From the scan report on the system that I’m trying to find a fix for, 1.2 is much preferred. There are also some protocols that are out of favour - I’m not sure how critical it is, but several of the Diffie-Hellman protocols are regarded as weak.

@paul_marwick would you be please be explicit of what Diffie-Hellman protocols are marked as weak?

I would be curious on your thoughts against the http-admin, we have hardened the server-manager service but we still allow TLS1.0 and TLS1.1

 Has server cipher order?     yes (OK)
 Negotiated protocol          TLSv1.2
 Negotiated cipher            DHE-RSA-AES256-GCM-SHA384, 2048 bit DH
 Cipher order
    TLSv1:     DHE-RSA-AES256-SHA ECDHE-RSA-AES256-SHA 
    TLSv1.1:   DHE-RSA-AES256-SHA ECDHE-RSA-AES256-SHA 
    TLSv1.2:   DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA
               ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384
               ECDHE-RSA-AES256-SHA 

you can use testssl to check it https://wiki.nethserver.org/doku.php?id=testing_tls_ssl_encryption&s[]=tls#testsslsh

all tests are welcome, changing ciphers or protocols could drive to issues and each service is different so we could not copy and paste the same configuration

Thanks for that information @stephdl, that is helpful to know.

Personally my view is that TLSv1.0 should be disabled by default and if someone still requires it, they could then enable it. That is the better from a security point of view.

I’m still going through the failure report from Security Metrics (firm that did the compliance testing). In it they say this:

At least one of the services on the remote host supports a Diffie-Hellman
key exchange using a public modulus smaller than 2048 bits. Diffie-
Hellman key exchanges with keys smaller than 2048 bits do not meet
the PCI definition of strong cryptography as specified by NIST Special
Publication 800-57 Part 1.

They also indicate a preference for not using ciphers which use 3DES encryption.

If it is of any interest to people, I have a copy of the Security Metrics 2019 Guide to PCI_DSS compliance. It covers all aspects of making systems secure, including things like data encryption for card data. I can put it up on Google Drive and post a URL if anyone is interested.

No complaints here. I’m glad it has attracted interest. I’ve already been impressed with how much better Nethserver is at handling spam and attempted virus dumps. If a new security policy can be provided that allows me to disable TLS1 and TLS1.1, that will make it that much more useful to me…

I think that would be very useful. I was able to use a db setting in SME to turn off TLSv1.0 support, and did so on all the SME systems I support quite a long time ago.

sorry if I misunderstood your issue, do you know how to modify the tls protocol to fit your need, remove the tls1.0 & tls1.1 is easy, after you need to test with testssl

check etc/e-smith/templates/etc/httpd/conf.d/nethserver.conf/10tls_policy_20180621

Thanks for that. I’ll have a look and do some more reading of the dev docs. I would very much like to see an upgraded TLS policy to turn off TLSv1 and TLSv1.1 - that in itself would get me most of what I need. I’m not sure whether further modifications to the accepted encryption policies would be needed at that point.

I’ve done some scans using sslscan, and I’m now looking at testssl.sh as well.

Will try to do some tests tomorrow but we have the book

https://bettercrypto.org/

This is the stronger recommended

https://bettercrypto.org/#_configuration_a_strong_ciphers_fewer_clients

if you want to only remove tls1.0 and tls1.1
in etc/e-smith/templates/etc/httpd/conf.d/nethserver.conf/10tls_policy_20180621

-SSLProtocol all -SSLv2 -SSLv3 
+SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

then restart httpd

it seems that quite all clients could connect

if you follow the strong cipher configuration

in etc/e-smith/templates/etc/httpd/conf.d/nethserver.conf/10tls_policy_20180621

-SSLProtocol all -SSLv2 -SSLv3 
+SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

+SSLCipherSuite  EDH+aRSA+AES256:EECDH+aRSA+AES256:!SSLv3

remove the cipher list then restart httpd

in that case you restrict the numbers of client

reading this http://docs.nethserver.org/en/latest/tlspolicy.html#tlspolicy-section we could release a TLS policy and get rid of TLS1.x for apache…of course keep 1.2

I am not sure we could be PCI compliant, I assume it is the work of the sysadmin for this purpose, he is paid for this but we could help

cc @davidep

That sounds like what is needed for any system that needs to meet the PCI-DSS standard. One thing I don’t follow though - does this affect all open ports, or only the HTTP, HTTPS ports?

I’d like to see this new TLS policy as the default of NethServer 7.7

Only https; we have to configure (and test) other daemons as well…

I’d like to see the new policy as an option soon on 7.6.

So far we talked about service configuration. Does the PCI specs require the same on clients?

As suggested by @giacomo, we must care the Postfix SMTP client config too. It talks to other MTAs, and they could support only TLS 1.0… what does PCI say here?

We have removed tls1. 0 for ejaberd iirc

does it won’t be an issue for us if old clients could not connect ?

IE 11 / Win Phone 8.1 R Server sent fatal alert: handshake_failure

Chrome 49 / XP SP3 Server sent fatal alert: handshake_failure

we need to take care about also elliptic curve certificate

@nrauso, do you think that if we decide to block the client list above, this could drive to increase the ticket of your customers

FYI

• ejabberd /etc/ejabberd/ejabberd.yml

  TLS policy 20181001

  define_macro:
  ‘CERTFILE’: “/etc/ejabberd/ejabberd.pem”
  ‘TLSOPTS’:
  - “no_sslv3”
  - “no_tlsv1”
  - “cipher_server_preference”
  ‘CIPHERS’: “ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:
  ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:
  ECDHE-ECDSA-AES128-SHA256:EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:
  EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:
  +CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:
  !PSK:!DSS:!RC4:!SEED:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA”

• dovecot /etc/dovecot/dovecot.conf

  TLS

  cipher selection 2018-06-21 (RSA and ECC certificate)

  ssl_dh_parameters_length = 2048

  ssl_protocols = !SSLv3 !SSLv2

  ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA

  ssl_prefer_server_ciphers = yes

• postfix /etc/postfix/main.cf

  TLS

  cipher selection 2018-06-21 (RSA and ECC certificate)

  smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
  smtpd_tls_protocols = !SSLv2, !SSLv3
  smtpd_tls_mandatory_ciphers=high
  tls_high_cipherlist=ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:kEDH:CAMELLIA128-SHA:AES128-SHA
  smtpd_tls_exclude_ciphers=aNULL:eNULL:LOW:3DES:MD5:EXP:PSK:DSS:RC4:SEED:IDEA

  tls_preempt_cipherlist = yes

• nethgui /etc/httpd/admin-conf/httpd.conf

  Cipher selection 2018-06-21

  Only TLS1.2 cipher (RSA and ECC certificate)

  SSLCipherSuite EDH+aRSA+AES256:EECDH+aRSA+AES256:ECDHE-ECDSA-AES256-GCM-SHA384:
  ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:
  ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256

  SSLProtocol All -SSLv2 -SSLv3

  SSLHonorCipherOrder On
  SSLCompression off
  SSLUseStapling on
  SSLStaplingCache “shmcb:logs/stapling-cache(150000)”

https://www.linuxquestions.org/questions/linux-server-73/disabling-tlsv1-0-on-postfix-%3D-~25-of-mails-not-received-4175572056/

in 2016, 25% of email not received when tls1.0 removed