Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Trouble with enabling TLS on Postfix
Search
hirofumihida
February 03, 2017
Technology
1
3.2k
Trouble with enabling TLS on Postfix
hirofumihida
February 03, 2017
Tweet
Share
More Decks by hirofumihida
See All by hirofumihida
how-to-start-ansible-with-vmware
hirofumihida
0
910
Other Decks in Technology
See All in Technology
KotlinConf 2025_イベントレポート
sony
1
120
5年目から始める Vue3 サイト改善 #frontendo
tacck
PRO
3
220
2025年夏 コーディングエージェントを統べる者
nwiizo
0
140
Evolución del razonamiento matemático de GPT-4.1 a GPT-5 - Data Aventura Summit 2025 & VSCode DevDays
lauchacarro
0
170
会社紹介資料 / Sansan Company Profile
sansan33
PRO
6
380k
Codeful Serverless / 一人運用でもやり抜く力
_kensh
7
390
AIエージェント開発用SDKとローカルLLMをLINE Botと組み合わせてみた / LINEを使ったLT大会 #14
you
PRO
0
100
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
8.7k
Platform開発が先行する Platform Engineeringの違和感
kintotechdev
4
550
未経験者・初心者に贈る!40分でわかるAndroidアプリ開発の今と大事なポイント
operando
5
370
[ JAWS-UG 東京 CommunityBuilders Night #2 ]SlackとAmazon Q Developerで 運用効率化を模索する
sh_fk2
3
390
エラーとアクセシビリティ
schktjm
1
1.2k
Featured
See All Featured
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
[RailsConf 2023] Rails as a piece of cake
palkan
57
5.8k
Become a Pro
speakerdeck
PRO
29
5.5k
What’s in a name? Adding method to the madness
productmarketing
PRO
23
3.7k
For a Future-Friendly Web
brad_frost
180
9.9k
The Language of Interfaces
destraynor
161
25k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
3.1k
How GitHub (no longer) Works
holman
315
140k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
Agile that works and the tools we love
rasmusluckow
330
21k
Transcript
POSTFIX ͷ TLS ԽͰࠔͬͨ ͱ͋Δ Πϯϑϥ ͕ 2017-02-03 21Caffe @
intra_security#2 LT
TEXT ࣗݾհ ▸ ໊લ: Hirofumi Hida ▸ ΠϯϑϥΤϯδχΞ(UnixΛओʹ) ▸ SI
ͷݱʹ์Γࠐ·ΕͨΓ (ࠓͷ) ▸ Ops ͬͨΓ(ͲͪΒ͔ͱ͍͏ͱ͍·͕͖ͬͪ͜) ▸ Twitter: @gekko_qv ▸ Qiita: http://qiita.com/hirofumihida
TEXT ·͓͖͑ ▸ Postfix ͱ ▸ MTA mail transfer agent
▸ smtpd αʔόʔͰϝʔϧΛड͚औͬͯ ▸ smtp ΫϥΠΞϯτͰྡͷ MTA ʹϝʔϧΛసૹ ▸ TLS ͱ ▸ ௨৴ͷ҉߸Խ Transport Layer Security ▸ ࠓճ ྡͷMTA͘͠ϝʔϥʔ ͔Β smtpd αʔόʔ ·ͰͱɺsmtpΫϥΠ Ξϯτ ͔Β ྡͷsmtpdαʔόʔ ͕ؒ TLS (҉߸)Խର
TEXT ࠔͬͨ͜ͱ 1/4 ▸ ͕ࣗ postfix ϝʔϧηΩϡϦςΟ Α͘Βͳ͍ ▸
ͳΜͰͦΜͳਓؒΛϝΠϯͰΞαΠϯʁ ▸ શʹձ͔ࣾΒແৼΓ͞Εͨײ…Ͱ ▸ Ғ͍ਓʮࣄલௐࠪ(?)ऴΘͬͯΔ͔Βେৎʯ w w w w w w w w w w w w w w w ▸ ࢲʮྑ͔ͬͨɻָͳࣄʹͳΓͦ͏ͩͳɻɻʯ ▸ ࢲʮͰɺݱঢ়ͷ֬ೝΛͯ͠ΈΑ͏͔ɻʯ
TEXT ࠔͬͨ͜ͱ 2/4 ▸ OpenSSL ͕ݹ͗͢Δʂ ▸ Heart Bleed Ͳ͜ΖͰͳ͍
▸ TLS1.2 ͢ΒΕͳ͍ʂ ▸ ͕͢͞ʹ͜Εόʔδϣϯ্͛ͯΒ͑ͨɻ
TEXT ࠔͬͨ͜ͱ 3/4 ▸ ͬͨͱݴΘΕͨࣄલௐࠪ ▸ ࣮ػΑΓݹ͍όʔδϣϯͷຊޠυΩϡϝϯτ͔֬͠ೝ͠ ͯͳ͔ͬͨɻɻ ▸ ݁ہઃఆύϥϝʔλʔݟ͠ɻɻ
▸ ݕূΓ͠ɻɻ ▸ ͦͷ͓͋ΓͰɻɻ
TEXT ࠔͬͨ͜ͱ 4/4 ▸ ΤΠδϯάظ͕ؒͳ͍ɻɻ ▸ TLS Ωϟογϡ DB ͕ංେԽ͢Δ͕݅͋;
ɻɻ ▸ ͷͪʹ RFC5077 ͷଘࡏΛΔ࣌͢Ͱʹ͠ ▸ TLS1.2 ಉ࢜ͳΒ૿͑ͳ͍͕ɺSSLv3 ͱ௨৴͢Δͱ૿͑ ΔͬΆ͍ʁ
TEXT RFC5077 ͱʁ ▸ Transport Layer Security (TLS) Session Resumption
without Server-Side State ▸ https://tools.ietf.org/html/rfc5077 ▸ ৄ͘͠ https://techblog.yahoo.co.jp/infrastructure/ssl-session- resumption/
TEXT ڭ܇ ▸ૉਓ͚ͩͰηΩϡϦςΟҊ݅ʹؔΘΒͳ͍ํ͕ྑ͍ ▸Postfix ؚΊɺιϑτΣΞग़དྷΔ͚ͩ࠷৽൛Λ͓͏ ▸Postfix ݹͯ͘ RFC5077 ରԠͷ 2.11
Ҏ߱Λ͓͏ ▸࣮ػͱಉҰόʔδϣϯͷΦϦδφϧυΩϡϝϯτ(Ұ࣍ ใ)Λ֬ೝ͠Α͏ ▸ͦΕ͕ӳޠ൛͔͠ͳͯ͘
TEXT ͓ΘΓ ▸ ͝੩ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ :)