mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-29 13:18:12 +00:00
Code Issues Releases Wiki Activity

Update SSL option/bug bits and related docs

Browse Source 
Sorted documented lists of supported values, and documented more
extant values.  Added:

- ENABLE_MIDDLEBOX_COMPAT (as option to enable in the future, disabling the
  present default is not yet possible).

- NO_RENEGOTIATION (some folks want this to guard against CPU
  exhaustion, we don't yet have rate limit support for this).

- NO_SESSION_RESUMPTION_ON_RENEGOTIATION

- PRIORITIZE_CHACHA

- TLSEXT_PADDING (enable or disable)
This commit is contained in:
Viktor Dukhovni 2018-08-15 17:00:41 -04:00
parent 8302639a62
commit 6ca8d0a42a
3 changed files with 93 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
postfix/proto/TLS_README.html
View File

@ -923,12 +923,13 @@ handshake procedures. </p>
</blockquote> </blockquote>
<p> With Postfix 2.8 and later, the tls_disable_workarounds parameter <p> With Postfix 2.8 and later, the tls_disable_workarounds parameter
specifies a list or bit-mask of OpenSSL bug work-arounds to disable. This specifies a list or bit-mask of default-enabled OpenSSL bug
may be necessary if one of the work-arounds enabled by default in work-arounds to disable. This may be necessary if one of the
OpenSSL proves to pose a security risk, or introduces an unexpected work-arounds enabled by default in OpenSSL proves to pose a security
interoperability issue. Some bug work-arounds known to be problematic risk, or introduces an unexpected interoperability issue. The list
are disabled in the default value of the parameter when linked with of enabled bug work-arounds is OpenSSL-release-specific. See the
an OpenSSL library that could be vulnerable. </p> tls_disable_workarounds parameter documentation for the list of
supported values.</p>
<p> Example: </p> <p> Example: </p>
@ -946,19 +947,8 @@ more of the named options below, or a hexadecimal bitmask of options
found in the ssl.h file corresponding to the run-time OpenSSL found in the ssl.h file corresponding to the run-time OpenSSL
library. While it may be reasonable to turn off all bug workarounds library. While it may be reasonable to turn off all bug workarounds
(see above), it is not a good idea to attempt to turn on all features. (see above), it is not a good idea to attempt to turn on all features.
</p> See the tls_ssl_options parameter documentation for the list of
supported values. </p>
<dl>
<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3).</dd>
<dt><b>NO_TICKET</b></dt> <dd>See SSL_CTX_set_options(3).</dd>
<dt><b>NO_COMPRESSION</b></dt> <dd>Disable SSL compression even if
supported by the OpenSSL library. Compression is CPU-intensive,
and compression before encryption does not always improve security. </dd>
</dl>
<p> Example: </p> <p> Example: </p>

