Closed DavidePrincipi closed 6 years ago
list of services to concentrate effort (now), once the prop name will be found, and possible settings httpd see https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
SSLProtocol all -SSLv2 -SSLv3
#SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!SEED:!IDEA
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
SSLCompression Off
postfix see https://github.com/NethServer/dev/issues/5420 and http://www.postfix.org/TLS_README.html#server_cipher & http://www.postfix.org/TLS_README.html#client_cipher
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_protocols=!SSLv2,!SSLv3
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
smtp_tls_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_exclude_ciphers = RC4, MD5
ssl_cipher_list = HIGH:!LOW:!SSLv2:!SSLv3:!EXP!aNULL:!MD5
ssl_prefer_server_ciphers = yes
ssh see https://infosec.mozilla.org/guidelines/openssh.html
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
Let's discuss the service list on community!
https://community.nethserver.org/t/gdpr-and-ssl-hardening/9006/17
Could you also provide any reference for the configurations above? Just a list of URLs to add to READMEs for future reference and to discuss on community...
some reading https://bettercrypto.org/static/applied-crypto-hardening.pdf, website at https://bettercrypto.org
in 7.4.1708/testing
:
in 7.4.1708/testing
:
in 7.4.1708/testing
:
in 7.4.1708/testing
:
in 7.4.1708/testing
:
For QA, loved this tool
to test if the ssl is hardened, install testssl and check with it IF the policy 2018-03-30 is well applied by comparing the cipher value wanted in configuration files and the ciphers found.
yum install git git clone --depth 1 https://github.com/drwetter/testssl.sh.git cd testssl.sh/
https (tls 1.0,tls1.1,tls1.2)
check for cipher selection 2018-03-30 in /etc/httpd/conf.d/nethserver.conf and compare
./testssl.sh 127.0.0.1:443
httpd-admin (must be only tls1.2)
check for cipher selection 2018-03-30 in /etc/httpd/admin-conf/httpd.conf and compare
./testssl.sh 127.0.0.1:980
ports for smtp check for cipher selection 2018-03-30 in /etc/postfix/main.cf and compare
./testssl.sh -t smtp 127.0.0.1:25
./testssl.sh -t smtp 127.0.0.1:587
imap and pop3 check for cipher selection 2018-03-30 in /etc/dovecot/dovecot.conf and compare
./testssl.sh -t imap 127.0.0.1:143
./testssl.sh -t pop3 127.0.0.1:110
sshd
check for cipher selection 2018-03-30 in /etc/ssh/sshd_config and compare
sshd -T
or more precise
ssh -Q cipher
ssh -Q cipher-auth
ssh -Q mac
ssh -Q kex
ssh -Q key
Dovecot OK, tested using nmap (https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html)
Port 110:
nmap -sV --script ssl-enum-ciphers -p 110 nethservice.nethesis.it Starting Nmap 7.60 ( https://nmap.org ) at 2018-03-30 10:26 CEST Nmap scan report for nethservice.nethesis.it (192.168.5.252) Host is up (0.00024s latency). rDNS record for 192.168.5.252: imap.nethesis.it
PORT STATE SERVICE VERSION 110/tcp open pop3 Dovecot pop3d | ssl-enum-ciphers: | TLSv1.0: | ciphers: | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp384r1) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: server | TLSv1.1: | ciphers: | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp384r1) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: server | TLSv1.2: | ciphers: | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp384r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp384r1) - A | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp384r1) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp384r1) - A | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp384r1) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBCSHA (rsa 2048) - A | compressors: | NULL | cipher preference: server | least strength: A
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 1.00 seconds
Port 143:
nmap -sV --script ssl-enum-ciphers -p 143 nethservice.nethesis.it
Starting Nmap 7.60 ( https://nmap.org ) at 2018-03-30 10:09 CEST Nmap scan report for nethservice.nethesis.it (192.168.5.252) Host is up (0.00017s latency). rDNS record for 192.168.5.252: imap.nethesis.it
PORT STATE SERVICE VERSION 143/tcp open imap Dovecot imapd | ssl-enum-ciphers: | TLSv1.0: | ciphers: | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp384r1) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: server | TLSv1.1: | ciphers: | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp384r1) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: server | TLSv1.2: | ciphers: | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp384r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp384r1) - A | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp384r1) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp384r1) - A | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp384r1) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBCSHA (rsa 2048) - A | compressors: | NULL | cipher preference: server | least strength: A
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 1.12 seconds
Postfix is OK, but still we have many vulnerable ciphers in place. Such ciphers can't be removed because we need to support old clients.
NULL should not be there IIRC can you test with testssl please @gsanchietti
Daemons configuration is good, the UI has still a cosmetic (but misleading) issue: after changing the policy, the modification is not reflected in the page until a refresh (F5). @DavidePrincipi is already investigating, it's probably a bug inside the NethGUI framework.
Let's stay with a safer cipher list for postfix, restricting more the list of available cipher should be well tested.
See also: https://community.nethserver.org/t/tls-policy-page/9500/2?u=giacomo
in 7.4.1708/testing
:
Packager note Add to RPM changelog
"certificate: add chain file to configuration backup" from commit https://github.com/NethServer/nethserver-base/commit/60c5d0ffbd3b11c40fb56389acf99f2714356723 by @gsanchietti
in 7.4.1708/testing
:
Verified.
in 7.4.1708/updates
:
Release of mail2 beta packages is blocked by #5437.
Almost three years have passed since POODLE vulnerability and modern clients do not user SSLv3 protocol any more. We can remove support for SSLv3, providing an option to turn it on again for legacy environments.
The default must be backward compatible, at least until the release of NethServer 7.5 ISO.