DevHeads.net

possible to reach hardenize's requirements?

The site <a href="https://hardenize.com" title="https://hardenize.com">https://hardenize.com</a> provides relatively decent Email reports,
along with other reports. It checks a number of things including certs,
MTA-STS, TLS-RPT, DANE, SPF, DMARC, and then also TLS. These are all
good checks and recommendations, with the exception of the TLS one, I do
not see how its possible to meet their standards, and provide an email
server on the internet. However, I could be wrong, so I'm interested to
know if I am.

1. TLS versions: They don't like that TLS v1.1 and v1.0 are possible. If
you turn this off, then those clients that only support v1.2 will fall
back to clear-text, this is not optimal. I don't see a way around this
one.

2. Server suite preferences: they break down each preferred cipher
selection for each TLS verison, and are unhappy about the cipher suite
configuration being suboptimal, specifically that the forward secrecy
ciphers (ECDHE or DHE) and authenticated encryption (GCM or CHACHA20)
are not 'at the top' of the cipher preferences.

I know its possible to set `tls_preempt_cipher_list=yes` and risk
Windows 2003 Microsoft Exchange clients having an issue[0]. But, to get
the preferences to order the forward secrecy and auth encryption ciphers
first, I'd have to specify a custom cipherlist with
tls_medium_cipherlist, which would be ugly[0]. It is also unclear how
this would work with tls1.2, vs. tls1.1 vs. tls1.0 (for example tls1.2
has TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 and if I set that as the
first cipher in tls_medium_cipherlist, what happens with tls1.1 and
tls1.0, which does not support that cipher?).

I know that 'hardening postfix' threads have been posted here a number
of times, I've read them and I understand the recommendations if you
want to continue delivering and accepting email from the internet. What
I'm trying to find out if there is a way to thread the needle: favor
"better" ciphers, while limiting the impact to ancient software. I say
'limit' because I realize that even just turning on
`tls_preempt_cipher_list=yes` will already cause problems with Windows
2000 Microsoft Exchange, but I feel that may be an acceptable trade-off
at this point.

micah

0. <a href="http://www.postfix.org/postconf.5.html#tls_preempt_cipherlist" title="http://www.postfix.org/postconf.5.html#tls_preempt_cipherlist">http://www.postfix.org/postconf.5.html#tls_preempt_cipherlist</a>

1. not even sure this would be the right format, but this would be the order:

tls_medium_cipherlist=TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_RSA_WITH_AES_128_CBC_SHA:TLS_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_DHE_RSA_WITH_AES_128_CBC_SHA:TLS_DHE_RSA_WITH_AES_256_CBC_SHA:TLS_RSA_WITH_AES_128_CBC_SHA256:TLS_RSA_WITH_AES_256_CBC_SHA256:TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA:TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384:TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA:TLS_RSA_WITH_SEED_CBC_SHA:TLS_DHE_RSA_WITH_SEED_CBC_SHA:TLS_RSA_WITH_AES_128_GCM_SHA256:TLS_RSA_WITH_AES_128_CCM:TLS_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_CCM:TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:TLS_DHE_RSA_WITH_AES_128_CCM:TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:TLS_DHE_RSA_WITH_AES_256_CCM:TLS_RSA_WITH_AES_128_CCM_8:TLS_RSA_WITH_AES_256_CCM_8:TLS_DHE_RSA_WITH_AES_128_CCM_8:TLS_DHE_RSA_WITH_AES_256_CCM_8:TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256:TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256:TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256

Comments

Re: possible to reach hardenize's requirements?

By Scott Kitterman at 04/12/2019 - 11:09

On Friday, April 12, 2019 10:46:50 AM micah anderson wrote:
If I followed their DMARC recommendation, that would translate into 90% of the
mail I send getting spam foldered or rejected. At a glance, I'm not convinced
this is any more than "let's make a list of all the things". For the parts I
looked at, I don't thinks it's all well thought through.

Scott K

Re: possible to reach hardenize's requirements?

By Micah Anderson at 04/12/2019 - 11:02

micah anderson < ... at riseup dot net> writes:

I'll note that gmail.com[0] does manage to reach this requirement, they
prefer ciphers for each tls version, and only seem to present 10 ciphers
for tls1.2, and 5 for tls1.1 and tls1.0.

I feel like if gmail is limiting their ciphers to those few, it must be
relatively safe for others to do so as well.

0. <a href="https://www.hardenize.com/report/gmail.com/1554931211#email_tls" title="https://www.hardenize.com/report/gmail.com/1554931211#email_tls">https://www.hardenize.com/report/gmail.com/1554931211#email_tls</a>