> On Dec 4, 2017, at 8:22 AM, Jonathan Sélea <jonat...@selea.se> wrote: > > I recently stumbled upon hardinze too, and came up with this config that > makes the checks "all green".
Green per some poorly designed checklist is not necessarily better. > smtpd_tls_protocols = !SSLv2 !SSLv3 > smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3 > smtp_tls_protocols = !SSLv2 !SSLv3 > smtp_tls_mandatory_protocols = !SSLv2 !SSLv3 > lmtp_tls_protocols = !SSLv2 !SSLv3 > lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3 These are fine and default in all supported Postfix versions. > smtpd_tls_mandatory_ciphers=high This may be counter-productive. You're forcing peers that only do RC4 to send in the clear instead. Probably not a win, and with peers that can do HIGH ciphers, you get HIGH anyway. On the other hand support for only RC4 or 3DES (now medium in some newer OpenSSL versions) is rare, most peers will support AES, and yet "medium" is still a better choice for opportunistic TLS. > tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:AES256-SHA:CAMELLIA128-SHA:AES128-SHA Don't hand-order your ciphers. Why CAMELLIA above AES for example? And what happens when newer ciphers show up? > smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, > EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA, CAMELLIA, > SEED, 3DES, AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-SHA256, > AES256-SHA256, AES256-SHA, AES128-SHA Excluding aNULL on a port 25 server is mostly counter-productive: https://tools.ietf.org/html/rfc7672#section-8.2 ditto with DES3 and RC4, just put them at the end. Funny you put CAMELLIA first on your cipher list, and then exclude it! And then exclude a bunch of strong AES ciphers. This clearly makes the point that such guides and efforts to get to "green" are a bad idea. > smtpd_tls_eecdh_grade=ultra Actually "auto" is a much better setting in Postfix versions that support it. > tls_preempt_cipherlist = yes This is typically OK, though in your case, the client's settings might be more sensible. :-( > tls_eecdh_strong_curve = prime256v1 > tls_eecdh_ultra_curve = secp384r1 These are defaults. > smtpd_tls_dh512_param_file = /etc/ssl/dh512_param.pem > smtpd_tls_dh1024_param_file = /etc/ssl/dh2048_param.pem This is fine, provided the names match the content. Note that with EXPORT ciphers disabled the 512-bit parameters will never be used. -- Viktor.
