
will this be enough to disable medium strength ciphers as well as disable SSLv2/v3? Or will I need more? Also would this configuration cause any issues with the opportunistic TLS configuration that I already have set up in my main.cf?


All help is greatly appreciated!

Thanks!

Sean
Reply | Threaded
Open this post in threaded view
|

Re: Question about disabling SSLv2 and SSLv3 and Opportunistic TLS

Bill Cole-3
On 21 May 2018, at 13:16 (-0400), Sean Son wrote:

> Hello all
>
> I have opportunistic TLS (offering STARTLS)  configured in my main.cf
> file.  I have been tasked to disable SSLv2 and SSLv3 as well as
> disable
> medium strength ciphers (to use high strength ones instead) in my
> postfix
> server.  If I was to add the following to my main.cf:
>
>
> smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
> smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
> smtpd_tls_protocols=!SSLv2,!SSLv3
> smtp_tls_protocols=!SSLv2,!SSLv3

These are already the defaults in currently supported versions of
Postfix.


> will this be enough to disable medium strength ciphers as well as
> disable
> SSLv2/v3?

No.

> Or will I need more?

To disable ciphers, you'd need to set smtpd_tls_ciphers and
smtp_tls_ciphers.

> Also would this configuration cause any
> issues with the opportunistic TLS configuration that I already have
> set up
> in my main.cf?

Of course. The more tightly you restrict the options available for
opportunistic TLS, the more often you will fall back to entirely
unencrypted transport of mail OR simply be unable to exchange mail at
all with some sites.

Disabling "medium" strength ciphers is not a wise choice for
public-facing SMTP.

--
Bill Cole
[hidden email] or [hidden email]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
Reply | Threaded
Open this post in threaded view
|

Re: Question about disabling SSLv2 and SSLv3 and Opportunistic TLS

Viktor Dukhovni
In reply to this post by Sean Son


> On May 21, 2018, at 1:16 PM, Sean Son <[hidden email]> wrote:
>
> Hello all
>
> I have opportunistic TLS (offering STARTLS)  configured in my main.cf file.  I have been tasked to disable SSLv2 and SSLv3 as well as disable medium strength ciphers (to use high strength ones instead) in my postfix server.  If I was to add the following to my main.cf:
>
>
> smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
> smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
> smtpd_tls_protocols=!SSLv2,!SSLv3
> smtp_tls_protocols=!SSLv2,!SSLv3

These are default settings in all recent versions of Postfix.

$ postconf -d | egrep '^[^ ]*mtpd?_tls.*_protocols'
lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3
lmtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3

> will this be enough to disable medium strength ciphers as well

No.  In OpenSSL 1.0.2 the medium ciphers are typically RC4, 3DES, IDEA and SEED.
Only RC4 is occasionally the only cipher supported by ancient Windows (2003) SMTP
servers.  When you disable RC4, those servers will send in the clear.  That is
likely not a problem for you, so if you wish to disable the "medium" ciphers, you'll
need:

        smtpd_tls_ciphers = high

> Also would this configuration cause any issues with the opportunistic
> TLS configuration that I already have set up in my main.cf?

It'll force ancient RC4-only implementations to send in the clear or
perhaps not be able to send at all.  By now that should be quite
rare, but I don't disable "medium" on my server.  Instead:

        smtpd_tls_ciphers = medium
        tls_preempt_cipherlist = yes

Allows the server to choose the strongest cipher supported by
the client.  On the client side I have:

  smtp_tls_ciphers = medium
  smtp_tls_exclude_ciphers = MD5, aDSS, kECDH, kDH, SEED, IDEA, RC2, RC5

leaving RC4/3DES enabled (if still supported by the underlying OpenSSL
library, recent versions tend to come with RC4 and 3DES disabled).

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Question about disabling SSLv2 and SSLv3 and Opportunistic TLS

Sean Son



On Mon, May 21, 2018 at 2:08 PM, Viktor Dukhovni <[hidden email]> wrote:


> On May 21, 2018, at 1:16 PM, Sean Son <[hidden email]> wrote:
>
> Hello all
>
> I have opportunistic TLS (offering STARTLS)  configured in my main.cf file.  I have been tasked to disable SSLv2 and SSLv3 as well as disable medium strength ciphers (to use high strength ones instead) in my postfix server.  If I was to add the following to my main.cf:
>
>
> smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
> smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
> smtpd_tls_protocols=!SSLv2,!SSLv3
> smtp_tls_protocols=!SSLv2,!SSLv3

These are default settings in all recent versions of Postfix.

