How to force a own set of ciphers in Postfix 2.11?

postfix openssl tls ssl

9,515

Solution 1

From Applied Crypto Hardening by bettercrypto.org:

smtpd_tls_security_level = may
smtp_tls_security_level = may
smtp_tls_loglevel = 1
# if you have authentication enabled, only offer it after STARTTLS
smtpd_tls_auth_only = yes
tls_ssl_options = NO_COMPRESSION
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_ciphers=high
tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA

[UPDATE: As the bettercrypto project, where I have the cipher-string from, is no longer active, make sure to chose your cipher-string from a current source.]

For master.cf you may want to configure the submission port to TLS only:

submission inet n - - - - smtpd
 -o smtpd_tls_security_level=encrypt
 -o tls_preempt_cipherlist=yes

However, this does not disallow usage of outdated ciphers for security level may, according to pull request #97, you can do this with:

smtpd_tls_protocols=!SSLv2,!SSLv3
smtp_tls_protocols=!SSLv2,!SSLv3

But this has not been merged with the following reason:

I am going to close this, SSLv3 makes sense here since it's better than good ol' plaintext.

Solution 2

man postconf says "You are strongly encouraged to not change this setting."

Nevertheless, you can, like this:

smtp_tls_security_level = encrypt
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_ciphers=high
smtpd_tls_security_level = encrypt
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_ciphers=high
tls_high_cipherlist=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:-DES:!RC4:!MD5:!PSK:!aECDH:EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

I assume this is experimental and you're not worried about mail flow from most MTAs. Check for "handshake failure" in the postfix logs. I'd suggest testing with smtp_ outgoing first so you can see what's in the queue and any local nginx-generated SMTP sessions shouldn't fail.

9,515

burnersk

Updated on September 18, 2022

Comments

burnersk over 1 year
I would like to force a own set of TLS cipher suites rather than use the Postfix built in ones.

My desired set of ciphers is (taken from nginx configuration):
```
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:-DES:!RC4:!MD5:!PSK:!aECDH:EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
```
Unfortunately I cannot find a reference to override the cipher suites. I found notices that it is possible but not how.

How would look like the equivalent Postfix configuration for smtp and smtpd?

Using Debian/7, Postfix/2.11.2, OpenSSL/1.0.1e
- Michael Hampton over 9 years
  
  Don't do this. You will actually reduce the security of your email in transit. The reason is that if another mail server that speaks to yours doesn't support any of the ciphers you have specified, then TLS will fail entirely. The message will then be sent with no encryption, rather than simply weak crypto.
- Steffen Ullrich over 9 years
  
  Probably worse than that. Failing within the TLS handshake causes MTAs like sendmail to try later again with the same settings, so that they fail again. They will not retry with downgraded settings. At the end the delivery will permanently fail.
burnersk over 9 years

I want to use my own cipher suites and not some suites which I have to look for in source codes.
masegaloeh over 9 years

Additional info taken from this page by Felix Eckhofer: "Postfix has five internal lists of ciphers that the authors suggest should not be changed. ... You have a choice between (from most to least secure) high, medium, low, export and null. Check the output of postconf -d for the parameters tls_high_cipherlist, tls_medium_cipherlist and so on to see which ciphers are in which list."
sebix over 9 years

Thanks for this information, should include that in the document :)
Cedric Knight over 9 years

True. As I say I was assuming the questioner was not worried about all MTAs and was checking logs and queues, otherwise they wouldn't be limiting ciphers. If you choose smtp_tls_security_level = may, then also set "smtp_tls_protocols" and "smtp_tls_protocols", and see the header for (E)SMTPS to verify security. Using smtp_tls_loglevel = 1 I can see this cipher list successfully negotiates TLS1.2 and ECDHE-RSA-A ES128-GCM-SHA256 with Yahoo MXs.
Cedric Knight over 9 years

s/smtp_tls_protocols/smtp_tls_ciphers/
Steffen Ullrich over 9 years

In case it is not clear for you from reading the documentation. The settings are the ciphers as available by openssl, same as with nginx.