On 2017-11-23 01:30, Jonathan Sélea wrote:
Hi,
I did struggle alot to understand and deploy a secure cipher list that
https://hardenize.com and https://ssl-tool.net would not complain on, so
I came up with this:
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_protocols = !SSLv2 !SSLv3
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
lmtp_tls_protocols = !SSLv2 !SSLv3
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtpd_tls_mandatory_ciphers=high
tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK,
aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA,
CAMELLIA, SEED, 3DES, AES128-GCM-SHA256, AES256-GCM-SHA384,
AES128-SHA256, AES256-SHA256, AES256-SHA, AES128-SHA
smtpd_tls_eecdh_grade=ultra
tls_preempt_cipherlist = yes
tls_eecdh_strong_curve = prime256v1
tls_eecdh_ultra_curve = secp384r1
My question is, can I improve this futher or do you guys/girls have any
opinion regarding this?
I am grateful for all comments, tips or other suggestions :)
For your public facing ports, the point is to provide an encrypted
channel as often as possible. Public SMTP is effectively anonymous, so
forcing high grade encryption is counterproductive. I do suggest setting
*_ciphers = high
because the default of "medium" includes RC4 and 3DES, and I believe
actively eradicating those from the wild is necessary and good. I
maintain some statistics about opportunistic STARTTLS and the last time
I saw mandatory RC4 was 2015. I have yet to see mandatory 3DES.
The other thing is to set is
*_protocols = !SSLv2, !SSLv3, TLSv1, TLSv1.1, TLSv1.2
because some SSL libraries won't enable TLSv1.2 unless you explicitly
tell it to do so.
For internal SMTP, I have to deal with PCI and other infosec
"standards", so the crypto used already requires regular review. I also
get to control the SMTP talker population, so I use certificate-based
authentication with the following:
*_tls_ciphers = !aNULL:AES256+kEECDH
*_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1, TLSv1.2
In a heterogenous network, particularly one with mobile devices or
Window/MacOS that aren't on current release, you will need to relax the
cipherspec to something like '!aNULL:AES+kEECDH:AES+kEDH:+SHA1' and
enable TLSv1 and TLSv1.1.
