Hi, I have noticed the 'ssl_cipher_list' directive in the 1.0-test snapshots which is not in 0.99. It's default value seems to be "all:!low". However, this would not be compatible with openssl's cipher listing format. Thus, I would vote to change it's format to be openssl compatible. To be compatible, it has to be changed to "ALL:!LOW" (just upercased in this case). IMO, this would be helpful because executing openssl ciphers -v 'all:!low' would not return any cipher, but openssl ciphers -v 'ALL:!LOW' would return the expected cipher list such as ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 ADH-AES128-SHA SSLv3 Kx=DH Au=None Enc=AES(128) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 DHE-DSS-RC4-SHA SSLv3 Kx=DH Au=DSS Enc=RC4(128) Mac=SHA1 EXP1024-DHE-DSS-RC4-SHA SSLv3 Kx=DH(1024) Au=DSS Enc=RC4(56) Mac=SHA1 export EXP1024-RC4-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export EXP1024-DHE-DSS-DES-CBC-SHA SSLv3 Kx=DH(1024) Au=DSS Enc=DES(56) Mac=SHA1 export EXP1024-DES-CBC-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=DES(56) Mac=SHA1 export EXP1024-RC2-CBC-MD5 SSLv3 Kx=RSA(1024) Au=RSA Enc=RC2(56) Mac=MD5 export EXP1024-RC4-MD5 SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=MD5 export EXP-KRB5-RC4-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(40) Mac=MD5 export EXP-KRB5-RC2-CBC-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=RC2(40) Mac=MD5 export EXP-KRB5-DES-CBC-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=DES(40) Mac=MD5 export EXP-KRB5-RC4-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(40) Mac=SHA1 export EXP-KRB5-RC2-CBC-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC2(40) Mac=SHA1 export EXP-KRB5-DES-CBC-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=DES(40) Mac=SHA1 export KRB5-RC4-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=MD5 KRB5-DES-CBC3-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=MD5 KRB5-RC4-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=SHA1 KRB5-DES-CBC3-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=SHA1 EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export ADH-DES-CBC3-SHA SSLv3 Kx=DH Au=None Enc=3DES(168) Mac=SHA1 EXP-ADH-DES-CBC-SHA SSLv3 Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export ADH-RC4-MD5 SSLv3 Kx=DH Au=None Enc=RC4(128) Mac=MD5 EXP-ADH-RC4-MD5 SSLv3 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export DES-CBC3-MD5 SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5 RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5 EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 EXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export I want dovecot to only accept high encrypted ciphers, thus it should support ssl_cipher_list = ALL:!ADH!LOW:!SSLv2:!EXP:+HIGH:+MEDIUM corresponding to a openssl list such as DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 KRB5-DES-CBC3-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=MD5 KRB5-DES-CBC3-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=SHA1 EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 DHE-DSS-RC4-SHA SSLv3 Kx=DH Au=DSS Enc=RC4(128) Mac=SHA1 KRB5-RC4-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=MD5 KRB5-RC4-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=SHA1 RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 This would really make "Dovecot (...) written with security primarily in mind" Thanks for consideration! rob.
On Sun, 2005-07-24 at 11:37 +0200, Robert Allerstorfer wrote:> I have noticed the 'ssl_cipher_list' directive in the 1.0-test > snapshots which is not in 0.99. It's default value seems to be > "all:!low". However, this would not be compatible with openssl's > cipher listing format. Thus, I would vote to change it's format to be > openssl compatible. To be compatible, it has to be changed to > "ALL:!LOW" (just upercased in this case). IMO, this would be helpful > because executingI noticed the Debian bugreport about this. ALL:!LOW is actually the default internally, all:!low is shown only in dovecot-example.conf. I've changed that already.> I want dovecot to only accept high encrypted ciphers, thus it should > support > > ssl_cipher_list = ALL:!ADH!LOW:!SSLv2:!EXP:+HIGH:+MEDIUMBut will it break some clients? Especially some mobile phones? Are there some recommendations of what that list should contain?> This would really make "Dovecot (...) written with security primarily > in mind"Well, it's just the SSL part and only thing it does is to prevent correctly behaving but lowly-secured clients from connecting. Perhaps the default should be different depending on if disable_plaintext_auth setting. At least there's no reason to prevent lowly secured connections from working if the "fix" is to disable SSL entirely. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20050724/5f8c239a/attachment-0001.bin>
On Sun, 24 Jul 2005, 17:06 GMT+03 Timo Sirainen wrote:> On Sun, 2005-07-24 at 11:37 +0200, Robert Allerstorfer wrote: >> I have noticed the 'ssl_cipher_list' directive in the 1.0-test >> snapshots which is not in 0.99. It's default value seems to be >> "all:!low". However, this would not be compatible with openssl's >> cipher listing format. Thus, I would vote to change it's format to be >> openssl compatible. To be compatible, it has to be changed to >> "ALL:!LOW" (just upercased in this case).> I noticed the Debian bugreport about this. ALL:!LOW is actually the > default internally, all:!low is shown only in dovecot-example.conf. > I've changed that already.Thank you!>> I want dovecot to only accept high encrypted ciphers, thus it should >> support >> >> ssl_cipher_list = ALL:!ADH!LOW:!SSLv2:!EXP:+HIGH:+MEDIUM> But will it break some clients? Especially some mobile phones? Are > there > some recommendations of what that list should contain?I'm pretty sure it will, but I don't care, as long Mozilla and other popular MUAs supports the strong ciphers. Apache's mod_ssl 'SSLCipherSuite' Directive has "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" as the default - see http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslciphersuite The +HIGH:+MEDIUM:+LOW:+SSLv2:+EXP at the end only affects the ranking of the ciphers and should ensure to have more stronger ciphers on top. ALL:!LOW and ALL:!LOW:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP result in the same list, but the latter returns it in a better order, to prefer "better" ciphers if they are suitable. best, rob.
Apparently Analagous Threads
- confused with ssl settings and some error - need help
- confused with ssl settings and some error - need help
- confused with ssl settings and some error - need help
- confused with ssl settings and some error - need help
- confused with ssl settings and some error - need help