Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Trouble with enabling TLS on Postfix
Search
hirofumihida
February 03, 2017
Technology
1
3.2k
Trouble with enabling TLS on Postfix
hirofumihida
February 03, 2017
Tweet
Share
More Decks by hirofumihida
See All by hirofumihida
how-to-start-ansible-with-vmware
hirofumihida
0
910
Other Decks in Technology
See All in Technology
Agentic Workflowという選択肢を考える
tkikuchi1002
1
500
監視のこれまでとこれから/sakura monitoring seminar 2025
fujiwara3
11
3.9k
Microsoft Build 2025 技術/製品動向 for Microsoft Startup Tech Community
torumakabe
2
270
変化する開発、進化する体系時代に適応するソフトウェアエンジニアの知識と考え方(JaSST'25 Kansai)
mizunori
1
210
Uniadex__公開版_20250617-AIxIoTビジネス共創ラボ_ツナガルチカラ_.pdf
iotcomjpadmin
0
160
PostgreSQL 18 cancel request key長の変更とRailsへの関連
yahonda
0
120
Oracle Audit Vault and Database Firewall 20 概要
oracle4engineer
PRO
3
1.7k
Github Copilot エージェントモードで試してみた
ochtum
0
100
Welcome to the LLM Club
koic
0
170
CI/CD/IaC 久々に0から環境を作ったらこうなりました
kaz29
1
170
低レイヤを知りたいPHPerのためのCコンパイラ作成入門 完全版 / Building a C Compiler for PHPers Who Want to Dive into Low-Level Programming - Expanded
tomzoh
4
3.2k
生成AI時代の開発組織・技術・プロセス 〜 ログラスの挑戦と考察 〜
itohiro73
0
150
Featured
See All Featured
The Art of Programming - Codeland 2020
erikaheidi
54
13k
How to Ace a Technical Interview
jacobian
277
23k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
2.9k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
281
13k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.3k
Optimizing for Happiness
mojombo
379
70k
A designer walks into a library…
pauljervisheath
207
24k
A Tale of Four Properties
chriscoyier
160
23k
RailsConf 2023
tenderlove
30
1.1k
Intergalactic Javascript Robots from Outer Space
tanoku
271
27k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
107
19k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
31
1.2k
Transcript
POSTFIX ͷ TLS ԽͰࠔͬͨ ͱ͋Δ Πϯϑϥ ͕ 2017-02-03 21Caffe @
intra_security#2 LT
TEXT ࣗݾհ ▸ ໊લ: Hirofumi Hida ▸ ΠϯϑϥΤϯδχΞ(UnixΛओʹ) ▸ SI
ͷݱʹ์Γࠐ·ΕͨΓ (ࠓͷ) ▸ Ops ͬͨΓ(ͲͪΒ͔ͱ͍͏ͱ͍·͕͖ͬͪ͜) ▸ Twitter: @gekko_qv ▸ Qiita: http://qiita.com/hirofumihida
TEXT ·͓͖͑ ▸ Postfix ͱ ▸ MTA mail transfer agent
▸ smtpd αʔόʔͰϝʔϧΛड͚औͬͯ ▸ smtp ΫϥΠΞϯτͰྡͷ MTA ʹϝʔϧΛసૹ ▸ TLS ͱ ▸ ௨৴ͷ҉߸Խ Transport Layer Security ▸ ࠓճ ྡͷMTA͘͠ϝʔϥʔ ͔Β smtpd αʔόʔ ·ͰͱɺsmtpΫϥΠ Ξϯτ ͔Β ྡͷsmtpdαʔόʔ ͕ؒ TLS (҉߸)Խର
TEXT ࠔͬͨ͜ͱ 1/4 ▸ ͕ࣗ postfix ϝʔϧηΩϡϦςΟ Α͘Βͳ͍ ▸
ͳΜͰͦΜͳਓؒΛϝΠϯͰΞαΠϯʁ ▸ શʹձ͔ࣾΒແৼΓ͞Εͨײ…Ͱ ▸ Ғ͍ਓʮࣄલௐࠪ(?)ऴΘͬͯΔ͔Βେৎʯ w w w w w w w w w w w w w w w ▸ ࢲʮྑ͔ͬͨɻָͳࣄʹͳΓͦ͏ͩͳɻɻʯ ▸ ࢲʮͰɺݱঢ়ͷ֬ೝΛͯ͠ΈΑ͏͔ɻʯ
TEXT ࠔͬͨ͜ͱ 2/4 ▸ OpenSSL ͕ݹ͗͢Δʂ ▸ Heart Bleed Ͳ͜ΖͰͳ͍
▸ TLS1.2 ͢ΒΕͳ͍ʂ ▸ ͕͢͞ʹ͜Εόʔδϣϯ্͛ͯΒ͑ͨɻ
TEXT ࠔͬͨ͜ͱ 3/4 ▸ ͬͨͱݴΘΕͨࣄલௐࠪ ▸ ࣮ػΑΓݹ͍όʔδϣϯͷຊޠυΩϡϝϯτ͔֬͠ೝ͠ ͯͳ͔ͬͨɻɻ ▸ ݁ہઃఆύϥϝʔλʔݟ͠ɻɻ
▸ ݕূΓ͠ɻɻ ▸ ͦͷ͓͋ΓͰɻɻ
TEXT ࠔͬͨ͜ͱ 4/4 ▸ ΤΠδϯάظ͕ؒͳ͍ɻɻ ▸ TLS Ωϟογϡ DB ͕ංେԽ͢Δ͕݅͋;
ɻɻ ▸ ͷͪʹ RFC5077 ͷଘࡏΛΔ࣌͢Ͱʹ͠ ▸ TLS1.2 ಉ࢜ͳΒ૿͑ͳ͍͕ɺSSLv3 ͱ௨৴͢Δͱ૿͑ ΔͬΆ͍ʁ
TEXT RFC5077 ͱʁ ▸ Transport Layer Security (TLS) Session Resumption
without Server-Side State ▸ https://tools.ietf.org/html/rfc5077 ▸ ৄ͘͠ https://techblog.yahoo.co.jp/infrastructure/ssl-session- resumption/
TEXT ڭ܇ ▸ૉਓ͚ͩͰηΩϡϦςΟҊ݅ʹؔΘΒͳ͍ํ͕ྑ͍ ▸Postfix ؚΊɺιϑτΣΞग़དྷΔ͚ͩ࠷৽൛Λ͓͏ ▸Postfix ݹͯ͘ RFC5077 ରԠͷ 2.11
Ҏ߱Λ͓͏ ▸࣮ػͱಉҰόʔδϣϯͷΦϦδφϧυΩϡϝϯτ(Ұ࣍ ใ)Λ֬ೝ͠Α͏ ▸ͦΕ͕ӳޠ൛͔͠ͳͯ͘
TEXT ͓ΘΓ ▸ ͝੩ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ :)