I think that would be very useful. I was able to use a db setting in SME to turn off TLSv1.0 support, and did so on all the SME systems I support quite a long time ago.
sorry if I misunderstood your issue, do you know how to modify the tls protocol to fit your need, remove the tls1.0 & tls1.1 is easy, after you need to test with testssl
check etc/e-smith/templates/etc/httpd/conf.d/nethserver.conf/10tls_policy_20180621
Thanks for that. I’ll have a look and do some more reading of the dev docs. I would very much like to see an upgraded TLS policy to turn off TLSv1 and TLSv1.1 - that in itself would get me most of what I need. I’m not sure whether further modifications to the accepted encryption policies would be needed at that point.
I’ve done some scans using sslscan, and I’m now looking at testssl.sh as well.
1 Like
Will try to do some tests tomorrow but we have the book
This is the stronger recommended
https://bettercrypto.org/#_configuration_a_strong_ciphers_fewer_clients
2 Likes
if you want to only remove tls1.0 and tls1.1
in etc/e-smith/templates/etc/httpd/conf.d/nethserver.conf/10tls_policy_20180621
-SSLProtocol all -SSLv2 -SSLv3
+SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
then restart httpd
it seems that quite all clients could connect
| Android 4.4.2 | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS |
|---|---|---|---|
| Android 5.0.0 | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DH 2048 FS |
| Android 6.0 | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DH 2048 FS |
| Android 7.0 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| BingPreview Jan 2015 | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS |
| Chrome 49 / XP SP3 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Chrome 69 / Win 7 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Chrome 70 / Win 10 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Firefox 31.3.0 ESR / Win 7 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Firefox 47 / Win 7 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Firefox 49 / XP SP3 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Firefox 62 / Win 7 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Googlebot Feb 2018 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| IE 11 / Win 7 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS |
| IE 11 / Win 8.1 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS |
| IE 11 / Win Phone 8.1 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDH secp256r1 FS |
| IE 11 / Win Phone 8.1 Update R | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS |
| IE 11 / Win 10 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS |
| Edge 15 / Win 10 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Edge 13 / Win Phone 10 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS |
| Java 8u161 | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS |
| OpenSSL 1.0.1l R | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS |
| OpenSSL 1.0.2e R | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS |
| Safari 6 / iOS 6.0.1 | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 2048 FS |
| Safari 7 / iOS 7.1 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 2048 FS |
| Safari 7 / OS X 10.9 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 2048 FS |
| Safari 8 / iOS 8.4 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 2048 FS |
| Safari 8 / OS X 10.10 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 2048 FS |
| Safari 9 / iOS 9 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Safari 9 / OS X 10.11 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Safari 10 / iOS 10 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Safari 10 / OS X 10.12 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Apple ATS 9 / iOS 9 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Yahoo Slurp Jan 2015 | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS |
| YandexBot Jan 2015 | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS |
if you follow the strong cipher configuration
in etc/e-smith/templates/etc/httpd/conf.d/nethserver.conf/10tls_policy_20180621
-SSLProtocol all -SSLv2 -SSLv3
+SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
+SSLCipherSuite EDH+aRSA+AES256:EECDH+aRSA+AES256:!SSLv3
remove the cipher list then restart httpd
in that case you restrict the numbers of client
| Android 4.4.2 | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS |
|---|---|---|---|
| Android 5.0.0 | Server sent fatal alert: handshake_failure | ||
| Android 6.0 | Server sent fatal alert: handshake_failure | ||
| Android 7.0 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| BingPreview Jan 2015 | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS |
| Chrome 49 / XP SP3 | Server sent fatal alert: handshake_failure | ||
| Chrome 69 / Win 7 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Chrome 70 / Win 10 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Firefox 31.3.0 ESR / Win 7 | Server sent fatal alert: handshake_failure | ||
| Firefox 47 / Win 7 R | Server sent fatal alert: handshake_failure | ||