59
postfix/proto/postconf.proto
View File

@ -14926,44 +14926,46 @@ you can only disable one of these via the hexadecimal syntax above. </p>
<dl> <dl>
<dt><b>MICROSOFT_SESS_ID_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd> <dt><b>CRYPTOPRO_TLSEXT_BUG</b></dt> <dd>New with GOST support in
OpenSSL 1.0.0.</dd>
<dt><b>NETSCAPE_CHALLENGE_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd> <dt><b>DONT_INSERT_EMPTY_FRAGMENTS</b></dt> <dd>See
SSL_CTX_set_options(3)</dd>
<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3)</dd> <dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
<dt><b>NETSCAPE_REUSE_CIPHER_CHANGE_BUG</b></dt> <dd> also aliased
as <b>CVE-2010-4180</b>. Postfix 2.8 disables this work-around by
default with OpenSSL versions that may predate the fix. Fixed in
OpenSSL 0.9.8q and OpenSSL 1.0.0c.</dd>
<dt><b>SSLREF2_REUSE_CERT_TYPE_BUG</b></dt> <dd>See
SSL_CTX_set_options(3)</dd>
<dt><b>MICROSOFT_BIG_SSLV3_BUFFER</b></dt> <dd>See <dt><b>MICROSOFT_BIG_SSLV3_BUFFER</b></dt> <dd>See
SSL_CTX_set_options(3)</dd> SSL_CTX_set_options(3)</dd>
<dt><b>MICROSOFT_SESS_ID_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
<dt><b>MSIE_SSLV2_RSA_PADDING</b></dt> <dd> also aliased as <dt><b>MSIE_SSLV2_RSA_PADDING</b></dt> <dd> also aliased as
<b>CVE-2005-2969</b>. Postfix 2.8 disables this work-around by <b>CVE-2005-2969</b>. Postfix 2.8 disables this work-around by
default with OpenSSL versions that may predate the fix. Fixed in default with OpenSSL versions that may predate the fix. Fixed in
OpenSSL 0.9.7h and OpenSSL 0.9.8a.</dd> OpenSSL 0.9.7h and OpenSSL 0.9.8a.</dd>
<dt><b>NETSCAPE_CHALLENGE_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
<dt><b>NETSCAPE_REUSE_CIPHER_CHANGE_BUG</b></dt> <dd> also aliased
as <b>CVE-2010-4180</b>. Postfix 2.8 disables this work-around by
default with OpenSSL versions that may predate the fix. Fixed in
OpenSSL 0.9.8q and OpenSSL 1.0.0c.</dd>
<dt><b>SSLEAY_080_CLIENT_DH_BUG</b></dt> <dd>See <dt><b>SSLEAY_080_CLIENT_DH_BUG</b></dt> <dd>See
SSL_CTX_set_options(3)</dd> SSL_CTX_set_options(3)</dd>
<dt><b>TLS_D5_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd> <dt><b>SSLREF2_REUSE_CERT_TYPE_BUG</b></dt> <dd>See
SSL_CTX_set_options(3)</dd>
<dt><b>TLS_BLOCK_PADDING_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd> <dt><b>TLS_BLOCK_PADDING_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
<dt><b>TLS_D5_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
<dt><b>TLS_ROLLBACK_BUG</b></dt> <dd>See SSL_CTX_set_options(3). <dt><b>TLS_ROLLBACK_BUG</b></dt> <dd>See SSL_CTX_set_options(3).
This is disabled in OpenSSL 0.9.7 and later. Nobody should still This is disabled in OpenSSL 0.9.7 and later. Nobody should still
be using 0.9.6! </dd> be using 0.9.6! </dd>
<dt><b>DONT_INSERT_EMPTY_FRAGMENTS</b></dt> <dd>See <dt><b>TLSEXT_PADDING</b></dt><dd>Postfix &ge; 3.4. See SSL_CTX_set_options(3).</dd>
SSL_CTX_set_options(3)</dd>
<dt><b>CRYPTOPRO_TLSEXT_BUG</b></dt> <dd>New with GOST support in
OpenSSL 1.0.0.</dd>
</dl> </dl>
@ -16043,18 +16045,39 @@ in its value are enabled (see openssl/ssl.h and SSL_CTX_set_options(3)).
You can only enable options not already controlled by other Postfix You can only enable options not already controlled by other Postfix
settings. For example, you cannot disable protocols or enable settings. For example, you cannot disable protocols or enable
server cipher preference. Do not attempt to turn all features by server cipher preference. Do not attempt to turn all features by
specifying 0xFFFFFFFF, this is unlikely to be a good idea. </p> specifying 0xFFFFFFFF, this is unlikely to be a good idea. Some
bug work-arounds are also valid here, allowing them to be re-enabled
if/when they're no longer enabled by default. The supported values
include: </p>
<dl> <dl>
<dt><b>ENABLE_MIDDLEBOX_COMPAT</b></dt> <dd>Postfix &ge; 3.4. See
SSL_CTX_set_options(3).</dd>
<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3).</dd> <dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3).</dd>
<dt><b>NO_TICKET</b></dt> <dd>See SSL_CTX_set_options(3).</dd> <dt><b>NO_TICKET</b></dt> <dd>Enabled by default when needed in
fully-patched Postfix &ge; 2.7. Not needed at all for Postfix &ge;
2.11, unless for some reason you do not want to support TLS session
resumption. Best not set explicitly. See SSL_CTX_set_options(3).</dd>
<dt><b>NO_COMPRESSION</b></dt> <dd>Disable SSL compression even if <dt><b>NO_COMPRESSION</b></dt> <dd>Disable SSL compression even if
supported by the OpenSSL library. Compression is CPU-intensive, supported by the OpenSSL library. Compression is CPU-intensive,
and compression before encryption does not always improve security. </dd> and compression before encryption does not always improve security. </dd>
<dt><b>NO_RENEGOTIATION</b></dt> <dd>Postfix &ge; 3.4. This can
reduce opportunities for a potential CPU exhaustion attack. See
SSL_CTX_set_options(3).</dd>
<dt><b>NO_SESSION_RESUMPTION_ON_RENEGOTIATION</b></dt> <dd>Postfix
&ge; 3.4. See SSL_CTX_set_options(3).</dd>
<dt><b>PRIORITIZE_CHACHA</b></dt> <dd>Postfix &ge; 3.4. See SSL_CTX_set_options(3).</dd>
<dt><b>TLSEXT_PADDING</b></dt> <dd>Postfix &ge; 3.4. See
SSL_CTX_set_options(3).</dd>
</dl> </dl>
<p> This feature is available in Postfix 2.11 and later. </p> <p> This feature is available in Postfix 2.11 and later. </p>

