@paul_marwick would you be please be explicit of what DiffieHellman protocols are marked as weak?
TLS policy vs PCI compliance
I would be curious on your thoughts against the httpadmin, we have hardened the servermanager service but we still allow TLS1.0 and TLS1.1
Has server cipher order? yes (OK)
Negotiated protocol TLSv1.2
Negotiated cipher DHERSAAES256GCMSHA384, 2048 bit DH
Cipher order
TLSv1: DHERSAAES256SHA ECDHERSAAES256SHA
TLSv1.1: DHERSAAES256SHA ECDHERSAAES256SHA
TLSv1.2: DHERSAAES256GCMSHA384 DHERSAAES256SHA256 DHERSAAES256SHA
ECDHERSAAES256GCMSHA384 ECDHERSAAES256SHA384
ECDHERSAAES256SHA
you can use testssl to check it https://wiki.nethserver.org/doku.php?id=testing_tls_ssl_encryption&s[]=tls#testsslsh
all tests are welcome, changing ciphers or protocols could drive to issues and each service is different so we could not copy and paste the same configuration
Thanks for that information @stephdl, that is helpful to know.
Personally my view is that TLSv1.0 should be disabled by default and if someone still requires it, they could then enable it. That is the better from a security point of view.
I’m still going through the failure report from Security Metrics (firm that did the compliance testing). In it they say this:
At least one of the services on the remote host supports a DiffieHellman
key exchange using a public modulus smaller than 2048 bits. Diffie
Hellman key exchanges with keys smaller than 2048 bits do not meet
the PCI definition of strong cryptography as specified by NIST Special
Publication 80057 Part 1.
They also indicate a preference for not using ciphers which use 3DES encryption.
If it is of any interest to people, I have a copy of the Security Metrics 2019 Guide to PCI_DSS compliance. It covers all aspects of making systems secure, including things like data encryption for card data. I can put it up on Google Drive and post a URL if anyone is interested.
No complaints here. I’m glad it has attracted interest. I’ve already been impressed with how much better Nethserver is at handling spam and attempted virus dumps. If a new security policy can be provided that allows me to disable TLS1 and TLS1.1, that will make it that much more useful to me…
I think that would be very useful. I was able to use a db setting in SME to turn off TLSv1.0 support, and did so on all the SME systems I support quite a long time ago.
sorry if I misunderstood your issue, do you know how to modify the tls protocol to fit your need, remove the tls1.0 & tls1.1 is easy, after you need to test with testssl
check etc/esmith/templates/etc/httpd/conf.d/nethserver.conf/10tls_policy_20180621
Thanks for that. I’ll have a look and do some more reading of the dev docs. I would very much like to see an upgraded TLS policy to turn off TLSv1 and TLSv1.1  that in itself would get me most of what I need. I’m not sure whether further modifications to the accepted encryption policies would be needed at that point.
I’ve done some scans using sslscan, and I’m now looking at testssl.sh as well.
Will try to do some tests tomorrow but we have the book
This is the stronger recommended
https://bettercrypto.org/#_configuration_a_strong_ciphers_fewer_clients
if you want to only remove tls1.0 and tls1.1
in etc/esmith/templates/etc/httpd/conf.d/nethserver.conf/10tls_policy_20180621
SSLProtocol all SSLv2 SSLv3
+SSLProtocol all SSLv2 SSLv3 TLSv1 TLSv1.1
then restart httpd
it seems that quite all clients could connect
Android 4.4.2  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS 

