Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Trouble with enabling TLS on Postfix
Search
hirofumihida
February 03, 2017
Technology
1
3.1k
Trouble with enabling TLS on Postfix
hirofumihida
February 03, 2017
Tweet
Share
More Decks by hirofumihida
See All by hirofumihida
how-to-start-ansible-with-vmware
hirofumihida
0
870
Other Decks in Technology
See All in Technology
元インフラエンジニアに成る / Human Resources to Human Relations
bobtani
2
740
強みを伸ばすキャリアデザイン
yug1224
0
200
転移学習とドメイン適応の基礎
kmatsui
2
570
社内勉強会運営のコツ
senoo
6
1.1k
SREとその組織類型
tatsuo48
8
1.5k
LLM とプロンプトエンジニアリング/チューターをビルドする / LLM and Prompt Engineering and Building Tutors
ks91
PRO
0
220
PHP"オレ"カンファレンスの告知
ysknsid25
0
330
4年前、あるじゃん老害エンジニアLT合戦に登壇、米国西海岸コンピュータ歴史博物館体験記の続編
toshi_atsumi
0
190
HEXA OSINT CTF V3 作戦会議
meow_noisy
0
110
〜小さく始めて大きく育てる〜データ分析基盤の開発から活用まで
kniino
0
2k
「手動オペレーションに定評がある」と言われた私が心がけていること / phpcon_odawara2024
blue_goheimochi
1
320
Databricks におけるデータエンジニアリング
databricksjapan
0
370
Featured
See All Featured
Building a Modern Day E-commerce SEO Strategy
aleyda
16
6.3k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
272
13k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
225
51k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
226
16k
Documentation Writing (for coders)
carmenintech
59
3.9k
What's new in Ruby 2.0
geeforr
336
31k
GitHub's CSS Performance
jonrohan
1023
450k
Docker and Python
trallard
33
2.7k
Designing the Hi-DPI Web
ddemaree
276
33k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
219
21k
Teambox: Starting and Learning
jrom
128
8.4k
Art, The Web, and Tiny UX
lynnandtonic
288
19k
Transcript
POSTFIX ͷ TLS ԽͰࠔͬͨ ͱ͋Δ Πϯϑϥ ͕ 2017-02-03 21Caffe @
intra_security#2 LT
TEXT ࣗݾհ ▸ ໊લ: Hirofumi Hida ▸ ΠϯϑϥΤϯδχΞ(UnixΛओʹ) ▸ SI
ͷݱʹ์Γࠐ·ΕͨΓ (ࠓͷ) ▸ Ops ͬͨΓ(ͲͪΒ͔ͱ͍͏ͱ͍·͕͖ͬͪ͜) ▸ Twitter: @gekko_qv ▸ Qiita: http://qiita.com/hirofumihida
TEXT ·͓͖͑ ▸ Postfix ͱ ▸ MTA mail transfer agent
▸ smtpd αʔόʔͰϝʔϧΛड͚औͬͯ ▸ smtp ΫϥΠΞϯτͰྡͷ MTA ʹϝʔϧΛసૹ ▸ TLS ͱ ▸ ௨৴ͷ҉߸Խ Transport Layer Security ▸ ࠓճ ྡͷMTA͘͠ϝʔϥʔ ͔Β smtpd αʔόʔ ·ͰͱɺsmtpΫϥΠ Ξϯτ ͔Β ྡͷsmtpdαʔόʔ ͕ؒ TLS (҉߸)Խର
TEXT ࠔͬͨ͜ͱ 1/4 ▸ ͕ࣗ postfix ϝʔϧηΩϡϦςΟ Α͘Βͳ͍ ▸
ͳΜͰͦΜͳਓؒΛϝΠϯͰΞαΠϯʁ ▸ શʹձ͔ࣾΒແৼΓ͞Εͨײ…Ͱ ▸ Ғ͍ਓʮࣄલௐࠪ(?)ऴΘͬͯΔ͔Βେৎʯ w w w w w w w w w w w w w w w ▸ ࢲʮྑ͔ͬͨɻָͳࣄʹͳΓͦ͏ͩͳɻɻʯ ▸ ࢲʮͰɺݱঢ়ͷ֬ೝΛͯ͠ΈΑ͏͔ɻʯ
TEXT ࠔͬͨ͜ͱ 2/4 ▸ OpenSSL ͕ݹ͗͢Δʂ ▸ Heart Bleed Ͳ͜ΖͰͳ͍
▸ TLS1.2 ͢ΒΕͳ͍ʂ ▸ ͕͢͞ʹ͜Εόʔδϣϯ্͛ͯΒ͑ͨɻ
TEXT ࠔͬͨ͜ͱ 3/4 ▸ ͬͨͱݴΘΕͨࣄલௐࠪ ▸ ࣮ػΑΓݹ͍όʔδϣϯͷຊޠυΩϡϝϯτ͔֬͠ೝ͠ ͯͳ͔ͬͨɻɻ ▸ ݁ہઃఆύϥϝʔλʔݟ͠ɻɻ
▸ ݕূΓ͠ɻɻ ▸ ͦͷ͓͋ΓͰɻɻ
TEXT ࠔͬͨ͜ͱ 4/4 ▸ ΤΠδϯάظ͕ؒͳ͍ɻɻ ▸ TLS Ωϟογϡ DB ͕ංେԽ͢Δ͕݅͋;
ɻɻ ▸ ͷͪʹ RFC5077 ͷଘࡏΛΔ࣌͢Ͱʹ͠ ▸ TLS1.2 ಉ࢜ͳΒ૿͑ͳ͍͕ɺSSLv3 ͱ௨৴͢Δͱ૿͑ ΔͬΆ͍ʁ
TEXT RFC5077 ͱʁ ▸ Transport Layer Security (TLS) Session Resumption
without Server-Side State ▸ https://tools.ietf.org/html/rfc5077 ▸ ৄ͘͠ https://techblog.yahoo.co.jp/infrastructure/ssl-session- resumption/
TEXT ڭ܇ ▸ૉਓ͚ͩͰηΩϡϦςΟҊ݅ʹؔΘΒͳ͍ํ͕ྑ͍ ▸Postfix ؚΊɺιϑτΣΞग़དྷΔ͚ͩ࠷৽൛Λ͓͏ ▸Postfix ݹͯ͘ RFC5077 ରԠͷ 2.11
Ҏ߱Λ͓͏ ▸࣮ػͱಉҰόʔδϣϯͷΦϦδφϧυΩϡϝϯτ(Ұ࣍ ใ)Λ֬ೝ͠Α͏ ▸ͦΕ͕ӳޠ൛͔͠ͳͯ͘
TEXT ͓ΘΓ ▸ ͝੩ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ :)