Does Ubuntu 14.04 support and enable perfect forward secrecy ciphers in the default TLS configuration of servers such as nginx, dovecot and postfix?
Previous versions of Ubuntu such as 12.04 did not even have the needed ciphers compiled in (see LP#1197884 or How to enable TLS 1.2 in Nginx?).
No. But that is because this is not up to Ubuntu to support or enable. It is up to the respective software to support this.e
You need to have the following lines in your configuration for ...
Apache
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 \
EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 \
EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
Nginx
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 \
EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 \
EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
Dovecot
ssl_cipher_list = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4
ssl_prefer_server_ciphers = yes
Postfix
#the dh params
smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem
smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
#enable ECDH
smtpd_tls_eecdh_grade = strong
#enabled SSL protocols, don't allow SSLv2
smtpd_tls_protocols= !SSLv2
smtpd_tls_mandatory_protocols= !SSLv2
#allowed ciphers for smtpd_tls_security_level=encrypt
smtpd_tls_mandatory_ciphers = high
#allowed ciphers for smtpd_tls_security_level=may
#smtpd_tls_ciphers = high
#enforce the server cipher preference
tls_preempt_cipherlist = yes
#disable following ciphers for smtpd_tls_security_level=encrypt
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL
#disable following ciphers for smtpd_tls_security_level=may
#smtpd_tls_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL
#enable TLS logging to see the ciphers for inbound connections
smtpd_tls_loglevel = 1
#enable TLS logging to see the ciphers for outbound connections
smtp_tls_loglevel = 1
There are some system requirements and other configuration settings. More at the 2 links:
Yes, all supported Ubuntu releases ship with OpenSSL 1.0.1+ and most software is linked against OpenSSL for TLS security.
Keep in mind that a proper TLS server can be complex to set up correctly. Some quick general recommendations.
The default ciphersuite of OpenSSL includes support for PFS, but does not prioritize that at handshake level. Also application may have their own default ciphersuite setting to initialize OpenSSL with.
Always set your own ciphersuite/protocol settings to modern recommendations. Every now and then vulnerabilities are found and may decrease security if still used. For example, RC4 should be disabled, but two years ago it was recommended to prioritize that for the BEAST attack back then. That was patched in OpenSSL weeks after, but people keep using RC4... :(
Also, never forget to create DH parameters or else PFS won't be used for non-ECDHE ciphersuites! It's a common mistakes I see with people around me. OpenSSL will be initialized without legacy DH params and resulting in lack of PFS for non-ECDHE clients.
This wiki page managed by the Mozilla security team keeps a list of simple instructions and reasons for their recommendations.
https://wiki.mozilla.org/Security/Server_Side_TLS
VERY much recommended to follow this!
Use for example the Qualys SSL Labs test: https://www.ssllabs.com/ssltest/ and follow up the recommendations. It is very much doable to get an A+ score.
Yes, Ubuntu 14.04 supports Forward Security by default.
The default configuration lets the client decide whether or not to enable it. Chrome, Firefox, and Safari will request it.
