diff --git a/docs/release-notes.rst b/docs/release-notes.rst index c7daaef..7835163 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -22,6 +22,15 @@ NixOS 26.05 established by `agenix`_/`sops-nix`_ that instead rely on encryption. This option prevents files from leaking in to the Nix store. See :option:`mailserver.accounts..passwordFile`. +- TLS configurations have been updated: + + - TLSv1.2 cipher suites in Postfix now require `AEAD`_ and `ECDHE`_. + - Postfix and Dovecot allow for the ``SecP256r1MLKEM768`` + key exchange, as specified in the ongoing + `standardization effort `__. + - Postfix no longer supports uncommon, deprecated, and obsolete TLS signature + algorithms. + - LDAP setups require a migration of Dovecot home directories to `UUID based home directories`_. The exact UUID attribute can be customized through :option:`mailserver.ldap.attributes.uuid`. @@ -45,6 +54,8 @@ NixOS 26.05 .. _DKIM key management: dkim.html .. _agenix: https://github.com/ryantm/agenix .. _sops-nix: https://github.com/Mic92/sops-nix +.. _AEAD: https://en.wikipedia.org/wiki/Authenticated_encryption +.. _ECDHE: https://www.rfc-editor.org/rfc/rfc8422 .. _UUID based home directories: migrations.html#dovecot-ldap-uuid-based-home-directories NixOS 25.11 diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix index 3f8d8af..941a4fc 100644 --- a/mail-server/dovecot.nix +++ b/mail-server/dovecot.nix @@ -312,6 +312,7 @@ in ssl_curve_list = lib.concatStringsSep ":" [ "X25519MLKEM768" "X25519" + "SecP256r1MLKEM768" "prime256v1" "secp384r1" ]; diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix index 0408138..aa02d37 100644 --- a/mail-server/postfix.nix +++ b/mail-server/postfix.nix @@ -399,10 +399,6 @@ in smtpd_tls_ciphers = "high"; smtpd_tls_mandatory_ciphers = "high"; - # Exclude cipher suites with undesirable properties - smtpd_tls_exclude_ciphers = "SHA1, eNULL, aNULL"; - smtpd_tls_mandatory_exclude_ciphers = "SHA1, eNULL, aNULL"; - # Enable DNSSEC/DANE support for outgoing SMTP connections # https://www.postfix.org/postconf.5.html#smtp_tls_security_level smtp_dns_support_level = "dnssec"; @@ -416,13 +412,6 @@ in smtp_tls_ciphers = "high"; smtp_tls_mandatory_ciphers = "high"; - # Exclude ciphersuites with undesirable properties - smtp_tls_exclude_ciphers = "SHA1, eNULL, aNULL"; - smtp_tls_mandatory_exclude_ciphers = "SHA1, eNULL, aNULL"; - - # Restrict and prioritize the following curves in the given order - # Excludes curves that have no widespread support, so we don't bloat the handshake needlessly. - # https://www.postfix.org/postconf.5.html#tls_eecdh_auto_curves tls_config_file = let mkGroupString = groups: concatStringsSep " / " (map (concatStringsSep ":") groups); @@ -432,14 +421,52 @@ in sections = { postfix_settings.ssl_conf = "postfix_ssl_settings"; postfix_ssl_settings.system_default = "baseline_postfix_settings"; - baseline_postfix_settings.Groups = mkGroupString [ - [ "*X25519MLKEM768" ] - [ "*X25519" ] - [ - "P-256" - "P-384" - ] - ]; + baseline_postfix_settings = { + # Allow all TLSv1.3 cipher suites + Ciphersuites = concatStringsSep ":" [ + "TLS_AES_256_GCM_SHA384" + "TLS_AES_128_GCM_SHA256" + "TLS_CHACHA20_POLY1305_SHA256" + ]; + + # Full list: openssl list -tls-groups + # Restrict and prioritize the following curves in the given order + # Excludes curves that have no widespread support, so we don't bloat the handshake needlessly. + # https://www.postfix.org/postconf.5.html#tls_eecdh_auto_curves + Groups = mkGroupString [ + [ "*X25519MLKEM768" ] + [ "*X25519" ] + [ "SecP256r1MLKEM768" ] + [ + "P-256" + "P-384" + ] + ]; + SignatureAlgorithms = concatStringsSep ":" [ + # Full list: openssl list -tls-signature-algorithms + # Reduced to algorithms with key material supported in CA/B + # baseline requirements and excluding deprecated algorithms + # like SHA1. + + # EcDSA certificates + # https://cabforum.org/working-groups/server/baseline-requirements/requirements/#71312-ecdsa + "ecdsa_secp256r1_sha256" + "ecdsa_secp384r1_sha384" + "ecdsa_secp521r1_sha512" + + # RSA certificates + # https://cabforum.org/working-groups/server/baseline-requirements/requirements/#71311-rsa + "rsa_pss_rsae_sha256" + "rsa_pss_rsae_sha384" + "rsa_pss_rsae_sha512" + "rsa_pss_pss_sha256" + "rsa_pss_pss_sha384" + "rsa_pss_pss_sha512" + "rsa_pkcs1_sha256" + "rsa_pkcs1_sha384" + "rsa_pkcs1_sha512" + ]; + }; }; }; tls_config_name = "postfix"; @@ -448,6 +475,16 @@ in tls_eecdh_auto_curves = [ ]; tls_ffdhe_auto_groups = [ ]; + # Require AEAD & ECDHE for TLSv1.2. + tls_high_cipherlist = concatStringsSep ":" [ + "ECDHE-ECDSA-AES256-GCM-SHA384" + "ECDHE-RSA-AES256-GCM-SHA384" + "ECDHE-ECDSA-AES128-GCM-SHA256" + "ECDHE-RSA-AES128-GCM-SHA256" + "ECDHE-ECDSA-CHACHA20-POLY1305" + "ECDHE-RSA-CHACHA20-POLY1305" + ]; + # As long as all cipher suites are considered safe, let the client use its preferred cipher tls_preempt_cipherlist = false;