The DROWN Attack

• Back

Postfix Settings - The DROWN Attack

Postfix releases 2.9.14, 2.10.8, 2.11.6, 3.0.2, released on 20/Jul/2015 and all later releases are not vulnerable in their default configuration. The below recommended TLS settings for Postfix are sufficient to avoid exposure to DROWN. Many of these are defaults in sufficiently recent releases. Nevertheless, in addition to ensuring that your Postfix configuration disables SSLv2 and weak or obsolete ciphers, you should also deploy the appropriate OpenSSL upgrade.

    # Whenever the built-in defaults are sufficient, let the built-in
    # defaults stand by deleting any explicit overrides.

    # Disable deprecated SSL protocol versions.  See:
    # http://www.postfix.org/postconf.5.html#smtp_tls_protocols
    # http://www.postfix.org/postconf.5.html#smtpd_tls_protocols
    #
    # Default in all supported stable Postfix releases since July 2015.
    # Defaults for the mandatory variants never allowed SSLv2.
    #
    smtpd_tls_protocols = !SSLv2, !SSLv3
    smtp_tls_protocols = !SSLv2, !SSLv3
    lmtp_tls_protocols = !SSLv2, !SSLv3
    tlsproxy_tls_protocols = $smtpd_tls_protocols
    #
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
    lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3
    tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols

    # Disable export and low-grade ciphers.  See:
    # http://www.postfix.org/postconf.5.html#smtpd_tls_ciphers
    # http://www.postfix.org/postconf.5.html#smtp_tls_ciphers
    #
    # Default in all supported stable Postfix releases since July 2015.
    #
    smtpd_tls_ciphers = medium
    smtp_tls_ciphers = medium

    # Enable forward-secrecy with a 2048-bit prime and the P-256 EC curve. See
    # http://www.postfix.org/FORWARD_SECRECY_README.html#server_fs
    # http://www.postfix.org/postconf.5.html#smtpd_tls_dh1024_param_file
    # http://www.postfix.org/postconf.5.html#smtpd_tls_eecdh_grade
    #
    # The default DH parameters use a 2048-bit strong prime as of Postfix 3.1.0.
    #
    smtpd_tls_dh1024_param_file=${config_directory}/dh2048.pem
    smtpd_tls_eecdh_grade = strong

    # Trimmed cipherlist improves interoperability with old Exchange servers
    # and reduces exposure to obsolete and rarely used crypto.  See:
    # http://www.postfix.org/postconf.5.html#smtp_tls_exclude_ciphers
    # http://www.postfix.org/postconf.5.html#smtpd_tls_exclude_ciphers
    #
    smtp_tls_exclude_ciphers =
        EXPORT, LOW, MD5,
        aDSS, kECDHe, kECDHr, kDHd, kDHr,
        SEED, IDEA, RC2
    smtpd_tls_exclude_ciphers =
        EXPORT, LOW, MD5, SEED, IDEA, RC2