Can MiaB be configured for forward secrecy (ECDHE or DHE)?

Maintenance
1

Hi,

I use hardenize.com to help me improve security on both my websites and my MiaB email servers.

Hardenize suggest the following for my MiaB email server:

Headline:
Reconfigure server to use forward secrecy and authenticated encryption

Detail:
Even though this server supports TLS 1.2, the cipher suite configuration is suboptimal. We recommend that you reconfigure the server so that the cipher suites providing forward secrecy (ECDHE or DHE in the name, in this order of preference) and authenticated encryption (GCM or CHACHA20 in the name) are at the top. The server must also be configured to select the best-available suite.

Is this analysis by Hardenize for my MiaB email server correct?

If yes, is it possible to change configuration for MaiB to provide ECDHE or DHE ?

Thank you in advance for taking time to read this and thx for any suggested proposals.

2

It already is. If I’m reading the report correctly, it is advising to make ECDHE and DHE preferred by MiaB.

1 Like
3

For more information on configuring encryption, you might be interested in this page:

http://www.postfix.org/FORWARD_SECRECY_README.html

You can run postconf -d to print out postfix current configuration.

1 Like
4

Thank you for your fast reply, I will check the link you provided :+1:

5

If you discover a configuration that Hardenize likes, please share it here in the forum.

1 Like
6

Yes, of course, I will provide you with any workable solution I might find :slight_smile:

1 Like