Univention Bugzilla – Full Text Bug Listing |
Summary: | Enable perfect forward secrecy | ||
---|---|---|---|
Product: | UCS | Reporter: | Sönke Schwardt-Krummrich <schwardt> |
Component: | Assignee: | Felix Botner <botner> | |
Status: | CLOSED FIXED | QA Contact: | Erik Damrose <damrose> |
Severity: | normal | ||
Priority: | P5 | CC: | gohmann, grandjean, hahn, walkenhorst |
Version: | UCS 3.2 | ||
Target Milestone: | UCS 3.2-3-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=37459 | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 35924 |
Description
Sönke Schwardt-Krummrich
2014-09-15 09:17:03 CEST
Added the following ucr variables: /etc/postfix/main.cf: * mail/postfix/smtpd/tls/dh1024/param/file (/etc/postfix/dh_2048.pem) * mail/postfix/smtpd/tls/dh512/param/file (/etc/postfix/dh_512.pem) * mail/postfix/smtpd/tls/eecdh/grade (strong * mail/postfix/tls/preempt/cipherlist (yes) * mail/postfix/smtpd/tls/loglevel (1) * mail/postfix/smtp/tls/loglevel (1) /etc/cron.d/univention-mail-postfix: * mail/postfix/cron/recreate/dh/parameter (0 4 * * *) During installation (and this update) DH paramter files are created (/etc/postfix/dh_*.pem). A cron job /etc/cron.d/univention-mail-postfix has been added to daily recreate the DH paramter files/reload postfix. To verify that Perfect Forward Secrecy is used, the openssl s_client command -> openssl s_client -starttls smtp -crlf -connect 127.0.0.1:25 should return a Cipher starting with DHE (UCS 3.2) or ECDHE (UCS 4.0) YAML: 2014-09-22-univention-mail-postfix.yaml Merged to ucs-4.0-0 The UCS-4 installation stalls for a long time while the key material is created. It also prints a lot of '.' lines (5856) to stdout, which get logged to /var/log/syslog during installation: # grep 'in-target: \. *$' /var/log/syslog | sed -ne '1p;$p' Oct 2 08:41:57 in-target: . Oct 2 08:45:25 in-target: . Running the key generation commands in a cron job also depletes the kernel random pool for /dev/random (which MUST be used for key generation). Especially virtual machines are short on sources for true random data, which might lead to additional stalls. Newer QEMU versions provide a VirtIO device for random, but by that the problem is only moved into the host server; an EGD can be installed there. # cat /proc/sys/kernel/random/entropy_avail 870 (In reply to Philipp Hahn from comment #2) > The UCS-4 installation stalls for a long time while the key material is > created. It also prints a lot of '.' lines (5856) to stdout, which get > logged to /var/log/syslog during installation: > # grep 'in-target: \. *$' /var/log/syslog | sed -ne '1p;$p' > Oct 2 08:41:57 in-target: . > Oct 2 08:45:25 in-target: . openssl gendh output is redirected to dev/null during installation and the default for the recreation cron interval is now 0 4 * * 0 (weekly) > > Running the key generation commands in a cron job also depletes the kernel > random pool for /dev/random (which MUST be used for key generation). > Especially virtual machines are short on sources for true random data, which > might lead to additional stalls. Newer QEMU versions provide a VirtIO device > for random, but by that the problem is only moved into the host server; an > EGD can be installed there. > > # cat /proc/sys/kernel/random/entropy_avail > 870 All OpenSSL versions try to use /dev/urandom by default, As discussed, please - Remove the generation of the 1024bit file, as it is not used. This will reduce the overall time required for key generation - Set the umask of the generated files to 0644. - mail/postfix/smtpd/tls/loglevel and mail/postfix/smtp/tls/loglevel should be initialized with 0 - tls_preempt_cipherlist is only supported in postfix 2.8 and later (UCS 3.2 uses 2.7); smtpd_tls_eecdh_grade is supported in postfix 2.6. At least move the comment in the template (In reply to Erik Damrose from comment #4) > As discussed, please > - Remove the generation of the 1024bit file, as it is not used. This will > reduce the overall time required for key generation > - Set the umask of the generated files to 0644. > - mail/postfix/smtpd/tls/loglevel and mail/postfix/smtp/tls/loglevel should > be initialized with 0 > - tls_preempt_cipherlist is only supported in postfix 2.8 and later (UCS 3.2 > uses 2.7); smtpd_tls_eecdh_grade is supported in postfix 2.6. At least move > the comment in the template OK removed mail/postfix/smtpd/tls/eecdh/grade and mail/postfix/tls/preempt/cipherlist from 3.2-3 as they are not support by postfix/openssl. Added changelog entry for 4.0. OK: openssl s_client -starttls smtp -crlf -connect localhost:25 UCS 3.2: Cipher is DHE-RSA-AES256-SHA UCS 4.0: Cipher is ECDHE-RSA-AES256-GCM-SHA384 (In reply to Felix Botner from comment #3) > All OpenSSL versions try to use /dev/urandom by default, OK: https://www.openssl.org/support/faq.html#USER1 -> reduced key generation time by skipping unused 1024bit key OK: Removed UCRV options from UCS 3.2 that are not available OK: Changelog OK: r55485 Only release for 3.2-3 errata Verified |