$ postconf -d | egrep '^[^ ]*mtpd?_tls.*_protocols'
lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3
lmtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3

> will this be enough to disable medium strength ciphers as well

No.  In OpenSSL 1.0.2 the medium ciphers are typically RC4, 3DES, IDEA and SEED.
Only RC4 is occasionally the only cipher supported by ancient Windows (2003) SMTP
servers.  When you disable RC4, those servers will send in the clear.  That is
likely not a problem for you, so if you wish to disable the "medium" ciphers, you'll
need:

        smtpd_tls_ciphers = high

> Also would this configuration cause any issues with the opportunistic
> TLS configuration that I already have set up in my main.cf?

It'll force ancient RC4-only implementations to send in the clear or
perhaps not be able to send at all.  By now that should be quite
rare, but I don't disable "medium" on my server.  Instead:

        smtpd_tls_ciphers = medium
        tls_preempt_cipherlist = yes

Allows the server to choose the strongest cipher supported by
the client.  On the client side I have:

  smtp_tls_ciphers = medium
  smtp_tls_exclude_ciphers = MD5, aDSS, kECDH, kDH, SEED, IDEA, RC2, RC5

leaving RC4/3DES enabled (if still supported by the underlying OpenSSL
library, recent versions tend to come with RC4 and 3DES disabled).

--
        Viktor.


Hello Viktor and Bill

Thank you for your responses.  Here is what my current version of Postfix, version 2.10.1 ( I am using RHEL 7 and this is the latest postfix version), default settings are for SSL:

# postconf -d | egrep '^[^ ]*mtpd?_tls.*_protocols'
lmtp_tls_mandatory_protocols = !SSLv2
lmtp_tls_protocols = !SSLv2
smtp_tls_mandatory_protocols = !SSLv2
smtp_tls_protocols = !SSLv2
smtpd_tls_mandatory_protocols = !SSLv2
smtpd_tls_protocols =

i was informed by our security team that my postfix server has SSL Version 2 and 3 protocol detected and SSL Medium Strength Cipher suites supported. I am supposed to fix those two issues.   Any suggestions on what I should do to fix them with out breaking opportunistic TLS is greatly appreciated!


Thank you

Reply | Threaded
Open this post in threaded view
|

Re: Question about disabling SSLv2 and SSLv3 and Opportunistic TLS

Viktor Dukhovni


> On May 21, 2018, at 5:16 PM, Sean Son <[hidden email]> wrote:
>
> lmtp_tls_mandatory_protocols = !SSLv2
> lmtp_tls_protocols = !SSLv2
> smtp_tls_mandatory_protocols = !SSLv2
> smtp_tls_protocols = !SSLv2
> smtpd_tls_mandatory_protocols = !SSLv2
> smtpd_tls_protocols =
>
> i was informed by our security team that my postfix server has SSL Version 2 and 3 protocol detected and SSL Medium Strength Cipher suites supported. I am supposed to fix those two issues.   Any suggestions on what I should do to fix them with out breaking opportunistic TLS is greatly appreciated!

Change the settings to the posted Postfix 3.0+ defaults.
As for the medium ciphers.  Set "smtpd_tls_ciphers" and/or
"smtp_tls_ciphers" to "high" if your logs for the past few
months don't show any use of weaker ciphers (apart from any
connections by internet-wide security scanners, which you
should be able to recognize).

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Question about disabling SSLv2 and SSLv3 and Opportunistic TLS

Sean Son


On Mon, May 21, 2018 at 5:21 PM, Viktor Dukhovni <[hidden email]> wrote:


> On May 21, 2018, at 5:16 PM, Sean Son <[hidden email]> wrote:
>
> lmtp_tls_mandatory_protocols = !SSLv2
> lmtp_tls_protocols = !SSLv2
> smtp_tls_mandatory_protocols = !SSLv2
> smtp_tls_protocols = !SSLv2
> smtpd_tls_mandatory_protocols = !SSLv2
> smtpd_tls_protocols =
>
> i was informed by our security team that my postfix server has SSL Version 2 and 3 protocol detected and SSL Medium Strength Cipher suites supported. I am supposed to fix those two issues.   Any suggestions on what I should do to fix them with out breaking opportunistic TLS is greatly appreciated!

