Skip to content
Browse files

Upgrade TLS settings

  • Loading branch information
JoshData committed Dec 1, 2019
1 parent 8567a9b commit f53b18ebb9b1c4c9aba95b3a26bee2be85f8002f
Showing with 39 additions and 21 deletions.
  1. +4 −0
  2. +1 −1 conf/nginx-ssl.conf
  3. +3 −3
  4. +5 −6 setup/
  5. +20 −10 setup/
  6. +6 −1 setup/
@@ -4,6 +4,10 @@ CHANGELOG
Under Development


* TLS settings have been upgraded following Mozilla's recommendations for servers. TLS1.2 and 1.3 are now the only supported protocols for web, IMAP, and SMTP (submission).

* Set the default Roundcube skin to the new "Elastic" theme.

@@ -1,7 +1,7 @@
# We track the Mozilla "intermediate" compatibility TLS recommendations.
# Note that these settings are repeated in the SMTP and IMAP configuration.
# ssl_protocols has moved to nginx.conf in bionic, check there for enabled protocols.
ssl_dhparam STORAGE_ROOT/ssl/dh2048.pem;

# as recommended by
@@ -39,9 +39,9 @@ These services are protected by [TLS](
The services all follow these rules:

* TLS certificates are generated with 2048-bit RSA keys and SHA-256 fingerprints. The box provides a self-signed certificate by default. The [setup guide]( explains how to verify the certificate fingerprint on first login. Users are encouraged to replace the certificate with a proper CA-signed one. ([source](setup/
* Only TLSv1, TLSv1.1 and TLSv1.2 are offered (the older SSL protocols are not offered).
* HTTPS, IMAP, and POP track the [Mozilla Intermediate Ciphers Recommendation](, balancing security with supporting a wide range of mail clients. Diffie-Hellman ciphers use a 2048-bit key for forward secrecy. For more details, see the [output of SSLyze for these ports](tests/tls_results.txt).
* SMTP (port 25) uses the Postfix medium grade ciphers and SMTP Submission (port 587) uses the Postfix high grade ciphers ([more info](
* Only TLSv1.2+ are offered (the older SSL protocols are not offered).
* We track the [Mozilla Intermediate Ciphers Recommendation](, balancing security with supporting a wide range of mail clients. Diffie-Hellman ciphers use a 2048-bit key for forward secrecy. For more details, see the [output of SSLyze for these ports](tests/tls_results.txt).
* SMTP port 25 (inbound) follows similar rules. Outbound SMTP (i.e. the server is the client) uses more relaxed settings.


@@ -78,16 +78,15 @@ tools/ /etc/dovecot/conf.d/10-auth.conf \
"auth_mechanisms=plain login"

# Enable SSL, specify the location of the SSL certificate and private key files.
# Disable obsolete SSL protocols and allow only good ciphers per
# Enable strong ssl dh parameters

# Use Mozilla's "Intermediate" recommendations at,
# except that the current version of Dovecot does not have a TLSv1.3 setting, so we only use TLSv1.2.
tools/ /etc/dovecot/conf.d/10-ssl.conf \
ssl=required \
"ssl_cert=<$STORAGE_ROOT/ssl/ssl_certificate.pem" \
"ssl_key=<$STORAGE_ROOT/ssl/ssl_private_key.pem" \
"ssl_protocols=!SSLv3" \
"ssl_prefer_server_ciphers=yes" \
"ssl_protocols=TLSv1.2" \
"ssl_prefer_server_ciphers=no" \