Android 5.0.0  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DH 2048 FS 
Android 6.0  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DH 2048 FS 
Android 7.0  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS 
BingPreview Jan 2015  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS 
Chrome 49 / XP SP3  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS 
Chrome 69 / Win 7 R  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS 
Chrome 70 / Win 10  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS 
Firefox 31.3.0 ESR / Win 7  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS 
Firefox 47 / Win 7 R  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS 
Firefox 49 / XP SP3  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS 
Firefox 62 / Win 7 R  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS 
Googlebot Feb 2018  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS 
IE 11 / Win 7 R  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS 
IE 11 / Win 8.1 R  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS 
IE 11 / Win Phone 8.1 R  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDH secp256r1 FS 
IE 11 / Win Phone 8.1 Update R  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS 
IE 11 / Win 10 R  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS 
Edge 15 / Win 10 R  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS 
Edge 13 / Win Phone 10 R  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS 
Java 8u161  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS 
OpenSSL 1.0.1l R  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS 
OpenSSL 1.0.2e R  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS 
Safari 6 / iOS 6.0.1  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 2048 FS 
Safari 7 / iOS 7.1 R  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 2048 FS 
Safari 7 / OS X 10.9 R  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 2048 FS 
Safari 8 / iOS 8.4 R  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 2048 FS 
Safari 8 / OS X 10.10 R  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 2048 FS 
Safari 9 / iOS 9 R  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS 
Safari 9 / OS X 10.11 R  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS 
Safari 10 / iOS 10 R  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS 
Safari 10 / OS X 10.12 R  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS 
Apple ATS 9 / iOS 9 R  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS 
Yahoo Slurp Jan 2015  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS 
YandexBot Jan 2015  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS 
if you follow the strong cipher configuration
in etc/esmith/templates/etc/httpd/conf.d/nethserver.conf/10tls_policy_20180621
SSLProtocol all SSLv2 SSLv3
+SSLProtocol all SSLv2 SSLv3 TLSv1 TLSv1.1
+SSLCipherSuite EDH+aRSA+AES256:EECDH+aRSA+AES256:!SSLv3
remove the cipher list then restart httpd
in that case you restrict the numbers of client
Android 4.4.2  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS 

Android 5.0.0  Server sent fatal alert: handshake_failure  
Android 6.0  Server sent fatal alert: handshake_failure  
Android 7.0  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS 
BingPreview Jan 2015  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS 
Chrome 49 / XP SP3  Server sent fatal alert: handshake_failure  
Chrome 69 / Win 7 R  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS 
Chrome 70 / Win 10  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS 
Firefox 31.3.0 ESR / Win 7  Server sent fatal alert: handshake_failure  
Firefox 47 / Win 7 R  Server sent fatal alert: handshake_failure  
Firefox 49 / XP SP3  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS 
Firefox 62 / Win 7 R  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS 
Googlebot Feb 2018  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS 
IE 11 / Win 7 R  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS 
IE 11 / Win 8.1 R  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS 
IE 11 / Win Phone 8.1 R  Server sent fatal alert: handshake_failure  
IE 11 / Win Phone 8.1 Update R  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS 
IE 11 / Win 10 R  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS 
Edge 15 / Win 10 R  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS 
Edge 13 / Win Phone 10 R  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS 
Java 8u161  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS 
OpenSSL 1.0.1l R  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS 
OpenSSL 1.0.2e R  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS 
Safari 6 / iOS 6.0.1  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 2048 FS 
Safari 7 / iOS 7.1 R  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 2048 FS 
Safari 7 / OS X 10.9 R  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 2048 FS 
Safari 8 / iOS 8.4 R  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 2048 FS 
Safari 8 / OS X 10.10 R  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 2048 FS 
Safari 9 / iOS 9 R  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS 
Safari 9 / OS X 10.11 R  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS 
Safari 10 / iOS 10 R  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS 
Safari 10 / OS X 10.12 R  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS 
Apple ATS 9 / iOS 9 R  RSA 2048 (SHA256)  TLS 1.2  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS 
Yahoo Slurp Jan 2015  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS 
YandexBot Jan 2015  RSA 2048 (SHA256)  TLS 1.2  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS 
reading this http://docs.nethserver.org/en/latest/tlspolicy.html#tlspolicysection we could release a TLS policy and get rid of TLS1.x for apache…of course keep 1.2
I am not sure we could be PCI compliant, I assume it is the work of the sysadmin for this purpose, he is paid for this but we could help
cc @davidep
That sounds like what is needed for any system that needs to meet the PCIDSS standard. One thing I don’t follow though  does this affect all open ports, or only the HTTP, HTTPS ports?
I’d like to see this new TLS policy as the default of NethServer 7.7
Only https; we have to configure (and test) other daemons as well…
I’d like to see the new policy as an option soon on 7.6.
So far we talked about service configuration. Does the PCI specs require the same on clients?
As suggested by @giacomo, we must care the Postfix SMTP client config too. It talks to other MTAs, and they could support only TLS 1.0… what does PCI say here?
We have removed tls1. 0 for ejaberd iirc
does it won’t be an issue for us if old clients could not connect ?
IE 11 / Win Phone 8.1 R Server sent fatal alert: handshake_failure
Firefox 31.3.0 ESR / Win 7  Server sent fatal alert: handshake_failure  

