dovecot - Mar 2015 - imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??

Connecting to dovecot with ssl3 causes imap-login to die:


$ openssl s_client -connect localhost:993 -ssl3
CONNECTED(00000003)
4277630796:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert 
handshake failure:s3_pkt.c:1461:SSL alert number 40
4277630796:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake 
failure:s3_pkt.c:645:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
     Protocol  : SSLv3
     Cipher    : 0000
     Session-ID:
     Session-ID-ctx:
     Master-Key:
     Key-Arg   : None
     PSK identity: None
     PSK identity hint: None
     SRP username: None
     Start Time: 1426851034
     Timeout   : 7200 (sec)
     Verify return code: 0 (ok)
---



syslog:
Mar 20 11:30:35 MAILHOST dovecot: [ID 583609 mail.crit] imap-login: 
Fatal: master: service(imap-login): child 21918 killed with signal 11 
(core dumped) [last ip=127.0.0.1]




dovecot.conf had:
ssl_protocols = !SSLv2 !SSLv3

removing that line stops the core dump and syslog then shows:

Mar 20 11:36:25 MAILHOST dovecot: [ID 583609 mail.info] imap-login: 
Disconnected (disconnected before auth was ready, waited 0 secs): 
user=<>, rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() 
failed: error:14076102:SSL routines:SSL23_GET_CLIENT_HELLO:unsupported 
protocol, session=<eqr1ubYRWgB/AAAB>



the "SSL23_GET_CLIENT_HELLO:unsupported protocol" seems to do what I 
thought the ssl_protocols setting did.
Do I still need, if I ever needed, the "ssl_protocols = " setting?



James.



# dovecot -n
# 2.2.16: /etc/opt/XXXX/dovecot/dovecot.conf
# Pigeonhole version 0.4.7
# OS: SunOS 5.10 i86pc
auth_mechanisms = plain login digest-md5 cram-md5
base_dir = /var/opt/XXXX/dovecot/
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
login_trusted_networks = 111.222.333.444/24
mail_gid = vmail
mail_home = /XXXXXX/XXXX/%d/%n
mail_location = maildir:/XXXXX/XXXX/%d/%n/Maildir
mail_max_userip_connections = 20
mail_plugins = quota
mail_uid = vmail
mailbox_idle_check_interval = 10 secs
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date index ihave duplicate
passdb {
   args = /etc/opt/XXXX/dovecot/dovecot-sql.conf
   driver = sql
}
plugin {
   fts_autoindex = yes
   quota = maildir:User quota
   quota_rule = *:storage=1G
   quota_rule2 = Trash:storage=+10%
   quota_warning = storage=90%% quota-warning 90 %u
   quota_warning2 = storage=95%% quota-warning 95 %u
   quota_warning3 = storage=99%% quota-warning 99 %u
   sieve = /XXXXX/XXXX/%d/%n/dovecot.sieve
   sieve_dir = /XXXXX/XXXX/%d/%n/sieve
}
protocols = imap lmtp sieve
service auth {
   drop_priv_before_exec = yes
   unix_listener auth-client {
     mode = 0660
   }
   unix_listener auth-master {
     mode = 0600
   }
   user = root
}
service imap-login {
   chroot    drop_priv_before_exec = yes
   executable = imap-login -D
   service_count = 1
   user = dovecot
}
service lmtp {
   group = vmail
   unix_listener lmtp {
     mode = 0666
   }
   user = vmail
}
service quota-warning {
   executable = script /etc/opt/XXXX/dovecot/quota-warning
   user = vmail
}
ssl_cert = </etc/opt/XXXX/dovecot/dovecot.pem
ssl_cipher_list = AES128+EECDH:AES128+EDH
ssl_key = </etc/opt/XXXX/dovecot/dovecot.pem
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3
userdb {
   driver = prefetch
}
userdb {
   args = /etc/opt/XXXX/dovecot/dovecot-sql.conf
   driver = sql
}
protocol lda {
   auth_socket_path = /var/opt/XXXX/dovecot/auth-master
   mail_plugins = quota sieve
   postmaster_address = postmaster at XXXXXXXX
   sendmail_path = /opt/XXXX/sbin/exim
}
protocol pop3 {
   mail_plugins = quota
}
protocol imap {
   mail_plugins = quota imap_quota
}
protocol lmtp {
   mail_plugins = quota sieve
   postmaster_address = postmaster at XXXXXX
   sendmail_path = /opt/XXXX/sbin/exim
}

On 20 Mar 2015, at 13:59, James <lista at xdrv.co.uk>
wrote:
> 
> Connecting to dovecot with ssl3 causes imap-login to die:
> 
> Mar 20 11:30:35 MAILHOST dovecot: [ID 583609 mail.crit] imap-login: Fatal:
master: service(imap-login): child 21918 killed with signal 11 (core dumped)
[last ip=127.0.0.1]
I can't reproduce it. I tried it with the same ssl_* settings you had. Can
you get a gdb backtrace from the crash? It says "core dumped", so I
guess there should be a core file somewhere. http://dovecot.org/bugreport.html
has some more info on how to get it.
> dovecot.conf had:
> ssl_protocols = !SSLv2 !SSLv3
> 
> removing that line stops the core dump and syslog then shows:
> 
> Mar 20 11:36:25 MAILHOST dovecot: [ID 583609 mail.info] imap-login:
Disconnected (disconnected before auth was ready, waited 0 secs): user=<>,
rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed:
error:14076102:SSL routines:SSL23_GET_CLIENT_HELLO:unsupported protocol,
session=<eqr1ubYRWgB/AAAB>
> 
> 
> 
> the "SSL23_GET_CLIENT_HELLO:unsupported protocol" seems to do
what I thought the ssl_protocols setting did.
> Do I still need, if I ever needed, the "ssl_protocols = "
setting?
All these ssl_* settings just go to OpenSSL without Dovecot (or I) knowing all
that much about them. I think you still need it, but maybe it's because your
ssl_cipher_list is so limited that it fails the session anyway (just my guess).

