search

baruwaproject / baruwa2

Baruwa 2.0
http://www.baruwa.org
GNU General Public License v3.0
21 stars 9 forks source link

TLS settings #159

Closed freakynl closed 2 years ago

freakynl commented 2 years ago

By default there's quite a few ciphers/key exchange/TLS levels that are deemed insecure by NCSC for example.

Would be nice if the default would be more secure.

I'd propose:

NONE:PFS:%SERVER_PRECEDENCE:+VERS-TLS1.3:+VERS-TLS1.2:+ECDHE-ECDSA:+ECDHE-RSA:+AES-256-GCM:+CHACHA20-POLY1305:+AES-128-GCM:-AES-256-CCM:-AES-128-CCM:+AEAD:+SHA384:+SHA256:-SHA1:+GROUP-SECP384R1:+GROUP-SECP256R1:+GROUP-X25519:-GROUP-FFDHE3072:-GROUP-FFDHE 2048

Results in:

Supported Server Cipher(s): Preferred TLSv1.3 256 bits TLS_AES_256_GCM_SHA384 Curve P-256 DHE 256 Accepted TLSv1.3 256 bits TLS_CHACHA20_POLY1305_SHA256 Curve P-256 DHE 256 Accepted TLSv1.3 128 bits TLS_AES_128_GCM_SHA256 Curve P-256 DHE 256 Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256 Accepted TLSv1.2 256 bits ECDHE-RSA-CHACHA20-POLY1305 Curve P-256 DHE 256 Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256 Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 4096 bits Accepted TLSv1.2 256 bits DHE-RSA-CHACHA20-POLY1305 DHE 4096 bits Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 4096 bits Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 4096 bits Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 4096 bits

Server Key Exchange Group(s): TLSv1.3 128 bits secp256r1 (NIST P-256) TLSv1.3 192 bits secp384r1 (NIST P-384) TLSv1.3 260 bits secp521r1 (NIST P-521) TLSv1.3 128 bits x25519 TLSv1.3 224 bits x448 TLSv1.3 150 bits ffdhe4096 TLSv1.3 175 bits ffdhe6144 TLSv1.3 192 bits ffdhe8192 TLSv1.2 128 bits secp256r1 (NIST P-256) TLSv1.2 192 bits secp384r1 (NIST P-384) TLSv1.2 260 bits secp521r1 (NIST P-521) TLSv1.2 128 bits x25519 TLSv1.2 224 bits x448

tomtakan commented 2 years ago

When the admin turns on the Disable Legacy SMTP TLS protocols option the ciphers/key exchange that is configured passed the NCSC test. That however means mail is either lost in some cases or sent via plain text.