[Ach] BetterCrypto guide - POSTFIX configuration mistake / missing parameter

Fri Oct 14 12:16:47 CEST 2016

Hi Crypto-guys,

First, thanks a lot for your excellent work related to the
BetterCrypto.org guide, it is really an excellent starting point and
quick ref guide!

I went through it several times since I discovered it some years ago,
and was recently hardening my MTA / Postfix crypto behaviour (Postfix
6.6) - STARTTLS on 25 port.

I followed your guide to disable low cipher suites and made some tests
on it. After applying it and checking that there was no errors in my
logs, I saw that I was still having issues with low ciphers suites when
I did some scans with OpenVAS and sslscan tool.

I had a look to Postfix configuration and saw a missing parameter in
the configuration you suggest.

NB: I am working with a fresh download copy of the released pdf (august
7 2016).

P30, as required by RFC, you enable opportunistic TLS support with
following parameters:
smtpd_tls_security_level = may
smtp_tls_security_level = may

P31, you define several high grade ciphers:
smtpd_tls_mandatory_ciphers=high
tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:\
\EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS\
\:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA

What is missing here is that by default in a "TLS may" aka
opportunistic configuration, the ciphers used are driven by the
parameter "smtpd_tls_ciphers", wich is defined by default to medium,
thus not applying low ciphers restriction comming from the
tls_high_cipherlist defined before.
==> CF doc Postfix:
http://www.postfix.org/TLS_README.html
"The Postfix SMTP server supports 5 distinct cipher grades as specified
by the smtpd_tls_mandatory_ciphers configuration parameter, which
determines the minimum cipher grade with mandatory TLS encryption. The
default minimum cipher grade for mandatory TLS is "medium" which is
essentially 128-bit encryption or better. The smtpd_tls_ciphers
parameter (Postfix ≥ 2.6) controls the minimum cipher grade used with
opportunistic TLS. Here, the default minimum cipher grade is "medium"
for Postfix releases after the middle of 2015, "export" for older
Postfix releases. With Postfix < 2.6, the minimum opportunistic TLS
cipher grade is always "export"."
http://www.postfix.org/postconf.5.html#smtpd_tls_ciphers

Thus, to make the hardening effective with your configuration, could
you add the following parameter to the section P31:
smtpd_tls_ciphers=high

After reloading Postfix with this additionnal parameter, all
vulnerabilities scan are OK and I checked that the ciphers being used
are driven by the tls_high_cipherlist.

Kind regards,

Guillaume REMBERT