Page 1 of 1

Disable TLS v1.0 & 1.1

Posted: 02 Mar 2019 12:52
by elfranko
Hi,
We have been using these for a little while, and during a routine penetration test we were advised about still having Triple DES and also having TLS v1 & 1.1 enabled.
So I took to google to find out, and not a lot was evident. However I have managed to disable Triple Des and also set my EFA to only accept TLS v1.2.

If this is something you need to do, or want to do here is how:


In
/etc/postfix/main.cf
Change:

Code: Select all

smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
To

Code: Select all

smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1

To remove TripleDes:
Change this line:

Code: Select all

tls_medium_cipherlist = ECDSA+AESGCM:ECDH+AESGCM:DH+AESGCM:ECDSA+AES:ECDH+AES:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
To this:

Code: Select all

tls_medium_cipherlist = ECDSA+AESGCM:ECDH+AESGCM:DH+AESGCM:ECDSA+AES:ECDH+AES:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
Removing
:ECDH+3DES:DH+3DES & RSA+3DES:

A restart of Postfix does the trick.
I used
testssh on a kali box to test:
Image
Image


Hope this helps someone

ElFranko

Re: Disable TLS v1.0 & 1.1

Posted: 02 Mar 2019 15:21
by henk
Good tip!.

A bit off topic, but nice to know:
if you have webmail enabled on your mailserver, you can simply remove all protocols and add just the wanted protocols for apache:
-ALL, +TLSv1.2

Code: Select all

/etc/httpd/conf.d/ssl.conf

Code: Select all

#   SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect.  Disable SSLv2 access by default:
#SSLProtocol all -SSLv2 -SSLv3
#SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLProtocol -ALL +TLSv1.2  

Code: Select all

service httpd restart
Tip, if you have an old mobile phone, you need to add '+TLSv1', to be able to use Zpush or just buy a new phone that supports TLSv1.2 :lol:

To test your mailserver's SSL can use: https://www.ssllabs.com/ssltest/
A decent firewall will/should block (most) SSL vulnerabilties.
To be able to check SSL use testssl script to check all servers https://github.com/drwetter/testssl.sh

Create some dir (/root/software)
cd /root/software

Code: Select all

git clone --depth 1 https://github.com/drwetter/testssl.sh.git

Code: Select all

./testssl.sh --vulnerable  <<hostname>> 
result

Code: Select all

 rDNS (redacted):     EFA3 .
 Service detected:       HTTP

 Testing vulnerabilities

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), timed out
 CCS (CVE-2014-0224)                       not vulnerable (OK)
 Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK), session IDs were returned but potential memory fragments do not differ
 ROBOT                                     not vulnerable (OK)
 Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
 Secure Client-Initiated Renegotiation     not vulnerable (OK)
 CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
 BREACH (CVE-2013-3587)                    no HTTP compression (OK)  - only supplied "/" tested
 POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
 TLS_FALLBACK_SCSV (RFC 7507)              No fallback possible, no protocol below TLS 1.2 offered (OK)
 SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)
 FREAK (CVE-2015-0204)                     not vulnerable (OK)
 DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
                                           no RSA certificate, thus certificate can't be used with SSLv2 elsewhere
 LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
 BEAST (CVE-2011-3389)                     no SSL3 or TLS1 (OK)
 LUCKY13 (CVE-2013-0169), experimental     potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches
 RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)
Client check to be sure 8-)

Code: Select all

./testssl.sh --client-simulation <<hostname>>

Code: Select all

Running client simulations (HTTP) via sockets

 Android 4.2.2                No connection
 Android 4.4.2                TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Android 5.0.0                TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Android 6.0                  TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Android 7.0                  TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Chrome 65 Win 7              TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Chrome 70 Win 10             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Firefox 59 Win 7             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Firefox 62 Win 7             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 IE 6 XP                      No connection
 IE 7 Vista                   No connection
 IE 8 Win 7                   No connection
 IE 8 XP                      No connection
 IE 11 Win 7                  TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 IE 11 Win 8.1                TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 IE 11 Win Phone 8.1          TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 IE 11 Win 10                 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Edge 13 Win 10               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Edge 13 Win Phone 10         TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Edge 15 Win 10               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Opera 17 Win 7               TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Safari 9 iOS 9               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Safari 9 OS X 10.11          TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Safari 10 OS X 10.12         TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Apple ATS 9 iOS 9            TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Tor 17.0.9 Win 7             No connection
 Java 6u45                    No connection
 Java 7u25                    No connection
 Java 8u161                   TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Java 9.0.4                   TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 OpenSSL 1.0.1l               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 OpenSSL 1.0.2e               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)

Re: Disable TLS v1.0 & 1.1

Posted: 13 Aug 2019 12:02
by jamerson
i have followed elfranco steps to disable tls 1/1.1 unfortunately its not disabled
see attached screenshot
i am on EFA 4 maybe this different?