Regarding ciphers

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Regarding ciphers

Jonathan Sélea
Hi,

I did struggle alot to understand and deploy a secure cipher list that
https://hardenize.com and https://ssl-tool.net would not complain on, so
I came up with this:

smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_protocols = !SSLv2 !SSLv3
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
lmtp_tls_protocols = !SSLv2 !SSLv3
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtpd_tls_mandatory_ciphers=high
tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK,
aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA,
CAMELLIA, SEED, 3DES, AES128-GCM-SHA256, AES256-GCM-SHA384,
AES128-SHA256, AES256-SHA256, AES256-SHA, AES128-SHA
smtpd_tls_eecdh_grade=ultra
tls_preempt_cipherlist = yes
tls_eecdh_strong_curve = prime256v1
tls_eecdh_ultra_curve = secp384r1

My question is, can I improve  this futher or do you guys/girls have any
opinion regarding this?
I am grateful for all comments, tips or other suggestions :)

/ Jonathan


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Regarding ciphers

allenc


On 23/11/17 09:30, Jonathan Sélea wrote:

> My question is, can I improve  this futher or do you guys/girls have any
> opinion regarding this?
> I am grateful for all comments, tips or other suggestions :)
>
> / Jonathan
>

If the remote host does not support the cyphers you deploy, then you
have the choice of letting the message delivery fail, or sending the
message unencrypted.

It is usually considered better to use a weak cypher than none at all.

The default settings of postfix will try to use an encrypted connection,
but will fall back to unencrypted - as a "last resort".

Allen C
Reply | Threaded
Open this post in threaded view
|

Re: Regarding ciphers

allenc
In reply to this post by Jonathan Sélea


On 23/11/17 09:30, Jonathan Sélea wrote:
>
> My question is, can I improve  this futher or do you guys/girls have any
> opinion regarding this?
> I am grateful for all comments, tips or other suggestions :)
>
> / Jonathan
>

Thinking at a tangent, if your messages are particularly sensitive, you
may wish to consider encrypting the original message with something like
PGP (or GPG)

Postfix only encrypts the comms link; once messages reach the server,
they are queued/stored in clear again.

Allen C


Reply | Threaded
Open this post in threaded view
|

Re: Regarding ciphers

Dirk Stöcker
In reply to this post by Jonathan Sélea
On Thu, 23 Nov 2017, Jonathan Sélea wrote:

> I did struggle alot to understand and deploy a secure cipher list that
> https://hardenize.com and https://ssl-tool.net would not complain on, so I
> came up with this:
>
> smtpd_tls_protocols = !SSLv2 !SSLv3
> smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
> smtp_tls_protocols = !SSLv2 !SSLv3
> smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
> lmtp_tls_protocols = !SSLv2 !SSLv3
> lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
> smtpd_tls_mandatory_ciphers=high
> tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
> smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH,
> EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA, CAMELLIA,
> SEED, 3DES, AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-SHA256,
> AES256-SHA256, AES256-SHA, AES128-SHA
> smtpd_tls_eecdh_grade=ultra
> tls_preempt_cipherlist = yes
> tls_eecdh_strong_curve = prime256v1
> tls_eecdh_ultra_curve = secp384r1
>
> My question is, can I improve  this futher or do you guys/girls have any
> opinion regarding this?
> I am grateful for all comments, tips or other suggestions :)
Nothing gets older faster that cipher specifications. Usually it is the
best to use a recent version of the SSL libraries and don't change the
specs. The defaults incorporate the most recent developments.

If SSLv2, SSLv3 and RC4 are still supported by default on your system
instead of tuning the specs an update of the software is recommended.

P.S. You always need to keep in mind that you will fallback to plaintext,
so a bad cipher is (usually) better than none.

Ciao
--
http://www.dstoecker.eu/ (PGP key available)
Reply | Threaded
Open this post in threaded view
|

Re: Regarding ciphers

Jonathan Sélea
Thanks both Allen and Dirk :)

The ciphers should be supported by many server because thoose are used
by TLS1.0 to 1.2. So I think they should be fine. I hope :)
I did not get some real criticism yet about some stupid ciphers so I
consider my current one OK.

Regarding Allen's suggestion about PGP/GPG. I already use s/MIME as you
probably can see in email clients like Thunderbird, Outlook and Evolution.

/J


On 11/23/2017 02:15 PM, Dirk Stöcker wrote:

> On Thu, 23 Nov 2017, Jonathan Sélea wrote:
>
>> I did struggle alot to understand and deploy a secure cipher list
>> that https://hardenize.com and https://ssl-tool.net would not
>> complain on, so I came up with this:
>>
>> smtpd_tls_protocols = !SSLv2 !SSLv3
>> smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
>> smtp_tls_protocols = !SSLv2 !SSLv3
>> smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
>> lmtp_tls_protocols = !SSLv2 !SSLv3
>> lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
>> smtpd_tls_mandatory_ciphers=high
>> tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
>>
>> smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK,
>> aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5,
>> CBC3-SHA, CAMELLIA, SEED, 3DES, AES128-GCM-SHA256, AES256-GCM-SHA384,
>> AES128-SHA256, AES256-SHA256, AES256-SHA, AES128-SHA
>> smtpd_tls_eecdh_grade=ultra
>> tls_preempt_cipherlist = yes
>> tls_eecdh_strong_curve = prime256v1
>> tls_eecdh_ultra_curve = secp384r1
>>
>> My question is, can I improve  this futher or do you guys/girls have
>> any opinion regarding this?
>> I am grateful for all comments, tips or other suggestions :)
>
> Nothing gets older faster that cipher specifications. Usually it is
> the best to use a recent version of the SSL libraries and don't change
> the specs. The defaults incorporate the most recent developments.
>
> If SSLv2, SSLv3 and RC4 are still supported by default on your system
> instead of tuning the specs an update of the software is recommended.
>
> P.S. You always need to keep in mind that you will fallback to
> plaintext, so a bad cipher is (usually) better than none.
>
> Ciao


