From 8d6b14c82cf7a1c68e588c44739bd71a6ce1fa90 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Fri, 24 Apr 2026 21:32:17 +0200
Subject: [PATCH] postfix: restrict TLS signing algorithms

Prunes the list preset and removes SHA-1 to restore compatibility with
NCSC TLS security guidelines.
---
 mail-server/postfix.nix | 49 ++++++++++++++++++++++++++++++++---------
 1 file changed, 38 insertions(+), 11 deletions(-)

diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix
index 0408138..77cce70 100644
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@@ -420,9 +420,6 @@ in
         smtp_tls_exclude_ciphers = "SHA1, eNULL, aNULL";
         smtp_tls_mandatory_exclude_ciphers = "SHA1, eNULL, aNULL";
 
-        # Restrict and prioritize the following curves in the given order
-        # Excludes curves that have no widespread support, so we don't bloat the handshake needlessly.
-        # https://www.postfix.org/postconf.5.html#tls_eecdh_auto_curves
         tls_config_file =
           let
             mkGroupString = groups: concatStringsSep " / " (map (concatStringsSep ":") groups);
@@ -432,14 +429,44 @@ in
             sections = {
               postfix_settings.ssl_conf = "postfix_ssl_settings";
               postfix_ssl_settings.system_default = "baseline_postfix_settings";
-              baseline_postfix_settings.Groups = mkGroupString [
-                [ "*X25519MLKEM768" ]
-                [ "*X25519" ]
-                [
-                  "P-256"
-                  "P-384"
-                ]
-              ];
+              baseline_postfix_settings = {
+                # Full list: openssl list -tls-groups
+                # Restrict and prioritize the following curves in the given order
+                # Excludes curves that have no widespread support, so we don't bloat the handshake needlessly.
+                # https://www.postfix.org/postconf.5.html#tls_eecdh_auto_curves
+                Groups = mkGroupString [
+                  [ "*X25519MLKEM768" ]
+                  [ "*X25519" ]
+                  [
+                    "P-256"
+                    "P-384"
+                  ]
+                ];
+                SignatureAlgorithms = concatStringsSep ":" [
+                  # Full list: openssl list -tls-signature-algorithms
+                  # Reduced to algorithms with key material supported in CA/B
+                  # baseline requirements and excluding deprecated algorithms
+                  # like SHA1.
+
+                  # EcDSA certificates
+                  # https://cabforum.org/working-groups/server/baseline-requirements/requirements/#71312-ecdsa
+                  "ecdsa_secp256r1_sha256"
+                  "ecdsa_secp384r1_sha384"
+                  "ecdsa_secp521r1_sha512"
+
+                  # RSA certificates
+                  # https://cabforum.org/working-groups/server/baseline-requirements/requirements/#71311-rsa
+                  "rsa_pss_rsae_sha256"
+                  "rsa_pss_rsae_sha384"
+                  "rsa_pss_rsae_sha512"
+                  "rsa_pss_pss_sha256"
+                  "rsa_pss_pss_sha384"
+                  "rsa_pss_pss_sha512"
+                  "rsa_pkcs1_sha256"
+                  "rsa_pkcs1_sha384"
+                  "rsa_pkcs1_sha512"
+                ];
+              };
             };
           };
         tls_config_name = "postfix";