On Wed, Jul 11, 2018 at 03:27:05PM +0200, Viktor Schneider wrote:
> While checking the SSL configuration of a Postfix server, I noticed that
> so-called "Client-initiated secure renegotiation" is available at
> Postfix by default.
> You can verify it with following openssl command and press "R" once the
> connection is successfully established:
When you configure TLS handshake rate limits, they apply equally
to new connections and renegotiation. If you don't configure TLS
handshake rate limits, it is not clear why you'd want to restrict
renegotiation, unless you're trying to use connection rate limits
as a proxy for TLS rate limits.
> Are there already plans to make "Client-initiated secure renegotiation"
> support in Postfix disengageable? I would very much appreciate it if I
> could switch off this function.
You can rate limit non-resumption TLS handshakes:
http://www.postfix.org/postconf.5.html#smtpd_client_new_tls_session_rate_limit
If you're linking against OpenSSL 1.1.0h or later, you can set the
SSL_OP_NO_RENEGOTIATION SSL option:
http://www.postfix.org/postconf.5.html#tls_ssl_options
tls_ssl_options = 0x40000000
That value of 0x40000000 has a completely different effect in OpenSSL
1.0.x (which is not ABI-compatible with OpenSSL 1.1.x), where it
set the
SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
option, and has no effect with OpenSSL 1.1.0 at patch levels lower
than "h". So do not do this with earlier OpenSSL releases.
The latest patch release is OpenSSL 1.1.0i.
You best bet is the TLS session rate limit.
--
Viktor.