Change the settings to the posted Postfix 3.0+ defaults.
As for the medium ciphers.  Set "smtpd_tls_ciphers" and/or
"smtp_tls_ciphers" to "high" if your logs for the past few
months don't show any use of weaker ciphers (apart from any
connections by internet-wide security scanners, which you
should be able to recognize).

--
        Viktor.

Thank you Viktor.. I am still confused though:

When  I tried to add the  Postfix 3.0+ TLS settings  to my main.cf file and I restarted postfix, I did  a postconf -d | egrep '^[^ ]*mtpd?_tls.*_protocols'   .  but it still shows me the old settings

Also, if I set smtpd_tls_ciphers" and/or "smtp_tls_ciphers" to "high" , won't that conflict with  opportunistic TLS. You had mentioned that adding  those settings would force RC4 only implementations t o send in  the clear.. Won't that  be a problem with opportunistic TLS? 

I am totally confused here.
Reply | Threaded
Open this post in threaded view
|

Re: Question about disabling SSLv2 and SSLv3 and Opportunistic TLS

@lbutlr
On 26 May 2018, at 06:30, Sean Son <[hidden email]> wrote:
> postconf -d | egrep '^[^ ]*mtpd?_tls.*_protocols'   .  but it still shows me the old settings


The output of postconf -d will never change.

Man postconf:
       -d     Print main.cf default parameter settings instead of actual  set-
              tings.   Specify  -df  to  fold long lines for human readability
              (Postfix 2.9 and later).

--
'A man like that could inspire a handful of broken men to conquer a
country.' 'Fine. Just so long as he does it on his day off.'
Reply | Threaded
Open this post in threaded view
|

Re: Question about disabling SSLv2 and SSLv3 and Opportunistic TLS

Viktor Dukhovni
In reply to this post by Sean Son


> On May 26, 2018, at 8:30 AM, Sean Son <[hidden email]> wrote:
>
> Also, if I set smtpd_tls_ciphers" and/or "smtp_tls_ciphers" to "high" , won't that conflict with  opportunistic TLS.

Only for senders that don't support any of the modern ciphersuites.

> You had mentioned that adding  those settings would force RC4 only implementations t o send in  the clear.. Won't that  be a problem with opportunistic TLS?  

Yes, but very rarely in practice.  Perhaps not at all for your site.
Only you can tell.  You'll need to check your logs.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Question about disabling SSLv2 and SSLv3 and Opportunistic TLS

/dev/rob0
In reply to this post by @lbutlr
On Sat, May 26, 2018 at 06:51:33AM -0600, @lbutlr wrote:

> On 26 May 2018, at 06:30, Sean Son
> <[hidden email]> wrote:
> > postconf -d | egrep '^[^ ]*mtpd?_tls.*_protocols' .  but it still
> > shows me the old settings
>
>
> The output of postconf -d will never change.
>
> Man postconf:
>        -d     Print main.cf default parameter settings instead of
>               actual settings.  Specify  -df to fold long lines
>               for human readability (Postfix 2.9 and later).

Perhaps this could be reworded to be less confusing?  Since "-d"
doesn't look at main.cf, s/main.cf/"Postfix internal"/?

Just a thought.  This particular misunderstanding is pretty common.
Of course "instead of actual settings" should be a clue.  It might
help if the OP tells us what he was thinking when reading that
passage about "-d".  Reading too fast?
--
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Reply | Threaded
Open this post in threaded view
|

Re: Question about disabling SSLv2 and SSLv3 and Opportunistic TLS

Viktor Dukhovni


> On May 26, 2018, at 12:59 PM, /dev/rob0 <[hidden email]> wrote:
>
>> Man postconf:
>>       -d     Print main.cf default parameter settings instead of
>>              actual settings.  Specify  -df to fold long lines
>>              for human readability (Postfix 2.9 and later).
>
> Perhaps this could be reworded to be less confusing?  Since "-d"
> doesn't look at main.cf, s/main.cf/"Postfix internal"/?

