From 4da44603d0deda92e65f596105a0ba9fe6e39f1e Mon Sep 17 00:00:00 2001
From: Steve Hay <hay.steve@gmail.com>
Date: Wed, 14 Sep 2022 16:50:23 -0400
Subject: [PATCH] Updated DH parameters to 4096 bit RFC7919 values.

---
 conf/nginx-ssl.conf   |  2 +-
 setup/mail-dovecot.sh |  2 +-
 setup/mail-postfix.sh |  2 +-
 setup/ssl.sh          | 28 +++++++++++++++++++---------
 4 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/conf/nginx-ssl.conf b/conf/nginx-ssl.conf
index dbcb451e..72663f08 100644
--- a/conf/nginx-ssl.conf
+++ b/conf/nginx-ssl.conf
@@ -3,7 +3,7 @@
 # ssl_protocols has moved to nginx.conf in bionic, check there for enabled protocols.
 ssl_ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
 
-ssl_dhparam STORAGE_ROOT/ssl/dh2048.pem;
+ssl_dhparam STORAGE_ROOT/ssl/ffdhe4096.pem;
 
 # as recommended by http://nginx.org/en/docs/http/configuring_https_servers.html
 ssl_session_cache shared:SSL:50m;
diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh
index 1dff662f..0ef8a469 100755
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@@ -87,7 +87,7 @@ tools/editconf.py /etc/dovecot/conf.d/10-ssl.conf \
 	"ssl_min_protocol=TLSv1.2" \
 	"ssl_cipher_list=TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \
 	"ssl_prefer_server_ciphers=no" \
-	"ssl_dh=<$STORAGE_ROOT/ssl/dh2048.pem"
+	"ssl_dh=<$STORAGE_ROOT/ssl/ffdhe4096.pem"
 
 # Disable in-the-clear IMAP/POP because there is no reason for a user to transmit
 # login credentials outside of an encrypted connection. Only the over-TLS versions
diff --git a/setup/mail-postfix.sh b/setup/mail-postfix.sh
index 1d3d151d..79e23868 100755
--- a/setup/mail-postfix.sh
+++ b/setup/mail-postfix.sh
@@ -128,7 +128,7 @@ tools/editconf.py /etc/postfix/main.cf \
 	smtpd_tls_auth_only=yes \
 	smtpd_tls_cert_file=$STORAGE_ROOT/ssl/ssl_certificate.pem \
 	smtpd_tls_key_file=$STORAGE_ROOT/ssl/ssl_private_key.pem \
-	smtpd_tls_dh1024_param_file=$STORAGE_ROOT/ssl/dh2048.pem \
+	smtpd_tls_dh1024_param_file=$STORAGE_ROOT/ssl/ffdhe4096.pem \
 	smtpd_tls_protocols="!SSLv2,!SSLv3" \
 	smtpd_tls_ciphers=medium \
 	tls_medium_cipherlist=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA \
diff --git a/setup/ssl.sh b/setup/ssl.sh
index 9bd5d539..5d49ff5d 100755
--- a/setup/ssl.sh
+++ b/setup/ssl.sh
@@ -27,9 +27,8 @@ source /etc/mailinabox.conf # load global vars
 # Show a status line if we are going to take any action in this file.
 if  [ ! -f /usr/bin/openssl ] \
  || [ ! -f $STORAGE_ROOT/ssl/ssl_private_key.pem ] \
- || [ ! -f $STORAGE_ROOT/ssl/ssl_certificate.pem ] \
- || [ ! -f $STORAGE_ROOT/ssl/dh2048.pem ]; then
-	echo "Creating initial SSL certificate and perfect forward secrecy Diffie-Hellman parameters..."
+ || [ ! -f $STORAGE_ROOT/ssl/ssl_certificate.pem ]; then
+	echo "Creating initial SSL certificate..."
 fi
 
 # Install openssl.
@@ -90,9 +89,20 @@ if [ ! -f $STORAGE_ROOT/ssl/ssl_certificate.pem ]; then
 	ln -s $CERT $STORAGE_ROOT/ssl/ssl_certificate.pem
 fi
 
-# Generate some Diffie-Hellman cipher bits.
-# openssl's default bit length for this is 1024 bits, but we'll create
-# 2048 bits of bits per the latest recommendations.
-if [ ! -f $STORAGE_ROOT/ssl/dh2048.pem ]; then
-	openssl dhparam -out $STORAGE_ROOT/ssl/dh2048.pem 2048
-fi
+# Use the RFC 7919 finite-field DHE parameters instead of self-generating.
+rm -f "$STORAGE_ROOT/ssl/dh2048.pem"
+cat > "$STORAGE_ROOT/ssl/ffdhe4096.pem" <<EOF
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
+ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
+7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
+nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e
+8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx
+iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K
+zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=
+-----END DH PARAMETERS-----
+EOF