Postfix: DH-1024 weak key exchange is enabled.

Solution Verified - Updated 13 Jun 2024

Environment

Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Postfix

Issue

Key exchange (dh 1024) of lower strength than certificate key.
Weak SSL/TLS Key Exchange vulnerability on 25 Port.
How to generate DH Parameter file with custom key size ?

Resolution

In postfix configuration, smtpd_tls_dh1024_param_file option defines the dh parameter file.

Generate dh parameter with higher bits and mention it in postfix configuration in order to fix this issue.
To generate dh parameter file of certain size use below command:

# openssl dhparam -out /etc/postfix/<name-of-file-to-generate> <size of key>

Example:

# openssl dhparam -out /etc/postfix/dh2048.pem 2048

Above command will generate dh parameter file with key size 2048.
Once the command is completed add below line to postfix configuration file /etc/postfix/main.cf:

smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem

Note: Even if dh parameter with higher key size is generated, here option name will remain i.e. smtpd_tls_dh1024_param_file.

Restart the postfix

# systemctl restart postfix

Refer to upstream document for the details:

Content from www.postfix.org is not included.Postfix Docs: smtpd_tls_dh1024_param_file
To know complete steps to secure postfix installation with SSL/TLS follow below guide:

Securing postfix with SSL/TLS on RHEL7

Root Cause

Key exchange (dh 1024) had lower strength than recommended size. After increasing key size vulnerability should get fixed.

Diagnostic Steps

Run below nmap command to discover open ports and enabled ciphers. Output will be something like this

# nmap --script ssl-enum-* <ip-address>
Starting Nmap 7.92 ( https://nmap.org ) at 2022-05-20 10:10 UTC
Nmap scan report for <ip>
Host is up (0.11s latency).
Not shown: 998 closed tcp ports (conn-refused)
PORT   STATE SERVICE
22/tcp open  ssh
25/tcp open  smtp
| ssl-enum-ciphers: 
|   TLSv1.2: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 1024) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 1024) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 1024) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 1024) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 1024) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 1024) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|     warnings: 
|       Key exchange (dh 1024) of lower strength than certificate key
|_  least strength: A

Second last line shows weak dh parameter for postfix service (port 25). Also many of cipher suites are using it as per the above output: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 1024) - A

SBR

Product(s)

Red Hat Enterprise Linux for x86_64

Components

postfix

Category

Secure

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.