This attempts to distinguish between "main.cf" parameters and
"master.cf" service definitions.  It might be slightly clearer
as:

    Print the compiled-in default main.cf parameter settings ...

but we're assuming that the confused users have looked at the
postconf(1) manpage.  And most of the time that's probably not
the case...

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Question about disabling SSLv2 and SSLv3 and Opportunistic TLS

/dev/rob0
On Sat, May 26, 2018 at 01:11:00PM -0400, Viktor Dukhovni wrote:

> > On May 26, 2018, at 12:59 PM, /dev/rob0 <[hidden email]> wrote:
> >
> >> Man postconf:
> >>       -d     Print main.cf default parameter settings instead of
> >>              actual settings.  Specify  -df to fold long lines
> >>              for human readability (Postfix 2.9 and later).
> >
> > Perhaps this could be reworded to be less confusing?  Since "-d"
> > doesn't look at main.cf, s/main.cf/"Postfix internal"/?
>
> This attempts to distinguish between "main.cf" parameters and
> "master.cf" service definitions.  It might be slightly clearer
> as:
>
>     Print the compiled-in default main.cf parameter settings ...
>
> but we're assuming that the confused users have looked at the
> postconf(1) manpage.  And most of the time that's probably not
> the case...

I guessed that at least in this case, the OP had looked there,
otherwise how did he "know" to use "-d"?
--
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Reply | Threaded
Open this post in threaded view
|

Re: Question about disabling SSLv2 and SSLv3 and Opportunistic TLS

@lbutlr
In reply to this post by /dev/rob0
On 2018-05-26 (10:59 MDT), /dev/rob0 <[hidden email]> wrote:
> Perhaps this could be reworded to be less confusing?  Since "-d"
> doesn't look at main.cf, s/main.cf/"Postfix internal"/?

I dunno, I think "Print main.cf default parameter settings instead of actual settings." is very clear.

--
We will fight for Bovine Freedom and hold our large heads high We will
run free with the Buffalo or die

Reply | Threaded
Open this post in threaded view
|

Re: Question about disabling SSLv2 and SSLv3 and Opportunistic TLS

Sean Son
In reply to this post by Viktor Dukhovni


On Sat, May 26, 2018 at 12:56 PM, Viktor Dukhovni <[hidden email]> wrote:


> On May 26, 2018, at 8:30 AM, Sean Son <[hidden email]> wrote:
>
> Also, if I set smtpd_tls_ciphers" and/or "smtp_tls_ciphers" to "high" , won't that conflict with  opportunistic TLS.

Only for senders that don't support any of the modern ciphersuites.

> You had mentioned that adding  those settings would force RC4 only implementations t o send in  the clear.. Won't that  be a problem with opportunistic TLS? 

Yes, but very rarely in practice.  Perhaps not at all for your site.
Only you can tell.  You'll need to check your logs.

--
        Viktor.

Hello 

Thank you for your reply.   My apologies about my misunderstanding of postconf -d. I was  up all nigh updating my servers and I read the man pages while half asleep. Lol    I guess the settings that I set in my main.cf should be enough.  I will wait to hear any feedback from my security team.


Thanks for your help!
Reply | Threaded
Open this post in threaded view
|

Re: Question about disabling SSLv2 and SSLv3 and Opportunistic TLS

Benny Pedersen-2
In reply to this post by /dev/rob0
/dev/rob0 skrev den 2018-05-26 18:59:

> Just a thought.  This particular misunderstanding is pretty common.
> Of course "instead of actual settings" should be a clue.  It might
> help if the OP tells us what he was thinking when reading that
> passage about "-d".  Reading too fast?

postconf -d output could be added with verbose helps in main.cf :)

just kidding, i would like to see main.cf smaller, so postconf -n gives
more settings as default from -d

as it is now setting is more or less random default from main.cf

keep main.cf minimal is good sense
Reply | Threaded
Open this post in threaded view
|

Re: Question about disabling SSLv2 and SSLv3 and Opportunistic TLS

@lbutlr
On 26 May 2018, at 12:59, Benny Pedersen <[hidden email]> wrote:
> just kidding, i would like to see main.cf smaller, so postconf -n gives more settings as default from -d
>
> as it is now setting is more or less random default from main.cf
>
> keep main.cf minimal is good sense

I’m not sure what you mean, the only things you need to put in main.cf are settings that differ from the defaults. At a minimum you need maybe 20-30 lines?

