mail-in-a-box
Update various TLS-related settings and use standard DH params file
Updated to reflect:
https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
Disabling DH per:
https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/#ssl-security-settings
The TLS settings are complicated and I'm not an expert, so I want to make sure we're careful about this.
While the Dovecot docs recommend disabling the DH parameters file, I think what they mean is that if you also follow that page's advice to skip DH ciphers, then you can disable the DH parameters file. But the updated cipher list from Mozilla still includes two DHE- ciphers, which are the sort of ciphers that use the DH parameters file. (I didn't know this - I had to ask a friend just now.)
So I think we keep the ssl_dh parameters as they were and just go with the change to the cipher list.
But we should also implement this change, if needed, across all of the other TLS services so that everything is consistent. If I recall right, all of the other services are handled by just nginx and postfix (but just on the submission ports 465/587, since port 25 tracks the more relaxed Mozilla "Old backward compatibility" recommendation). You can look at the commit history to see how I last updated nginx and postfix.
So I think we keep the ssl_dh parameters as they were and just go with the change to the cipher list.
I've commited a patch to point Dovecot to the provided dhparams file already existing for nginx and other apps.
But we should also implement this change, if needed, across all of the other TLS services so that everything is consistent. If I recall right, all of the other services are handled by just nginx and postfix (but just on the submission ports 465/587, since port 25 tracks the more relaxed Mozilla "Old backward compatibility" recommendation). You can look at the commit history to see how I last updated nginx and postfix.
I checked it out, and I think I've got everything. The tricky one was postfix, which allows the 'old' parameter list for some connections.
Thanks so much! I will try it out on my box before merging (so it might be a while before I get a chance and come back to this PR).
I went back and used the configuration generator to really make sure we have all the settings correct for SSL. I found some errors in the cipher lists, which I fixed. I also updated some parameters that were missing from the nginx conf file
This actually just brings us back to the cipher list we already had. After some research, it seems the confusion is that you had concatenated the TLS 1.3 ciphersuites to the start of the cipher lists, while the generator doesn't, and it seems like specifying the TLS 1.3 ciphersuites isn't necessary. They are all on by default and are configured separately from the TLS 1.2 ciphers. At least for nginx: https://dustri.org/b/disabling-128-bits-ciphers-on-tls13-on-nginx.html. I assume dovecot and postfix work similarly.
The remaining changes in this PR are:
ssl_session_tickets off;in nginx.- Decreasing the nginx tls session cache size.
- Increasing HSTS max-age.
- Using ffdhe4096.
I am going to hold off on these changes.
But I'll actually keep the original part that has dovecot use the same dh_params file as the other services so that the services are all consistent. I'll push that to the jammyjellyfish branch directly.
Merged jammyjellyfish2204 to get recent updates and cleaned up the merge conflicts.