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Regarding ciphers

Darren Pilgrim
In reply to this post by Jonathan Sélea
On 2017-11-23 01:30, Jonathan Sélea wrote:

> Hi,
>
> I did struggle alot to understand and deploy a secure cipher list that
> https://hardenize.com and https://ssl-tool.net would not complain on, so
> I came up with this:
>
> smtpd_tls_protocols = !SSLv2 !SSLv3
> smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
> smtp_tls_protocols = !SSLv2 !SSLv3
> smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
> lmtp_tls_protocols = !SSLv2 !SSLv3
> lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
> smtpd_tls_mandatory_ciphers=high
> tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
> smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK,
> aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA,
> CAMELLIA, SEED, 3DES, AES128-GCM-SHA256, AES256-GCM-SHA384,
> AES128-SHA256, AES256-SHA256, AES256-SHA, AES128-SHA
> smtpd_tls_eecdh_grade=ultra
> tls_preempt_cipherlist = yes
> tls_eecdh_strong_curve = prime256v1
> tls_eecdh_ultra_curve = secp384r1
>
> My question is, can I improve  this futher or do you guys/girls have any
> opinion regarding this?
> I am grateful for all comments, tips or other suggestions :)

For your public facing ports, the point is to provide an encrypted
channel as often as possible. Public SMTP is effectively anonymous, so
forcing high grade encryption is counterproductive.  I do suggest setting

*_ciphers = high

because the default of "medium" includes RC4 and 3DES, and I believe
actively eradicating those from the wild is necessary and good.  I
maintain some statistics about opportunistic STARTTLS and the last time
I saw mandatory RC4 was 2015.  I have yet to see mandatory 3DES.

The other thing is to set is

*_protocols = !SSLv2, !SSLv3, TLSv1, TLSv1.1, TLSv1.2

because some SSL libraries won't enable TLSv1.2 unless you explicitly
tell it to do so.

For internal SMTP, I have to deal with PCI and other infosec
"standards", so the crypto used already requires regular review.  I also
get to control the SMTP talker population, so I use certificate-based
authentication with the following:

*_tls_ciphers = !aNULL:AES256+kEECDH
*_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1, TLSv1.2

In a heterogenous network, particularly one with mobile devices or
Window/MacOS that aren't on current release, you will need to relax the
cipherspec to something like '!aNULL:AES+kEECDH:AES+kEDH:+SHA1' and
enable TLSv1 and TLSv1.1.
Reply | Threaded
Open this post in threaded view
|

Re: Regarding ciphers

Jonathan Sélea
Thanks you very much!
Very informative!


On 2017-11-23 16:03, Mel Pilgrim wrote:

> On 2017-11-23 01:30, Jonathan Sélea wrote:
>> Hi,
>>
>> I did struggle alot to understand and deploy a secure cipher list that
>> https://hardenize.com and https://ssl-tool.net would not complain on, so
>> I came up with this:
>>
>> smtpd_tls_protocols = !SSLv2 !SSLv3
>> smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
>> smtp_tls_protocols = !SSLv2 !SSLv3
>> smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
>> lmtp_tls_protocols = !SSLv2 !SSLv3
>> lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
>> smtpd_tls_mandatory_ciphers=high
>> tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
>>
>> smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK,
>> aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA,
>> CAMELLIA, SEED, 3DES, AES128-GCM-SHA256, AES256-GCM-SHA384,
>> AES128-SHA256, AES256-SHA256, AES256-SHA, AES128-SHA
>> smtpd_tls_eecdh_grade=ultra
>> tls_preempt_cipherlist = yes
>> tls_eecdh_strong_curve = prime256v1
>> tls_eecdh_ultra_curve = secp384r1
>>
>> My question is, can I improve  this futher or do you guys/girls have any
>> opinion regarding this?
>> I am grateful for all comments, tips or other suggestions :)
>
> For your public facing ports, the point is to provide an encrypted
> channel as often as possible. Public SMTP is effectively anonymous, so
> forcing high grade encryption is counterproductive.  I do suggest setting
>
> *_ciphers = high
>
> because the default of "medium" includes RC4 and 3DES, and I believe
> actively eradicating those from the wild is necessary and good.  I
> maintain some statistics about opportunistic STARTTLS and the last
> time I saw mandatory RC4 was 2015.  I have yet to see mandatory 3DES.
>
> The other thing is to set is
>
> *_protocols = !SSLv2, !SSLv3, TLSv1, TLSv1.1, TLSv1.2
>
> because some SSL libraries won't enable TLSv1.2 unless you explicitly
> tell it to do so.
>
> For internal SMTP, I have to deal with PCI and other infosec
> "standards", so the crypto used already requires regular review.  I
> also get to control the SMTP talker population, so I use
> certificate-based authentication with the following:
>
> *_tls_ciphers = !aNULL:AES256+kEECDH
> *_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1, TLSv1.2
>
> In a heterogenous network, particularly one with mobile devices or
> Window/MacOS that aren't on current release, you will need to relax
> the cipherspec to something like '!aNULL:AES+kEECDH:AES+kEDH:+SHA1'
> and enable TLSv1 and TLSv1.1.


smime.p7s (5K) Download Attachment