| Firefox 49 / XP SP3 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Firefox 62 / Win 7 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Googlebot Feb 2018 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| IE 11 / Win 7 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS |
| IE 11 / Win 8.1 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS |
| IE 11 / Win Phone 8.1 R | Server sent fatal alert: handshake_failure | ||
| IE 11 / Win Phone 8.1 Update R | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS |
| IE 11 / Win 10 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS |
| Edge 15 / Win 10 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Edge 13 / Win Phone 10 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS |
| Java 8u161 | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS |
| OpenSSL 1.0.1l R | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS |
| OpenSSL 1.0.2e R | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS |
| Safari 6 / iOS 6.0.1 | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 2048 FS |
| Safari 7 / iOS 7.1 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 2048 FS |
| Safari 7 / OS X 10.9 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 2048 FS |
| Safari 8 / iOS 8.4 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 2048 FS |
| Safari 8 / OS X 10.10 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 2048 FS |
| Safari 9 / iOS 9 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Safari 9 / OS X 10.11 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Safari 10 / iOS 10 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Safari 10 / OS X 10.12 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Apple ATS 9 / iOS 9 R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Yahoo Slurp Jan 2015 | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS |
| YandexBot Jan 2015 | RSA 2048 (SHA256) | TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 2048 FS |
3 Likes
reading this http://docs.nethserver.org/en/latest/tlspolicy.html#tlspolicy-section we could release a TLS policy and get rid of TLS1.x for apache…of course keep 1.2
I am not sure we could be PCI compliant, I assume it is the work of the sysadmin for this purpose, he is paid for this 
but we could help
cc @davidep
That sounds like what is needed for any system that needs to meet the PCI-DSS standard. One thing I don’t follow though - does this affect all open ports, or only the HTTP, HTTPS ports?
1 Like
I’d like to see this new TLS policy as the default of NethServer 7.7 
Only https; we have to configure (and test) other daemons as well…
I’d like to see the new policy as an option soon on 7.6.
So far we talked about service configuration. Does the PCI specs require the same on clients?
As suggested by @giacomo, we must care the Postfix SMTP client config too. It talks to other MTAs, and they could support only TLS 1.0… what does PCI say here?
1 Like
We have removed tls1. 0 for ejaberd iirc
does it won’t be an issue for us if old clients could not connect ?
IE 11 / Win Phone 8.1 R Server sent fatal alert: handshake_failure
| Firefox 31.3.0 ESR / Win 7 | Server sent fatal alert: handshake_failure | ||
|---|---|---|---|
| Firefox 47 / Win 7 R | Server sent fatal alert: handshake_failure |
Chrome 49 / XP SP3 Server sent fatal alert: handshake_failure
| Android 5.0.0 | Server sent fatal alert: handshake_failure | ||
|---|---|---|---|
| Android 6.0 | Server sent fatal alert: handshake_failure |
we need to take care about also elliptic curve certificate
@nrauso, do you think that if we decide to block the client list above, this could drive to increase the ticket of your customers
FYI
-
ejabberd
/etc/ejabberd/ejabberd.ymlTLS policy 20181001
define_macro:
‘CERTFILE’: “/etc/ejabberd/ejabberd.pem”
‘TLSOPTS’:
- “no_sslv3”
- “no_tlsv1”
- “cipher_server_preference”
‘CIPHERS’: “ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:
ECDHE-ECDSA-AES128-SHA256:EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:
EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:
+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:
!PSK:!DSS:!RC4:!SEED:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA” -
dovecot
/etc/dovecot/dovecot.confTLS
cipher selection 2018-06-21 (RSA and ECC certificate)
ssl_dh_parameters_length = 2048
ssl_protocols = !SSLv3 !SSLv2
ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
ssl_prefer_server_ciphers = yes
-
postfix
/etc/postfix/main.cfTLS
cipher selection 2018-06-21 (RSA and ECC certificate)
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_ciphers=high
tls_high_cipherlist=ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:kEDH:CAMELLIA128-SHA:AES128-SHA
smtpd_tls_exclude_ciphers=aNULL:eNULL:LOW:3DES:MD5:EXP:PSK:DSS:RC4:SEED:IDEAtls_preempt_cipherlist = yes
-
nethgui
/etc/httpd/admin-conf/httpd.confCipher selection 2018-06-21
Only TLS1.2 cipher (RSA and ECC certificate)
SSLCipherSuite EDH+aRSA+AES256:EECDH+aRSA+AES256:ECDHE-ECDSA-AES256-GCM-SHA384:
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCompression off
SSLUseStapling on
SSLStaplingCache “shmcb:logs/stapling-cache(150000)”
in 2016, 25% of email not received when tls1.0 removed
1 Like
My two cents on your list…
- Windows Phone 8.1 has been discontinued as support from Microsoft
- Windows XP has been killed from Microsoft five years ago, enough?
- Firefox 31.3 ESR is obsolete, current ESR is 56.2. Firefox 47 is far more than superseeded, 67 is currently out.
- I am personally concerned from Android 6 error about handshaking, but i think that Chrome or Firefox could connect flawlessly… for web services. And email clients.
I think that closing doors to issues (vulnerabilities of cypher protocols) is far more important of the sensation of being protected (used faulty cypher protocols).
Providing an optional TLS policy PCI (willingly compliant) seems a great idea for me. If this will be available as optional (with a list of known-supported OSes) list should be great for help people test and feed with direct tests this list.
1 Like
So far as I can see, the PCI-DSS standard forbids TLSv1 on any open port.
I found a db command for SME 9.2 which allowed me to disable TLSv1 on all services (seems to work from the sslscans I’ve done on some of the SME machines). I’ve put it in place on all the servers I look after. Checking the logs just after I put the policy in didn’t show a big increase in failed mail connections.
In fact, looking at the logs for the one production Nethserver I’m running at the moment, it seems to refuse more mail, either due to the rspamd milter being more effective than anything SME is running or due to failed mta logins.
yep, I implemented a quarantine rpm only to check what rspamd rejects as spam, I now deactivated it because I am really confident what rspamd refuses, you cannot read that kind of emails in front of our children, too much instructive 
So in clear we refuse spam, we store to junk probable spam, and we soft reject possible spam, before to accept them after two or three attempts. I really love rspamd, spamassassin is mostly dead now
please could you point to the documentation please.
My mind is splitted here, we know that we cannot trust what MTA do with our emails, for example GMAIL is known to read what you send, for giving you back ads. So restrict a protocol for postfix, except for a commercial point of view, I do no understand really. If you care to protect your conversation, please use PGP like I do.
This is not true of course when you are in a direct link between your server and the clients, I mean dovecot, apache, ejabberd (because at the xmpp protocol they get rid of tls1.0) and other services using TLS.
As ever I never owned the truth, so please help me to change my mind
For those who care to change, hardening security of protocol communication, you have a good redhat book also : Securing Applications with TLS in RHEL - Red Hat Customer Portal
EDIT: at NS we are concerned to receive the email, so we use the TLS protocol with the may option. If the remote smtp cannot use TLS we accept the transaction
# With this, the Postfix SMTP server announces STARTTLS support to
# remote SMTP clients, but does not require that clients use TLS
# encryption:
smtpd_tls_security_level = may
As such it does not apply to smtp client and other outbound connections 
(?)
1 Like
Sorry - somehow I missed this, so the reply is very late coming…
In answer to the question, it doesn’t seem to. The scan report was purely concerned with ports open in the firewall. Thought it would seem to me that it should cover outbound connections of that sort as well.
The other thing that the scan fails to take any account of is other mitigating factors. So yes, some of cipher suites may be weak. But even if they are weak, it will take a great deal of time to break through. In an environment running something like fail2ban, it is difficult to see how anyone could get anything like the time needed to crack the encryption. But no-one at the scanning agency wants to answer that question…
I’ve also searched to see if there are any straight commercial products that I could offer as a stop-gap until such time as Nethserver can implement dropping TLSv1.0 on all services and block the encryption suites deemed to be weak. I’ve found a number of places offering PCI-DSS compliant servers, but all of them are hosted systems, not server software, which would be of no use at all in this situation.
At the moment, I’m waiting for further information from Scan Metrics, the firm that seems to do a lot of the compliance testing. Hoping that Nethserver will give me some options soon