On Tue, Jun 14, 2022 at 05:51:17PM -0400, Dan Mahoney wrote:
> Postfix has sane defaults as long as you run a fairly recent version,
> and the developers have clue. Not all apps have sane defaults (for
> example, I could see the need to configure default SSL configs with
> Sendmail).
Even when Postfix defaults are somewhat dated, and best-practice would
be something different, they are still generally better than many of the
recommended OCD "hardening" recommendations. You have to go a long way
back in Postfix history, and build with a very old OpenSSL release
(neither supported at this time) to find a combination that actually
would need tweaks to avoid a plausible security issue.
Avoid all cipherlist settings that specify an explicit list specific
ciphers, rather than coarse categories.
Avoid "turning it up to 11", with overly large key sizes, ...
It is by now is generally practical to set:
smtpd_tls_mandatory_ciphers = high
smtpd_tls_ciphers = high
smtp_tls_mandatory_ciphers = high
smtp_tls_ciphers = high
and for the SMTP client also:
smtp_tls_exclude_ciphers = SRP, PSK, aDSS, kECDH, kDH, SEED, IDEA, RC2, RC5
smtpd_tls_exclude_ciphers = SRP, PSK, aDSS, kECDH, kDH, SEED, IDEA, RC2, RC5
though some of these are "for free" with OpenSSL 1.1.1, which typically
no longer supports e.g. IDEA, RC2 or RC5. The exclusions of "SRP" and
"PSK" are just housekeeping, they can never be used in practice without
supporting application code that is absent in Postfix.
So the only exclusions that make a difference are "aDSS", "kECDH" and
"kDH" (some or all of which may also be gone with OpenSSL 3.0). Leaving
these enabled is not critical, but disabling these reduces the attack
surface with only negligible impact on interoperability for most users.
I may be tempted to build some of these in as defaults in Postfix 3.8,
though it is also tempting to leave garbage-collection of outdated
ciphers mostly to OpenSSL.
--
Viktor.
