dh settings

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

dh settings

Postfix User-2
I am looking for a little guidance regarding deploying Diffie-Hellman
for TLS. According to this URL: https://www.weakdh.org/sysadmin.html,
the following are recommended settings for Postfix.

smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK,
aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, KRB5-DES, CBC3-SHA

I would just like to know if this is correct. Also, what are the
recommended settings for the postfix "smtp_tls_exclude_ciphers"
setting?

Thank you.

--
Postfix User
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: dh settings

Florian Beer | 42dev-2


On 2017-03-20 12:23, Postfix User wrote:

> I am looking for a little guidance regarding deploying Diffie-Hellman
> for TLS. According to this URL: https://www.weakdh.org/sysadmin.html,
> the following are recommended settings for Postfix.
>
> smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK,
> aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, KRB5-DES, CBC3-SHA
>
> I would just like to know if this is correct. Also, what are the
> recommended settings for the postfix "smtp_tls_exclude_ciphers"
> setting?
>
> Thank you.

https://bettercrypto.org/static/applied-crypto-hardening.pdf has several
very good recommendations for various servives (including Postfix).
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: dh settings

Viktor Dukhovni
In reply to this post by Postfix User-2

> On Mar 20, 2017, at 7:23 AM, Postfix User <[hidden email]> wrote:
>
> I am looking for a little guidance regarding deploying Diffie-Hellman
> for TLS. According to this URL: https://www.weakdh.org/sysadmin.html,
> the following are recommended settings for Postfix.

I'd suggest the Postfix documentation:

        http://www.postfix.org/FORWARD_SECRECY_README.html

There's only one small correction, with Postfix >= 3.2, the default
EECDH grade is "auto" only if the OpenSSL version is at least 1.0.2.
Regardless, with Postfix >= 2.8 let the default stand.

As for the guide you found, all sorts of people make stuff up and
post it in the Internet.

The recommended:

   smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK,
        aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, KRB5-DES, CBC3-SHA

is a rather odd mishmash, don't use it.  Instead, the typically default:

        smtpd_tls_ciphers = medium

is quite sufficient.  If the client does not support forward secrecy, you
should still do TLS, rather than require the client to perform a cleartext
fallback.  Similarly there's no need to disable anon-DH ciphers, ...

    https://tools.ietf.org/html/rfc7672#section-8.2
    https://tools.ietf.org/html/rfc7435#section-4

Bottom line, stick with the Postfix defaults, and only if you're running a
"long-term support" O/S with a rather old Postfix version, update some
settings to match changes in later releases.

The settings that may need updating in older versions of Postfix are:
     
   smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
   smtp_tls_protocols = !SSLv2, !SSLv3
   smtp_tls_ciphers = medium
   smtpd_tls_ciphers = medium

For Postfix <= 3.0 also see:

   http://www.postfix.org/FORWARD_SECRECY_README.html#quick-start

for instructions on setting up 2048-bit DH parameters.  As of Postfix
3.1, the default built-in DH prime is a 2048-bit strong prime.

--
        Viktor.

Loading...