Replace EDH key generation by DHE group file

2023-12-15 11:55:11 +01:00
parent 4a2e9f2ec6
commit 7b990c9ff6
4 changed files with 16 additions and 8 deletions
--- a/modoboa_installer/config_dict_template.py
+++ b/modoboa_installer/config_dict_template.py
@@ -346,6 +346,10 @@ ConfigDictTemplate = [
                "option": "message_size_limit",
                "default": "11534336",
            },
+            {
+                "option": "dhe_group",
+                "default": "4096"
+            }
        ]
    },
    {
--- a/modoboa_installer/scripts/base.py
+++ b/modoboa_installer/scripts/base.py
@@ -10,7 +10,7 @@ from .. import system
 from .. import utils


-class Installer(object):
+class Installer:
    """Simple installer for one application."""

    appname = None
--- a/modoboa_installer/scripts/files/postfix/main.cf.tpl
+++ b/modoboa_installer/scripts/files/postfix/main.cf.tpl
@@ -41,7 +41,7 @@ smtpd_tls_auth_only = no
 smtpd_tls_CApath = /etc/ssl/certs
 smtpd_tls_key_file = %tls_key_file
 smtpd_tls_cert_file = %tls_cert_file
-smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
+smtpd_tls_dh1024_param_file = ${config_directory}/ffdhe%{dhe_group}.pem
 smtpd_tls_loglevel = 1
 smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache
 smtpd_tls_security_level = may
--- a/modoboa_installer/scripts/postfix.py
+++ b/modoboa_installer/scripts/postfix.py
@@ -14,7 +14,6 @@ from . import backup, install


 class Postfix(base.Installer):
-
    """Postfix installer."""

    appname = "postfix"
@@ -51,7 +50,7 @@ class Postfix(base.Installer):

    def get_template_context(self):
        """Additional variables."""
-        context = super(Postfix, self).get_template_context()
+        context = super().get_template_context()
        context.update({
            "db_driver": self.db_driver,
            "dovecot_mailboxes_owner": self.config.get(
@@ -65,6 +64,13 @@ class Postfix(base.Installer):
        })
        return context

+    def check_dhe_group_file(self):
+        group = self.config.get(self.appname, "dhe_group")
+        file_name = f"ffdhe{group}.pem"
+        if not os.path.exists(f"{self.config_dir}/{file_name}"):
+            url = f"https://raw.githubusercontent.com/internetstandards/dhe_groups/main/{file_name}"
+            utils.exec_cmd(f"wget {url}", cwd=self.config_dir)
+
    def post_run(self):
        """Additional tasks."""
        venv_path = self.config.get("modoboa", "venv_path")
@@ -86,10 +92,8 @@ class Postfix(base.Installer):
            if not os.path.exists(path):
                utils.copy_file(os.path.join("/etc", f), path)

-        # Generate EDH parameters
-        if not os.path.exists("{}/dh2048.pem".format(self.config_dir)):
-            cmd = "openssl dhparam -dsaparam -out dh2048.pem 2048"
-            utils.exec_cmd(cmd, cwd=self.config_dir)
+        # Generate DHE group
+        self.check_dhe_group_file()

        # Generate /etc/aliases.db file to avoid warnings
        aliases_file = "/etc/aliases"