# Disable in-the-clear IMAP/POP because there is no reason for a user to transmit
@@ -80,7 +80,6 @@ tools/ /etc/postfix/ \
# OpenDKIM milter only. See
# * Even though we dont allow auth over non-TLS connections (smtpd_tls_auth_only below, and without auth the client cant
# send outbound mail), don't allow non-TLS mail submission on this port anyway to prevent accidental misconfiguration.
# * Require the best ciphers for incoming connections per
# By putting this setting here we leave opportunistic TLS on incoming mail at default cipher settings (any cipher is better than none).
# * Give it a different name in syslog to distinguish it from the port 25 smtpd server.
# * Add a new cleanup service specific to the submission service ('authclean')
@@ -93,7 +92,6 @@ tools/ /etc/postfix/ -s -w \
-o syslog_name=postfix/submission
-o smtpd_milters=inet:
-o smtpd_tls_security_level=encrypt
-o smtpd_tls_ciphers=high -o smtpd_tls_exclude_ciphers=aNULL,DES,3DES,MD5,DES+MD5,RC4 -o smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
-o cleanup_service_name=authclean" \
"authclean=unix n - - - 0 cleanup
-o header_checks=pcre:/etc/postfix/outgoing_mail_header_filters
@@ -111,17 +109,23 @@ sed -i "s/PUBLIC_IP/$PUBLIC_IP/" /etc/postfix/outgoing_mail_header_filters
# Enable TLS on these and all other connections (i.e. ports 25 *and* 587) and
# require TLS before a user is allowed to authenticate. This also makes
# opportunistic TLS available on *incoming* mail.
# Set stronger DH parameters, which via openssl tend to default to 1024 bits
# (see
# Set stronger DH parameters, which via openssl tend to default to 1024 bits.
# Use Mozilla's "Intermediate" TLS recommendations from
# (but use and override the "high" cipher list so we don't conflict with the
# more permissive settings for outgoing mail).
tools/ /etc/postfix/ \
smtpd_tls_auth_only=yes \
smtpd_tls_cert_file=$STORAGE_ROOT/ssl/ssl_certificate.pem \
smtpd_tls_key_file=$STORAGE_ROOT/ssl/ssl_private_key.pem \
smtpd_tls_dh1024_param_file=$STORAGE_ROOT/ssl/dh2048.pem \
smtpd_tls_protocols=\!SSLv2,\!SSLv3 \
smtpd_tls_ciphers=medium \
smtpd_tls_exclude_ciphers=aNULL,RC4 \
smtpd_tls_protocols="!SSLv2,!SSLv3,!TLSv1,!TLSv1.1" \
smtpd_tls_mandatory_protocols="!SSLv2,!SSLv3,!TLSv1,!TLSv1.1" \
smtpd_tls_ciphers=high \
smtpd_tls_mandatory_ciphers=high \
smtpd_tls_exclude_ciphers= \
tls_preempt_cipherlist=no \

# Prevent non-authenticated users from sending mail that requires being
@@ -143,8 +147,12 @@ tools/ /etc/postfix/ \
# offers it, otherwise it will transmit the message in the clear. Postfix will
# accept whatever SSL certificate the remote end provides. Opportunistic TLS
# protects against passive easvesdropping (but not man-in-the-middle attacks).
# Since we'd rather have poor encryption than none at all, we use Mozilla's
# "Old" recommendations at
# for opportunistic encryption but "Intermediate" recommendations when DANE
# is used (see next and above).

# DANE takes this a step further:
# Postfix queries DNS for the TLSA record on the destination MX host. If no TLSA records are found,
# then opportunistic TLS is used. Otherwise the server certificate must match the TLSA records
# or else the mail bounces. TLSA also requires DNSSEC on the MX host. Postfix doesn't do DNSSEC
@@ -157,11 +165,13 @@ tools/ /etc/postfix/ \
# now see notices about trusted certs. The CA file is provided by the package `ca-certificates`.
tools/ /etc/postfix/ \
smtp_tls_protocols=\!SSLv2,\!SSLv3 \
smtp_tls_mandatory_protocols=\!SSLv2,\!SSLv3 \
smtp_tls_ciphers=medium \
smtp_tls_exclude_ciphers=aNULL,RC4 \
smtp_tls_exclude_ciphers= \
smtp_tls_security_level=dane \
smtp_dns_support_level=dnssec \
smtp_tls_mandatory_protocols="!SSLv2,!SSLv3,!TLSv1,!TLSv1.1" \
smtp_tls_mandatory_ciphers=high \
smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt \

@@ -31,14 +31,19 @@ sed "s#STORAGE_ROOT#$STORAGE_ROOT#" \
conf/nginx-ssl.conf > /etc/nginx/conf.d/ssl.conf

# Fix some nginx defaults.
# The server_names_hash_bucket_size seems to prevent long domain names!
# The default, according to nginx's docs, depends on "the size of the
# processor’s cache line." It could be as low as 32. We fixed it at
# 64 in 2014 to accommodate a long domain name (20 characters?). But
# even at 64, a 58-character domain name won't work (#93), so now
# we're going up to 128.
# Drop TLSv1.0, TLSv1.1, following the Mozilla "Intermediate" recommendations
# at
tools/ /etc/nginx/nginx.conf -s \
server_names_hash_bucket_size="128;" \
ssl_protocols="TLSv1.2 TLSv1.3;"

# Tell PHP not to expose its version number in the X-Powered-By header.
tools/ /etc/php/7.2/fpm/php.ini -c ';' \

0 comments on commit f53b18e

Please sign in to comment.
You can’t perform that action at this time.