There are already several articles about perfect forward secrecy and safe ssl configuration with according recommendations on the net, like this

But I missed somehow a short overview for me with verification instructions and all information links in one place. So this article is going to cover Perfect Forward Secrecy(PFS) for the software: apache, postfix, dovecot and represents somehow a summary over different information.

Apache

  • ensure you have Apache >=2.2.26. Apache versions below doesn’t support ECC and ECDH which are used for Forward Secrecy implementation.
  • You should have openssl >= 1.0.0
  • Switch everything to HTTPS only, avoid any mixed content. We will enforce the HSTS policy
  • Add following things to your SSL configuration within apache, we keep RC4 as the last option and SSLv3 to have compatibility to the Windows XP clients.
1
2
3
4
5
6
7
8
9
10
11
12
13
#don't allow SSLv2 and SSLv3, its unsecure
SSLProtocol all -SSLv2 -SSLv3
#enforce the server cipher preference, don't trust the client config
SSLHonorCipherOrder on
#allowed cipher suites
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 \
EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 \
EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
#don't use sslcompression, its unsecure
SSLCompression off
#Enable HTTP strict transport security policy(HSTS):
# don't allow any unencrypted communication here and on the subdomains
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
  • Restart apache and test your configuration

Postfix

1
2
openssl gendh -out /etc/postfix/dh_512.pem -2 512
openssl gendh -out /etc/postfix/dh_1024.pem -2 1024
  • update the ssl settings in the main.cf
    • we don’t change the smtp client configuration to avoid any problems with outband mails. Target system has to provide the prefered encryption, not us
    • in my configuration smtpd_tls_security_level=encrypt is configured for port 587 as MSA for client submission and smtpd_tls_security_level=may is configured for port 25 as MTA for accepting inbound mails. We don’t disallow any ciphers for MTA, as the alternative is plain-text. If you want to enforce strong ciphers uncomment the lines with smtpd_tls_security_level=may
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
#the dh params
smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem
smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
#enable ECDH
smtpd_tls_eecdh_grade = strong
#enabled SSL protocols, don't allow SSLv2 and SSLv3
smtpd_tls_protocols= !SSLv2, !SSLv3
smtpd_tls_mandatory_protocols= !SSLv2, !SSLv3
#allowed ciphers for smtpd_tls_security_level=encrypt
smtpd_tls_mandatory_ciphers = high
#allowed ciphers for smtpd_tls_security_level=may
#smtpd_tls_ciphers = high
#enforce the server cipher preference
tls_preempt_cipherlist = yes
#disable following ciphers for smtpd_tls_security_level=encrypt
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL
#disable following ciphers for smtpd_tls_security_level=may
#smtpd_tls_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL
#enable TLS logging to see the ciphers for inbound connections
smtpd_tls_loglevel = 1
#enable TLS logging to see the ciphers for outbound connections
smtp_tls_loglevel = 1
  • restart postfix and test your configuration
  • this configuration works for me for Thunderbird and Kaiten Mail/K9-Mail without problems

Dovecot

  • you should have openssl >=1.0.0 dovecot >=2.1.x required, better dovecot >=2.2.x because of ECDHE support
  • Dovecot tryies to use PFS by default, so besides the enabled SSL almost no actions are required
  • change the log settings to see the cipher, grep for a login_log_format_elements in dovecot configs and add %k to it
1
login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k"
  • configure the allowed ciphers. Server side enforcement works only for dovecot >=2.2.6
1
2
3
4
5
ssl_cipher_list = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4
#only for dovecot >=2.2.6, enforce the server cipher preference
ssl_prefer_server_ciphers = yes
#disable SSLv2 and SSLv3
ssl_protocols = !SSLv2 !SSLv3
  • restart dovecot and test the configuration
  • this configuration works for me for Thunderbird and Kaiten Mail/K9-Mail without problems

Testing

You can verify the configuration via different ways

  • for https you can use the great SSLLabs test site
  • you can test it with openssl client to verify the specific protocol/cipher
1
2
3
4
5
6
7
8
9
10
#a help page with all possible options
openssl s_client --help
#https
openssl s_client -connect [server]:443
#try SSLv2 with https which shouldn't work
openssl s_client -connect [server]:443 -ssl2
#smtp with starttls
openssl s_client -starttls smtp -connect [server]:25
#imap
openssl s_client -starttls imap -connect [server]:143
  • I found a script which can be used for a entire scan
  • you can use the sslscan for https and smtp to scan all options (only smtp is supported with starttls)
1
2
3
4
#test https
sslscan [server]:443
#test smtp with starttls
sslscan --starttls [server]:25
  • I didn’t try it, but you can take a look to a fork of sslscan or sslyze which should support imap with startssl

Updated on 18.11.2014 with SSLv3 due to Poodle

See too

Comments