Dear Postfix folks,
postconf.5.html#smtpd_tls_dh1024_param_file [1] says:
The best-practice choice of parameters uses a 2048-bit prime. This is
fine, despite the historical "1024" in the parameter name. Do not be
tempted to use much larger values, performance degrades quickly, and
you may also cease to interoperate with some mainstream SMTP clients.
As of Postfix 3.1, the compiled-in default prime is 2048-bits, and it
is not strictly necessary, though perhaps somewhat beneficial to
generate custom DH parameters.
Instead of using the exact same parameter sets as distributed with
other TLS packages, it is more secure to generate your own set of
parameters with something like the following commands: >
openssl dhparam -out /etc/postfix/dh2048.pem 2048
openssl dhparam -out /etc/postfix/dh1024.pem 1024
# As of Postfix 3.6, export-grade 512-bit DH parameters are no longer
# supported or needed.
openssl dhparam -out /etc/postfix/dh512.pem 512
If I am not misunderstanding anything, the “more secure” in the second
paragraph contradicts the end of the first paragraph.
Indeed, reading *TLS Forward Secrecy in Postfix* [2] and *IT Security
Guidelines for Transport Layer Security (TLS) v2.1* [3], using RFC 7919
ciphers is recommended.
DHE: The security of Diffie-Hellman Ephemeral (DHE) key exchange
depends on the lengths of the public and secret keys used within the
chosen finite field group. We test if your DHE public key material
uses one of the predefined finite field groups that are specified in
RFC 7919. Self-generated groups are 'Insufficient'.
Kind regards,
Paul
[1]: https://www.postfix.org/postconf.5.html#smtpd_tls_dh1024_param_file
[2]: https://www.postfix.org/FORWARD_SECRECY_README.html
[3]:
https://english.ncsc.nl/publications/publications/2021/january/19/it-security-guidelines-for-transport-layer-security-2.1
_______________________________________________
Postfix-devel mailing list -- postfix-devel@postfix.org
To unsubscribe send an email to postfix-devel-le...@postfix.org
