Loading ...
Sorry, an error occurred while loading the content.

Re: Exim, DH, GnuTLS & interop

Expand Messages
  • Viktor Dukhovni
    ... Thanks, this is very useful. So the Postfix work-around for servers that want to receive email over TLS from the broken Debian systems is: # cd
    Message 1 of 10 , Sep 3, 2013
    • 0 Attachment
      On Tue, Sep 03, 2013 at 12:41:46PM -0700, Phil Pennock wrote:

      > Okay, I have identified the root cause. The systems that need to be
      > placated are older Debian installs, and the method should be broadly
      > compatible.
      >
      > Debian used to patch, in their build system, the value passed to
      > gnutls_dh_set_prime_bits() from 1024 to 2048. This is the value of the
      > size of the DH parameters which is the "minimum considered acceptable".
      > So Debian broke interop with "66_enlarge-dh-parameters-size.dpatch".

      Thanks, this is very useful. So the Postfix work-around for servers
      that want to receive email over TLS from the broken Debian systems is:

      # cd /etc/postfix
      # openssl dhparam -out dh2048.pem 2048
      # postconf -e 'smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem'

      If your openssl(1) version is 1.0.0 or higher, your server may
      perform faster if you generate DSA-style parameters:

      # openssl dhparam -dsaparam -out dh2048.pem 2048

      The "smtpd_tls_dh1024_param_file" is in effect the DH parameter
      set for all non-export cipher-suites. It is OK to use a 2048-bit
      prime group in this context, provided the CPU cost is acceptable
      (generally TLS handshake CPU cost is not on the critical path for
      SMTP throughput) and no SMTP clients choke on the larger DH prime.

      No changes should be necessary for the default Postfix EECDH curve,
      it is strong enough to meet the default lower bounds for GnuTLS,
      and Debian likely did not patch this value (in GnuTLS rather than Exim).

      Only the "Ultra" priority String in GnuTLS requires EC curves with
      more than 256-bits:

      {
      "Ultra", /* Name */
      GNUTLS_SEC_PARAM_ULTRA, /* Enum */
      256, /* Symmetric bits */
      15424, /* RSA/EDH modulus bits */
      3072, /* DSA bits */
      512, /* subgroup bits */
      512 /* EC bits */
      },

      We can reasonably assume that no MTA is configured to use the
      "Ultra" security level as a default for all Internet destinations.

      --
      Viktor.
    Your message has been successfully submitted and would be delivered to recipients shortly.