Add note about tls_ssl_options = NO_COMPRESSION

[Postfix docs](http://www.postfix.org/postconf.5.html#tls_ssl_options): > Disable SSL compression even if supported by the OpenSSL library. Compression is CPU-intensive, and compression before encryption does not always improve security. [Postfix mailing list discussion](http://postfix.1071664.n5.nabble.com/patch-mitigate-CRIME-attack-td57978.html): > The CRIME attack does not apply to SMTP, because unlike SMTP, there is no javascript in SMTP clients that makes them send thousands of email messages with chosen plaintext compressed together in the same packet with SASL credentials or other sensitive data. > The auditor completely failed to take the context into account. [Mailing list discussion of potential compression CRIME-like attack](https://lists.cert.at/pipermail/ach/2014-December/001660.html) > keeping compression disabled is a good idea. If you need a good test score, PCI compliance will likely flag compression despite not having any known risk with non-HTTP TLS.
2024-10-18 10:18:07 +02:00 · 2020-04-29 19:41:08 +12:00 · 2020-04-29 19:41:08 +12:00 · 76594c21c4
commit 76594c21c4
parent e7de9bceaf
1 changed files with 3 additions and 0 deletions
--- a/target/postfix/main.cf
+++ b/target/postfix/main.cf
@ -26,7 +26,10 @@ smtpd_tls_security_level = may
 smtpd_tls_loglevel = 1
 smtp_tls_security_level = may
 smtp_tls_loglevel = 1
+
+# Reduces CPU overhead with `NO_COMPRESSION`, SMTP not at risk of CRIME attack (see git blame for details)
 tls_ssl_options = NO_COMPRESSION
+
 tls_high_cipherlist = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
 tls_preempt_cipherlist = yes
 smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1