Loading ...
Sorry, an error occurred while loading the content.

Re: Exim, DH, GnuTLS & interop

Expand Messages
  • Peer Heinlein
    Am 03.09.2013 21:41, schrieb Phil Pennock: Hi, ... Great. Thanks to Phil and Viktor for their great work. Really THANKS. Debian should release a security fix
    Message 1 of 10 , Sep 3, 2013
    • 0 Attachment
      Am 03.09.2013 21:41, schrieb Phil Pennock:


      Hi,

      > Debian used to patch, in their build system, the value passed to
      > gnutls_dh_set_prime_bits() from 1024 to 2048. This is the value of the
      > size of the DH parameters which is the "minimum considered acceptable".
      > So Debian broke interop with "66_enlarge-dh-parameters-size.dpatch".
      >
      > Those maintaining Exim/Postfix setups should upgrade Exim to a recent
      > version; after my overhaul back in 4.80, Debian stopped changing the
      > value in their patches.

      Great. Thanks to Phil and Viktor for their great work. Really THANKS.

      Debian should release a security fix update for their old packages...
      That would be the best, fastest and most secure way to solve the problem
      finally.

      Peer


      --
      Heinlein Support GmbH
      Schwedter Str. 8/9b, 10119 Berlin

      http://www.heinlein-support.de

      Tel: 030 / 405051-42
      Fax: 030 / 405051-19

      Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht
      Berlin-Charlottenburg,
      Geschäftsführer: Peer Heinlein -- Sitz: Berlin
    • Viktor Dukhovni
      ... Thanks, this is very useful. So the Postfix work-around for servers that want to receive email over TLS from the broken Debian systems is: # cd
      Message 2 of 10 , Sep 3, 2013
      • 0 Attachment
        On Tue, Sep 03, 2013 at 12:41:46PM -0700, Phil Pennock wrote:

        > Okay, I have identified the root cause. The systems that need to be
        > placated are older Debian installs, and the method should be broadly
        > compatible.
        >
        > Debian used to patch, in their build system, the value passed to
        > gnutls_dh_set_prime_bits() from 1024 to 2048. This is the value of the
        > size of the DH parameters which is the "minimum considered acceptable".
        > So Debian broke interop with "66_enlarge-dh-parameters-size.dpatch".

        Thanks, this is very useful. So the Postfix work-around for servers
        that want to receive email over TLS from the broken Debian systems is:

        # cd /etc/postfix
        # openssl dhparam -out dh2048.pem 2048
        # postconf -e 'smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem'

        If your openssl(1) version is 1.0.0 or higher, your server may
        perform faster if you generate DSA-style parameters:

        # openssl dhparam -dsaparam -out dh2048.pem 2048

        The "smtpd_tls_dh1024_param_file" is in effect the DH parameter
        set for all non-export cipher-suites. It is OK to use a 2048-bit
        prime group in this context, provided the CPU cost is acceptable
        (generally TLS handshake CPU cost is not on the critical path for
        SMTP throughput) and no SMTP clients choke on the larger DH prime.

        No changes should be necessary for the default Postfix EECDH curve,
        it is strong enough to meet the default lower bounds for GnuTLS,
        and Debian likely did not patch this value (in GnuTLS rather than Exim).

        Only the "Ultra" priority String in GnuTLS requires EC curves with
        more than 256-bits:

        {
        "Ultra", /* Name */
        GNUTLS_SEC_PARAM_ULTRA, /* Enum */
        256, /* Symmetric bits */
        15424, /* RSA/EDH modulus bits */
        3072, /* DSA bits */
        512, /* subgroup bits */
        512 /* EC bits */
        },

        We can reasonably assume that no MTA is configured to use the
        "Ultra" security level as a default for all Internet destinations.

        --
        Viktor.
      Your message has been successfully submitted and would be delivered to recipients shortly.