On 20/03/2015 18:24, Timo Sirainen wrote:
>> Connecting to dovecot with ssl3 causes imap-login to die:
>>
>> Mar 20 11:30:35 MAILHOST dovecot: [ID 583609 mail.crit] imap-login:
Fatal: master: service(imap-login): child 21918 killed with signal 11 (core
dumped) [last ip=127.0.0.1]
>
> I can't reproduce it. I tried it with the same ssl_* settings you had.
Can you get a gdb backtrace from the crash? It says "core dumped", so
I guess there should be a core file somewhere. http://dovecot.org/bugreport.html
has some more info on how to get it.

Thank you for your interest, here is a dbx trace.  This was with OpenSSL 
1.0.2a.


(dbx) where 

=>[1] ssl3_get_client_hello(s = 0x809b2a0) (optimized), at 0xfe9db0d5 
(line ~1362) in "s3_srvr.c"
   [2] ssl3_accept(s = 0x809b2a0) (optimized), at 0xfe9d9892 (line ~357) 
in "s3_srvr.c"
   [3] SSL_accept(s = 0x809b2a0) (optimized), at 0xfea09f07 (line ~990) 
in "ssl_lib.c"
   [4] ssl_handshake(proxy = 0x809ba38) (optimized), at 0xfee35c18 (line 
~481) in "ssl-proxy-openssl.c"
   [5] ssl_step(proxy = 0x809ba38) (optimized), at 0xfee35ee0 (line 
~545) in "ssl-proxy-openssl.c"
   [6] ssl_proxy_flush(proxy = 0x809ba38) (optimized), at 0xfee3680c 
(line ~817) in "ssl-proxy-openssl.c"
   [7] ssl_proxy_destroy(proxy = 0x809ba38) (optimized), at 0xfee3686b 
(line ~825) in "ssl-proxy-openssl.c"
   [8] ssl_handle_error(proxy = 0x809ba38, ret = -1, func_name = 
0xfee3b2d8 "SSL_accept()") (optimized), at 0xfee35bc0 (line ~465) in 
"ssl-proxy-openssl.c"
   [9] ssl_handshake(proxy = 0x809ba38) (optimized), at 0xfee35cc9 (line 
~483) in "ssl-proxy-openssl.c"
   [10] ssl_step(proxy = 0x809ba38) (optimized), at 0xfee35ee0 (line 
~545) in "ssl-proxy-openssl.c"
   [11] ssl_proxy_start(proxy = 0x809ba38) (optimized), at 0xfee36341 
(line ~685) in "ssl-proxy-openssl.c"
   [12] client_connected_finish(conn = 0x8047ae0) (optimized), at 
0xfee31d62 (line ~151) in "main.c"
   [13] client_connected(conn = 0x8047ae0) (optimized), at 0xfee32148 
(line ~246) in "main.c"
   [14] master_service_listen(l = 0x8096b30) (optimized), at 0xfecfac7e 
(line ~837) in "master-service.c"
   [15] io_loop_call_io(io = 0x8096bd0) (optimized), at 0xfeda764b (line 
~501) in "ioloop.c"
   [16] io_loop_handler_run_internal(ioloop = 0x8071d70) (optimized), at 
0xfedaa419 (line ~211) in "ioloop-poll.c"
   [17] io_loop_handler_run(ioloop = 0x8071d70) (optimized), at 
0xfeda77be (line ~548) in "ioloop.c"
   [18] io_loop_run(ioloop = 0x8071d70) (optimized), at 0xfeda7711 (line 
~525) in "ioloop.c"
   [19] master_service_run(service = 0x8071cb8, callback = 0xfee32040 = 
&`libdovecot-login.so.0.0.0`main.c`client_connected(struct 
master_service_connection *conn)) (optimized), at 0xfecfa3d7 (line ~569) 
in "master-service.c"
   [20] login_binary_run(binary = 0x8068c50, argc = 2, argv = 0x8047d4c) 
(optimized), at 0xfee3294a (line ~470) in "main.c"
   [21] main(argc = 2, argv = 0x8047d4c) (optimized), at 0x8054de7 (line 
~706) in "client.c"





>> dovecot.conf had:
>> ssl_protocols = !SSLv2 !SSLv3
>>
>> removing that line stops the core dump and syslog then shows:
>>
>> Mar 20 11:36:25 MAILHOST dovecot: [ID 583609 mail.info] imap-login:
Disconnected (disconnected before auth was ready, waited 0 secs): user=<>,
rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed:
error:14076102:SSL routines:SSL23_GET_CLIENT_HELLO:unsupported protocol,
session=<eqr1ubYRWgB/AAAB>
>>
>>
>>
>> the "SSL23_GET_CLIENT_HELLO:unsupported protocol" seems to do
what I thought the ssl_protocols setting did.
>> Do I still need, if I ever needed, the "ssl_protocols = "
setting?
>
> All these ssl_* settings just go to OpenSSL without Dovecot (or I) knowing
all that much about them. I think you still need it, but maybe it's because
your ssl_cipher_list is so limited that it fails the session anyway (just my
guess).
I admit I just copied from somewhere else without full understanding. 
Please if someone can advise me on settings for ssl_protocols and 
ssl_cipher_list then I'll use.

Removing "ssl_cipher_list = ", so using the default, does not cure the
problem.



James.