dovecot - Sep 2020 - dovecot TSL 1.3 config option 'ssl_ciphersuites' causes fatal error on launch. not supported, bad config, or bug?

I've installed

	grep PRETTY /etc/os-release
		PRETTY_NAME="Fedora 32 (Server Edition)"
	dovecot --version
		2.3.10.1 (a3d0e1171)
	openssl version
		OpenSSL 1.1.1g FIPS  21 Apr 2020

iiuc, Dovecot has apparently had support for setting TLS 1.3 ciphersuites since
v2.3.9, per this commit

	lib-ssl-iostream: Support TLSv1.3 ciphersuites
	
https://github.com/dovecot/core/commit/8f6f04eb21276f28b81695dd0d3df57c7b8f43e4

checking openssl

	rpm -ql openssl-devel-1.1.1g-1.fc32.x86_64 | grep -i ciphersuites
		/usr/share/man/man3/SSL_CTX_set_ciphersuites.3ssl.gz
		/usr/share/man/man3/SSL_set_ciphersuites.3ssl.gz

	man SSL_set_ciphersuites
		...
		SSL_set_cipher_list() sets the list of ciphers (TLSv1.2 and below) only for
ssl.

		SSL_CTX_set_ciphersuites() is used to configure the available TLSv1.3
ciphersuites for ctx. This is a simple colon
		(":") separated list of TLSv1.3 ciphersuite names in order of
preference. Valid TLSv1.3 ciphersuite names are:

		TLS_AES_128_GCM_SHA256
		TLS_AES_256_GCM_SHA384
		TLS_CHACHA20_POLY1305_SHA256
		TLS_AES_128_CCM_SHA256
		TLS_AES_128_CCM_8_SHA256

		An empty list is permissible. The default value for the this setting is:

	
"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"

		SSL_set_ciphersuites() is the same as SSL_CTX_set_ciphersuites() except it
configures the ciphersuites for ssl.
		...

checkin in dovecot tag 2.3.10.1's src,

	m4/ssl.m4 (m4)
		...
		AC_CHECK_LIB(ssl, SSL_CTX_set_ciphersuites, [
		AC_DEFINE(HAVE_SSL_CTX_SET_CIPHERSUITES,, [Build with
SSL_CTX_set_ciphersuites() support])
		],, $SSL_LIBS)
		...

and,

	src/lib-ssl-iostream/iostream-openssl.c

		...
		#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
				if (set->ciphersuites != NULL &&
				strcmp(ctx_set->ciphersuites, set->ciphersuites) != 0) {
				if (SSL_set_ciphersuitesl(ssl_io->ssl, set->ciphersuites) == 0) {
					*error_r = t_strdup_printf(
						"Can't set ciphersuites to '%s': %s",
						set->ciphersuites, openssl_iostream_error());
					return -1;
				}
			}
		#endif
		...

suggests that ciphersuite support exists.

bug, checking in

	./src/lib-master/master-service-ssl.c

		...
		void master_service_ssl_ctx_init(struct master_service *service)
		{
			const struct master_service_ssl_settings *set;
			struct ssl_iostream_settings ssl_set;
			const char *error;

			if (service->ssl_ctx_initialized)
				return;
			service->ssl_ctx_initialized = TRUE;

			/* must be called after master_service_init_finish() so that if
			initialization fails we can close the SSL listeners */
			i_assert(service->listeners != NULL || service->socket_count == 0);

			set = master_service_ssl_settings_get(service);
			if (strcmp(set->ssl, "no") == 0) {
				/* SSL disabled, don't use it */
				return;
			}

			i_zero(&ssl_set);
			ssl_set.min_protocol = set->ssl_min_protocol;
			ssl_set.cipher_list = set->ssl_cipher_list;
			ssl_set.curve_list = set->ssl_curve_list;
			ssl_set.ca = set->ssl_ca;
		...

there's only mention of

	set->ssl_cipher_list

, not

	set->ssl_ciphersuites

or equivalent, afaict.


if in dovecot's 10-ssl.conf I set

	ssl_cipher_list =
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256
+	ssl_ciphersuites =
TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256


on restart

	journalctl -f -u dovecot
		-- Logs begin at Sun 2020-09-20 14:30:30 PDT. --
		Sep 23 18:28:42 mx.example.com dovecot[4269]: doveconf: Fatal: Error in
configuration file /etc/dovecot/conf.d/10-ssl.conf line 92: Unknown setting:
ssl_ciphersuites

_is_ setting TLS 1.3

	ssl_ciphersuites 
in fact currently supported, and usage is wrong here^?

Citeren PGNet Dev <pgnet.dev at gmail.com>:
> I've installed
>
> 	grep PRETTY /etc/os-release
> 		PRETTY_NAME="Fedora 32 (Server Edition)"
> 	dovecot --version
> 		2.3.10.1 (a3d0e1171)
> 	openssl version
> 		OpenSSL 1.1.1g FIPS  21 Apr 2020
>
> iiuc, Dovecot has apparently had support for setting TLS 1.3  
> ciphersuites since v2.3.9, per this commit
>
> 	lib-ssl-iostream: Support TLSv1.3 ciphersuites
> 	  
>
https://github.com/dovecot/core/commit/8f6f04eb21276f28b81695dd0d3df57c7b8f43e4
There is a pull request for TLSv1.3 sitting in the queue:  
https://github.com/dovecot/core/pull/126, maybe this helps?

> On 24/09/2020 05:24 PGNet Dev <pgnet.dev at gmail.com> wrote:
> 
>  
> I've installed
> 
> 	grep PRETTY /etc/os-release
> 		PRETTY_NAME="Fedora 32 (Server Edition)"
> 	dovecot --version
> 		2.3.10.1 (a3d0e1171)
> 	openssl version
> 		OpenSSL 1.1.1g FIPS  21 Apr 2020
> 
> iiuc, Dovecot has apparently had support for setting TLS 1.3 ciphersuites
since v2.3.9, per this commit
> 
> 	lib-ssl-iostream: Support TLSv1.3 ciphersuites
> 	
https://github.com/dovecot/core/commit/8f6f04eb21276f28b81695dd0d3df57c7b8f43e4
> 
> checking openssl
> 

Hi!

The config option is still missing, but it's in our backlog along with other
stuff we would like to add.

Aki

On 9/23/20 11:29 PM, Aki Tuomi wrote:
> The config option is still missing, but it's in our backlog along with
other stuff we would like to add.
Is that pegged to any version/milestone yet?

In the meantime, what state is Dovecot's cipher support IN?
What behavior should be expected when (all of our) other/external services are
offering/using/expecting TLSv1.3 ciphers?

A clean fallback from Dovecot to v1.2 protocols/ciphers?

&/or must TLSv1.3 be _explicitly_ disabled/excluded in Dovecot configs?