The last few months sysadmins, engineers and security components were on needles. Many security holes were found and patched. And in this case, patched means patched in the code, built binaries and pushed out by the sysadmins. Specially in the SSL/TLS segment, resp. openssl and its algorithms.

UPDATE (21. Oct 2017):
Needless to say, there is always improvement on security, so I updated the mentioned ciphers, protocols and configurations in this article.

But not everything can be patched if its weak by nature. There are protocols, which are now insecure and you should not be used anymore. Generally you should disable SSLv3 (and 2 for sure!). This protocol is over 10 years old and now vulnerable to different attacks (like POODLE or BEAST). Using a secure protocol like TLSv1.2 (which also can be improved), does not mean your secure. Every SSL Protocol uses algorithms and there are enough who are weak, too.

So what to do? Use secure protocols and secure algorithms and find some mix of supported devices/browsers/programs and high grade algorithms.

Disabled protocols MUST be SSLv2 and SSLv3.
Use TLSv1.0, TLSv1.1 if you need to. TLSv1.2 (+TLSv1.3) are encountered as secure.
Old algorithms werent always bad, but technology improves and older ciphers like RC4 don't fullfill the requirements to be secure anymore.

AVOID these:

aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL

This configuration generates a A+ grade by the ssl testsuite from Qualsys (HTTPS) but provides a big bandwidth of supported devices. Yes, some of the oldest aren't supported with these ciphers, but a nessecary sacrifice to provide better security.

This affects the unsupported Windows XP, old Android 2.3.7 and the even older Java 1.6.
If you want to support this old devices you can allow this cipher suite, which is of course less secure: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA

Below is my configuration of Nginx and Postfix.

Nginx

This disables the insecure protocols SSLv3 and SSLv3, multiple insecure algorythms like EXPORT or RC4

Provides a high grade security with perfect forward secrecy and HSTS (Certfificate pinning)

ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;

# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/ssl/certs/dh2048.pem;

# modern configuration. tweak to your needs.
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;

# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;

# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;

Postfix

I used this really good guide for setting up my mailserver: https://thomas-leister.de/mailserver-debian-stretch
Poorly, not every mailserver supports encryption (I hope it would be so), so the security level for incoming connections is "may". I hope we can fix it by “encrypt” in the future…

UPDATE:
Postfix 2.11 supports a bunch of new security levels, including DANE.
See this postfix documentation for the explanation.
Sadly, the postfix version is 2.10 under CentOS 7 and to old for these new options :(

tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA

smtp_tls_security_level = encrypt    # or better "dane" with postfix 2.11
smtp_tls_policy_maps = mysql:/etc/postfix/sql/tls-policy.cf
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_ciphers = high

smtpd_tls_security_level = may
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_ciphers = high

Be aware, in a few years they probably also weak and should be replaced.

Happy tweaking.

Next Post Previous Post

Add a comment