Securing Dovecot and Postfix (Logjam Attack)

This week’s attack on TLS, called Logjam, did not come with a logo, to everyones surprise. I missed the good old attacks that don’t require artwork to grab attention :)

In short, the attack pre-calculates parts of the discrete logarithm for the 512-bit variant. After that, a MITM would use a downgrade attack to force client and server to use old export-grade cryptography. According to the statistics of the Logjam authors, between 8.4 and 14.8 percent of all legacy IP mail servers are vulnerable to the Logjam attack. Time for us to check our configs, right?

I use 2048 bit DH parameters and let dovecot regenerate them every three days (72 hours). The corresponding part of my dovecot.conf looks similar to this:

# ssl
disable_plaintext_auth = yes
ssl = required
ssl_cert =< /etc/my-server-crt.crt
ssl_key =< /etc/my-server-key.key
ssl_cipher_list = HIGH
ssl_dh_parameters_length = 2048
ssl_parameters_regenerate = 72hours

For postfix the configuration looks a bit confusing, because the config option is named smtpd_tls_dh1024_param_file, but it handles 2048 bit DH parameters just fine. I also suggest using tls_preempt_cipherlist to make sure the server selects the cipher. That requires SSLv3 or higher, but from my point of view there is no reason to use anything below TLSv1 anyway. Please make sure you set the ciphers correctly, e.g. as advised by the Logjam attack authors.

An excerpt from my postfix

smtpd_tls_protocols = TLSv1
smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
tls_preempt_cipherlist = yes