From: Alex on 1 Mar 2010 23:09 Hi, I have an existing old postfix TLS server set up and working successfully. It was created several years ago and has been working fine ever since.I'm wondering what the benefits would be with upgrading? In other words, I realize I can only support SSLv2, but are there other security designs and technologies that I would be encouraged to be able to support? What encryption/cipher/key length, session key options, etc, choices should I be making if I were to do this today? Under what circumstances would you want to choose only TLSv1 and not SSLv3 and TLSv1? Many of the HOWTOs and guides out there that I could find all pertain to older versions of postfix. Any word on when Ralph will be updating his book? :-) Is there a book you could recommend that covers SSLv3/TLSv1 and later versions of postfix? Thanks, Alex
From: Eray Aslan on 2 Mar 2010 02:10 On 02.03.2010 06:09, Alex wrote: > What encryption/cipher/key length, session key options, etc, choices > should I be making if I were to do this today? That is dificult to say without knowing what you are trying to protect, your threat model etc. If in doubt, go with the defaults. > Under what circumstances would you want to choose only TLSv1 and not > SSLv3 and TLSv1? AFAIK, differences between TLSv1 and SSLv3: * Expansion of cryptographic keys from the initially exchanged secret was improved * MAC construction mechanism modified into an HMAC * Mandatory support for Diffie-Hellman key exchange, the Digital Signature Standard, and Triple-DES encryption In practice, not much of a difference. > Many of the HOWTOs and guides out there that I could find all pertain > to older versions of postfix. Any word on when Ralph will be updating > his book? :-) Is there a book you could recommend that covers > SSLv3/TLSv1 and later versions of postfix? http://www.postfix.org/TLS_README.html Do not change the defaults without understanding the implications. Postfix defaults are not chosen randomly. -- Eray
From: Victor Duchovni on 2 Mar 2010 11:26 On Mon, Mar 01, 2010 at 11:09:08PM -0500, Alex wrote: > I have an existing old postfix TLS server set up and working > successfully. It was created several years ago and has been working > fine ever since. You don't have to upgrade Postfix. > I'm wondering what the benefits would be with > upgrading? In other words, I realize I can only support SSLv2, Most unlikely. I am not aware of any legacy versions of Postfix that support only SSLv2. Provided you have Postfix 2.3 or later, the TLS support is sufficiently modern and robust. > but are there other security designs and technologies that I would be > encouraged to be able to support? You should however upgrade OpenSSL to at least 0.9.8m, as many OpenSSL security issues have been addressed in the mean-time. If you legacy Postfix is linked with OpenSSL 0.9.7x, then and only then do you need to upgrade both (re-compile Postfix with OpenSSL 0.9.8). OpenSSL 1.0.0 will be released shortly, if you wait a bit, I would strongly recommend OpenSSL 1.0.0 over 0.9.8. > What encryption/cipher/key length, session key options, etc, choices > should I be making if I were to do this today? Use the default settings. > Under what circumstances would you want to choose only TLSv1 and not > SSLv3 and TLSv1? Use the default settings. With sufficiently recent versions of Postfix the default is to disable SSLv2 in the SMTP client: smtp_tls_protocols = !SSLv2 if your Postfix supports this parameter, it already defaults to this value. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
From: Alex on 2 Mar 2010 13:15 Hi, > Most unlikely. I am not aware of any legacy versions of Postfix that > support only SSLv2. Provided you have Postfix 2.3 or later, the TLS > support is sufficiently modern and robust. I'm not happy saying that it's probably older than that. > OpenSSL 1.0.0 will be released shortly, if you wait a bit, I would > strongly recommend OpenSSL 1.0.0 over 0.9.8. Will it be compatible with other programs compiled against 0.9.*? >> What encryption/cipher/key length, session key options, etc, choices >> should I be making if I were to do this today? > > Use the default settings. How can I found out what those defaults are? Is this what I should expect to see on a modern implementation? Mar 1 00:00:39 smtp0 postfix/smtp[6676]: TLS connection established to smtp.mydomain.com TLSv1 wit h cipher EDH-RSA-DES-CBC3-SHA (168/168 bits) Is that a characteristic of the certificate that was created or how postfix was compiled or otherwise? Thanks, Alex
From: Victor Duchovni on 2 Mar 2010 13:43
On Tue, Mar 02, 2010 at 01:15:17PM -0500, Alex wrote: > > Most unlikely. I am not aware of any legacy versions of Postfix that > > support only SSLv2. Provided you have Postfix 2.3 or later, the TLS > > support is sufficiently modern and robust. > > I'm not happy saying that it's probably older than that. Older versions of Postfix still support SSLv3 and TLSv1, but the TLS code in Postfix in those releases has some warts, so if you want more than opportunistic TLS support, you need 2.3 or later. > > OpenSSL 1.0.0 will be released shortly, if you wait a bit, I would > > strongly recommend OpenSSL 1.0.0 over 0.9.8. > > Will it be compatible with other programs compiled against 0.9.*? Source-compatible: yes. Binary-compatible: no. Code needs to be re-compiled to run with OpenSSL 1.0.0. > >> What encryption/cipher/key length, session key options, etc, choices > >> should I be making if I were to do this today? > > > > Use the default settings. > > How can I found out what those defaults are? Is this what I should > expect to see on a modern implementation? Postfix settings are documented in postconf(5). Unless you are an SSL expert who understands OpenSSL source code in detail, you really should not change the default settings, and generally don't need to know what they are. > Mar 1 00:00:39 smtp0 postfix/smtp[6676]: TLS connection established > to smtp.mydomain.com TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits) > > Is that a characteristic of the certificate that was created or how > postfix was compiled or otherwise? The remote system or your OpenSSL library or both do not support AES. AES support in OpenSSL was added in OpenSSL 0.9.7. If you have OpenSSL 0.9.6, you lack modern ciphers and have a bunch of unfixed SSL security issues. Bulk encryption cipher-suites have only a tangential connection to certificates. The same certificate would have worked with AES256, if both sides supported it. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note. |