My postconf -n is 102 lines, and I suspect some of those could be eliminated if I went through and check the defaults (that is, the defaults would be close enough). Some of the settings probably date from when the mail server was on a T1 and I did some rate limiting and such and could be updated or eliminated.

Now, I suspect that there are some defaults that should be updated (swap_bangpath allow_percent_hack are two that spring to mind) but I suspect there are reasons they haven’t. At least it looks like those two would never realistically come into play on a modern install, based on the restriction on rewrite in postfix 2.2, so it is quite possible there is no need to change these defaults at all.

It might be useful, but probably not, to have a version of postconf -n that showed the default value along sinde the changed value:

mailbox_size_limit =  52428800 (51200000)

This is a setting I could easily eliminate as the difference between my setting ant the default is much closer than I thought it was, and it’s irrelevant on my setup because postfix doesn’t write a mailbox file. The only reason I’d need to change it is if I increased the message_size_limit beyond the 25MB it is set to currently, and that’s not going to happen.

--
Secret to a happy relationship: when you're wrong, admit it. When you're
right, shut up.

Reply | Threaded
Open this post in threaded view
|

Re: Question about disabling SSLv2 and SSLv3 and Opportunistic TLS

Viktor Dukhovni


> On May 28, 2018, at 11:35 AM, @lbutlr <[hidden email]> wrote:
>
> It might be useful, but probably not, to have a version of postconf -n that showed the default value along sinde the changed value:

join <(postconf -n) <(postconf -d | sed 's/=/(default:/; s/$/)/')

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Question about disabling SSLv2 and SSLv3 and Opportunistic TLS

Viktor Dukhovni


> On May 28, 2018, at 1:26 PM, Viktor Dukhovni <[hidden email]> wrote:
>
> join <(postconf -n) <(postconf -d | sed 's/=/(default:/; s/$/)/')

I should mention that this is "bash" syntax.  Other shells require
temp files.  On at least some FreeBSD systems bash by default does
not assume the existence of /dev/fd and creates temp files anyway,
which don't get deleted promptly.  So either install "bash" with
/dev/fd support, or run a cron job to clean out stale files in /tmp.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Question about disabling SSLv2 and SSLv3 and Opportunistic TLS

@lbutlr
In reply to this post by Viktor Dukhovni
On 2018-05-28 (11:26 MDT), Viktor Dukhovni <[hidden email]> wrote:
>
> join <(postconf -n) <(postconf -d | sed 's/=/(default:/; s/$/)/')

That's nifty!

--
"you'd think you could trust a horde of hungarian barbarians"
Reply | Threaded
Open this post in threaded view
|

Re: Question about disabling SSLv2 and SSLv3 and Opportunistic TLS

Dirk Stöcker
In reply to this post by Viktor Dukhovni
On Mon, 28 May 2018, Viktor Dukhovni wrote:

>> It might be useful, but probably not, to have a version of postconf -n that showed the default value along sinde the changed value:
>
> join <(postconf -n) <(postconf -d | sed 's/=/(default:/; s/$/)/')

Do you maybe also have a command to show only changed parameters?

Something like postconf -n, but dropping everything identical to default.

This is a task which I need something to change a vendor supplied main.cf
into the better understandable minimum configuration which does not
contain legacy settings.

Could "postconf" get a new "-N" paramater for that maybe ;-)

Ciao
--
http://www.dstoecker.eu/ (PGP key available)
Reply | Threaded
Open this post in threaded view
|

Re: Question about disabling SSLv2 and SSLv3 and Opportunistic TLS

Stefan Förster-4
* Dirk Stöcker <[hidden email]>:
>On Mon, 28 May 2018, Viktor Dukhovni wrote:
>
>>>It might be useful, but probably not, to have a version of postconf -n that showed the default value along sinde the changed value:
>>
>>join <(postconf -n) <(postconf -d | sed 's/=/(default:/; s/$/)/')
>
>Do you maybe also have a command to show only changed parameters?
>
>Something like postconf -n, but dropping everything identical to default.

You can get changed parameters that are at their default value with:

comm -1 -2 <(postconf -n) <(postconf -d)
12