Firefox 47 / Win 7 R  Server sent fatal alert: handshake_failure 
Chrome 49 / XP SP3 Server sent fatal alert: handshake_failure
Android 5.0.0  Server sent fatal alert: handshake_failure  

Android 6.0  Server sent fatal alert: handshake_failure 
we need to take care about also elliptic curve certificate
@nrauso, do you think that if we decide to block the client list above, this could drive to increase the ticket of your customers
FYI

ejabberd
/etc/ejabberd/ejabberd.yml
TLS policy 20181001
define_macro:
‘CERTFILE’: “/etc/ejabberd/ejabberd.pem”
‘TLSOPTS’:
 “no_sslv3”
 “no_tlsv1”
 “cipher_server_preference”
‘CIPHERS’: “ECDHEECDSAAES256GCMSHA384:ECDHEECDSACHACHA20POLY1305:
ECDHEECDSAAES128GCMSHA256:ECDHEECDSAAES256SHA384:
ECDHEECDSAAES128SHA256:EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:
EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:
+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:
!PSK:!DSS:!RC4:!SEED:CAMELLIA256SHA:AES256SHA:CAMELLIA128SHA:AES128SHA” 
dovecot
/etc/dovecot/dovecot.conf
TLS
cipher selection 20180621 (RSA and ECC certificate)
ssl_dh_parameters_length = 2048
ssl_protocols = !SSLv3 !SSLv2
ssl_cipher_list = ECDHEECDSAAES256GCMSHA384:ECDHEECDSACHACHA20POLY1305:ECDHEECDSAAES128GCMSHA256:ECDHEECDSAAES256SHA384:ECDHEECDSAAES128SHA256:EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:CAMELLIA256SHA:AES256SHA:CAMELLIA128SHA:AES128SHA
ssl_prefer_server_ciphers = yes

postfix
/etc/postfix/main.cf
TLS
cipher selection 20180621 (RSA and ECC certificate)
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_ciphers=high
tls_high_cipherlist=ECDHEECDSAAES256GCMSHA384:ECDHEECDSACHACHA20POLY1305:ECDHEECDSAAES128GCMSHA256:ECDHEECDSAAES256SHA384:ECDHEECDSAAES128SHA256:EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:kEDH:CAMELLIA128SHA:AES128SHA
smtpd_tls_exclude_ciphers=aNULL:eNULL:LOW:3DES:MD5:EXP:PSK:DSS:RC4:SEED:IDEAtls_preempt_cipherlist = yes

nethgui
/etc/httpd/adminconf/httpd.conf
Cipher selection 20180621
Only TLS1.2 cipher (RSA and ECC certificate)
SSLCipherSuite EDH+aRSA+AES256:EECDH+aRSA+AES256:ECDHEECDSAAES256GCMSHA384:
ECDHEECDSACHACHA20POLY1305:ECDHEECDSAAES128GCMSHA256:
ECDHEECDSAAES256SHA384:ECDHEECDSAAES128SHA256SSLProtocol All SSLv2 SSLv3
SSLHonorCipherOrder On
SSLCompression off
SSLUseStapling on
SSLStaplingCache “shmcb:logs/staplingcache(150000)”
in 2016, 25% of email not received when tls1.0 removed
My two cents on your list…
 Windows Phone 8.1 has been discontinued as support from Microsoft
 Windows XP has been killed from Microsoft five years ago, enough?
 Firefox 31.3 ESR is obsolete, current ESR is 56.2. Firefox 47 is far more than superseeded, 67 is currently out.
 I am personally concerned from Android 6 error about handshaking, but i think that Chrome or Firefox could connect flawlessly… for web services. And email clients.
I think that closing doors to issues (vulnerabilities of cypher protocols) is far more important of the sensation of being protected (used faulty cypher protocols).
Providing an optional TLS policy PCI (willingly compliant) seems a great idea for me. If this will be available as optional (with a list of knownsupported OSes) list should be great for help people test and feed with direct tests this list.