Bug#767203: postfix: default install vulnerable for POODLE TLS attack

Wed, 29 Oct 2014 02:55:27 -0700 

package: postfix
version: 2.9.6-2
tag: upstream
severity: critical

Hi,

The Postfix Debian package ships with a default list of supported TLS protocols
which makes it vulnerable to the POODLE TLS attack:

 % postconf smtp_tls_mandatory_protocols
 smtp_tls_mandatory_protocols = !SSLv2

This is the upstream default:

 % postconf -d smtp_tls_mandatory_protocols
 smtp_tls_mandatory_protocols = !SSLv2

Other vulnerable daemon settings are:

 lmtp_tls_mandatory_protocols = !SSLv2
 lmtp_tls_protocols = !SSLv2

 smtp_tls_mandatory_protocols = !SSLv2
 smtp_tls_protocols = !SSLv2

 smtpd_tls_mandatory_protocols = !SSLv2

It would be nice if postfix would ship with a /etc/postfix/main.cf which
features

 tls_protocols = !SSLv2, !SSLv3

 smtp_tls_protocols = $tls_protocols
 smtp_tls_mandatory_protocols = $tls_protocols

 lmtp_tls_protocols = $tls_protocols
 lmtp_tls_mandatory_protocols = $tls_protocols

 smtpd_tls_protocols = $tls_protocols
 smtpd_tls_mandatory_protocols = $tls_protocols

 tlsproxy_tls_protocols = $tls_protocols
 tlsproxy_tls_mandatory_protocols = $tls_protocols

This would make the default install no longer vulnerable for POODLE.

Thanks to Wessel Dankers for reporting the problem to me, and suggesting the
mentioned fixes.

Thanks for maintaining the Postfix package, Bye,

Joost

PS: this bug is somewhat related to
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729188#103

PPS & FWIW: on https://blog.surfnet.nl/?p=3290 there's a more elaborate list of
current sane defaults.  Currently,

 tls_ciphers = 
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA
 lmtp_tls_ciphers = $tls_ciphers
 lmtp_tls_mandatory_ciphers = $tls_ciphers
 smtp_tls_ciphers = $tls_ciphers
 smtp_tls_mandatory_ciphers = $tls_ciphers
 smtpd_tls_ciphers = $tls_ciphers
 smtpd_tls_mandatory_ciphers = $tls_ciphers
 tlsproxy_tls_ciphers = $tls_ciphers
 tlsproxy_tls_mandatory_ciphers = $tls_ciphers

is sane too (but not future-proof).

Attachment: signature.asc
Description: Digital signature

Reply via email to