43
postfix/src/tls/tls_misc.c
View File

@ -355,6 +355,28 @@ static const LONG_NAME_MASK ssl_bug_tweaks[] = {
#define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0 #define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0
#endif #endif
NAMEBUG(CRYPTOPRO_TLSEXT_BUG), NAMEBUG(CRYPTOPRO_TLSEXT_BUG),
#ifndef SSL_OP_TLSEXT_PADDING
#define SSL_OP_TLSEXT_PADDING 0
#endif
NAMEBUG(TLSEXT_PADDING),
#if 0
/*
* XXX: New with OpenSSL 1.1.1, this is turned on implicitly in SSL_CTX_new()
* and is not included in SSL_OP_ALL. Allowing users to disable this would
* thus a code change that would clearing bug work-around bits in SSL_CTX,
* after setting SSL_OP_ALL. Since this is presumably required for TLS 1.3 on
* today's Internet, the code change will be done separately later. For now
* this implicit bug work-around cannot be disabled via supported Postfix
* mechanisms.
*/
#ifndef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
#define SSL_OP_ENABLE_MIDDLEBOX_COMPAT 0
#endif
NAMEBUG(ENABLE_MIDDLEBOX_COMPAT),
#endif
0, 0, 0, 0,
}; };
@ -380,6 +402,27 @@ static const LONG_NAME_MASK ssl_op_tweaks[] = {
#define SSL_OP_NO_COMPRESSION 0 #define SSL_OP_NO_COMPRESSION 0
#endif #endif
NAME_SSL_OP(NO_COMPRESSION), NAME_SSL_OP(NO_COMPRESSION),
#ifndef SSL_OP_NO_RENEGOTIATION
#define SSL_OP_NO_RENEGOTIATION 0
#endif
NAME_SSL_OP(NO_RENEGOTIATION),
#ifndef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0
#endif
NAME_SSL_OP(NO_SESSION_RESUMPTION_ON_RENEGOTIATION),
#ifndef SSL_OP_PRIORITIZE_CHACHA
#define SSL_OP_PRIORITIZE_CHACHA 0
#endif
NAME_SSL_OP(PRIORITIZE_CHACHA),
#ifndef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
#define SSL_OP_ENABLE_MIDDLEBOX_COMPAT 0
#endif
NAME_SSL_OP(ENABLE_MIDDLEBOX_COMPAT),
0, 0, 0, 0,
}; };