Univention Bugzilla – Bug 38043
Postfix: Prohibiting RC4 Cipher Suites as prescribed in RFC7465
Last modified: 2016-09-21 18:10:21 CEST
Hey there, The IETF has published[1] an RFC in which it explicitely prohibits the RC4 algorithm with MUST NOT. So now is the right time to review the TLS ciphers in postfix and disabling RC4. A small helper script[2] shows that disabling RC4 is not currently transposed in UCS Postfix: root@zarafa:~# ./ssltest.sh 127.0.0.1 25 smtp |grep RC4 AECDH-RC4-SHA SSLv3 Kx=ECDH Au=None Enc=RC4(128) Mac=SHA1 ADH-RC4-MD5 SSLv3 Kx=DH Au=None Enc=RC4(128) Mac=MD5 ECDHE-RSA-RC4-SHA SSLv3 Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1 RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 EXP-ADH-RC4-MD5 SSLv3 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export root@zarafa:~# Disabling RC4 is easy[3], just restart postfix after adding 2 small config snippets to main.cf: # TLS Server smtpd_tls_exclude_ciphers = RC4, aNULL # TLS Client smtp_tls_exclude_ciphers = RC4, aNULL No more RC4 ciphers found, after adding the config snippet: root@zarafa:~# ./ssltest.sh 127.0.0.1 25 smtp |grep RC4 root@zarafa:~# As with Bug 37566 [4], I'm going to write a patch for that issue. This patch prohibits RC4 by default, but introduces a new configuration variable which explicitely allows the use of RC4 in case of unwanted side effects. (During my research for possible problems caused by the shutdown of RC4 nothing was found.) best regards Lutz Willek [1]: https://tools.ietf.org/rfc/rfc7465.txt [2]: http://www.tuxad.de/scripts/ssltest.sh [3]: http://de.postfix.org/pipermail/postfix-users/2015-February/004657.html [4]: https://forge.univention.org/bugzilla/show_bug.cgi?id=37566
Created attachment 6761 [details] Patch prohibiting the use of RC4 cipher suites in postfix RC4 is cryptographically broken and must no longer be used. Such ciphers would not be negiotiated due to MUAs preference anyway. If the TLS client only offers RC4 cipher suites, the TLS server MUST terminate the handshake. In order to maintain the security guarantees of the TLS protocol, IETF RFC-7465 explicitely requires this behaviour, which will be guaranteed by applying this patch. Postfix also supports configurations with no server certificates that use only the anonymous ciphers. By default anonymous ciphers (not supported by typical SMTP clients) are enabled in Postfix. (http://www.postfix.org/TLS_README.html) This behaviour will be disabled by applying this patch. This patch will disable the following cipher suites on the server side: AECDH-RC4-SHA ADH-RC4-MD5 ECDHE-RSA-RC4-SHA RC4-SHA RC4-MD5 EXP-ADH-RC4-MD5 EXP-RC4-MD5 Please review. If possible, please apply this patch to UCS 4.0-1-errata. Best Regards Lutz Willek
apply and test the patch: root@zarafa:~# apt-get install patch ## create a backup root@zarafa:~# cp /etc/postfix/main.cf /etc/postfix/main.cf.orig root@zarafa:~# postconf >postconf.orig root@zarafa:~# mkdir /etc/univention/templates/files/etc/postfix/main.cf.d_orig root@zarafa:~# cp -a /etc/univention/templates/files/etc/postfix/main.cf.d/60_tls \ /etc/univention/templates/files/etc/postfix/main.cf.d_orig/60_tls ## set new default variables root@zarafa:~# ucr set mail/postfix/smtpd/tls/exclude_ciphers="RC4, aNULL" root@zarafa:~# ucr set mail/postfix/tls/client/exclude_ciphers="RC4, aNULL" ## patch and commit root@zarafa:~# patch -p0 < postfix_tls_exclude_ciphers.patch /etc/univention/templates/files/etc/postfix/main.cf.d/60_tls root@zarafa:~# ucr commit /etc/postfix/main.cf root@zarafa:~# service postfix restart ## diff to original main.cf and postconf after patching root@zarafa:~# diff /etc/postfix/main.cf.orig /etc/postfix/main.cf 104a105 > smtp_tls_exclude_ciphers = RC4, aNULL 120a122 > smtp_tls_exclude_ciphers = RC4, aNULL root@zarafa:~# postconf >postconf.diff root@zarafa:~# diff postconf.orig postconf.diff 586c586 < smtp_tls_exclude_ciphers = --- > smtp_tls_exclude_ciphers = RC4, aNULL 683c683 < smtpd_tls_exclude_ciphers = --- > smtpd_tls_exclude_ciphers = RC4, aNULL root@zarafa:~# ^^^patch works like expected ## allow the use of RC4 (in case of unwanted side effects) root@zarafa:~# ucr set mail/postfix/smtpd/tls/exclude_ciphers="" root@zarafa:~# ucr set mail/postfix/tls/client/exclude_ciphers="" root@zarafa:~# ucr commit /etc/postfix/main.cf root@zarafa:~# service postfix restart ## diff to original main.cf and postconf after allowing the use of RC4 root@zarafa:~# diff /etc/postfix/main.cf.orig /etc/postfix/main.cf 104a105 > smtpd_tls_exclude_ciphers = 120a122 > smtp_tls_exclude_ciphers = root@zarafa:~# postconf >postconf.diff root@zarafa:~# diff postconf.orig postconf.diff root@zarafa:~# ^^^patch works like expected
description of the variables mail/univention-mail-postfix/debian/univention-mail-postfix.univention-config-registry-variables [mail/postfix/smtpd/tls/exclude_ciphers] Description[de]=Liste der Verschlüsselungstypen, die aus der SMTP-Server Cipher Liste auf allen TLS Sicherheitsstufen ausgenommen sind, siehe http://www.postfix.org/postconf.5.html#smtpd_tls_exclude_ciphers. Standard ist "RC4, aNULL" Description[en]=List of ciphers or cipher types to exclude from the SMTP server cipher list at all TLS security levels as described in http://www.postfix.org/postconf.5.html#smtpd_tls_exclude_ciphers. Defaults to "RC4, aNULL" Type=str Categories=service-mail [mail/postfix/tls/client/exclude_ciphers] Description[de]=Liste der Verschlüsselungstypen, die aus der SMTP-Client Cipher Liste auf allen TLS Sicherheitsstufen ausgenommen sind, siehe http://www.postfix.org/postconf.5.html#smtp_tls_exclude_ciphers. Standard ist "RC4, aNULL" Description[en]=List of ciphers or cipher types to exclude from the Postfix SMTP client cipher list at all TLS security levels as described in http://www.postfix.org/postconf.5.html#smtp_tls_exclude_ciphers. Defaults to "RC4, aNULL" Type=str Categories=service-mail /mail/univention-mail-postfix/debian/univention-mail-postfix.univention-config-registry ... Type: subfile Multifile: etc/postfix/main.cf Subfile: etc/postfix/main.cf.d/60_tls ... Variables: mail/postfix/tls/client/exclude_ciphers Variables: mail/postfix/smtpd/tls/exclude_ciphers
@Daniel, can you review and apply the patch please. If everything is fine you can commit it and build for UCS 4.0-1-errata.
Thank you for the patch - it has been applied. RC4 Cipher Suites will be excluded from all TLS security levels. Adds UCR variables mail/postfix/tls/client/exclude_ciphers and mail/postfix/smtpd/tls/exclude_ciphers and sets them by default to "RC4, aNULL". Commit: r59867 Package: mail/univention-mail-postfix YAML: 2015-04-16-univention-mail-postfix.yaml
OK: code change OK: short functional test OK: UCR variables OK: YAML
<http://errata.univention.de/ucs/4.0/183.html>