Thomas Preissler
2015-Mar-15 09:35 UTC
Dovecot 2.1.7 still accepting SSLv3 though disabled?
Hello, I came across a strange problem with my Dovecot 2.1.7 installation (updated Debian Wheezy) in regards to SSL/TLS connections. My configuration is as follows: $ dovecot -n | grep ssl service imap-login { ssl = yes ... } ssl_cert = <...... ssl_cipher_list EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA ssl_key = <...... ssl_protocols = !SSLv3 !SSLv2 This cipherstring has been taken from https://bettercrypto.org/static/applied-crypto-hardening.pdf. But this is not the problem, when I comment it out, Dovecot still behaves the same way. When I enable verbose_ssl I get this: 2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [$CLIENTIP] 2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [$CLIENTIP] 2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2002, ret=-1: unknown state [$CLIENTIP] 2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [$CLIENTIP] 2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [$CLIENTIP] 2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [$CLIENTIP] 2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server done A [$CLIENTIP] 2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [$CLIENTIP] 2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [$CLIENTIP] 2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [$CLIENTIP] 2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [$CLIENTIP] 2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read finished A [$CLIENTIP] 2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [$CLIENTIP] 2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write finished A [$CLIENTIP] 2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [$CLIENTIP] 2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [$CLIENTIP] 2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [$CLIENTIP] Is this right? Is SSLv3 used on this connection? But when I explicitely test for SSLv3 support I get $ openssl s_client -connect $SERVERIP:993 -ssl3 CONNECTED(00000003) 140683835029160:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1260:SSL alert number 40 140683835029160:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1426411304 Timeout : 7200 (sec) Verify return code: 0 (ok) --- Where I got this from says "if you you get a handshake failure, then you don't support SSLv3". But in my case the following output kinda says, that I do support it - with a ciphers of (NONE)? In regards to libraries $ ldd /usr/lib/dovecot/imap-login | grep ssl libssl.so.1.0.0 => /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007f1f55025000) $ dpkg -l | grep ssl ii libcrypt-openssl-bignum-perl 0.04-3 amd64 Access OpenSSL multiprecision integer arithmetic libraries ii libcrypt-openssl-dsa-perl 0.13-6 amd64 module which implements the DSA signature verification system ii libcrypt-openssl-rsa-perl 0.28-1 amd64 module for RSA encryption using OpenSSL ii libcrypt-ssleay-perl 0.58-1 amd64 OpenSSL support for LWP ii libio-socket-ssl-perl 1.76-2 all Perl module implementing object oriented interface to SSL sockets ii libnet-ssleay-perl 1.48-1+b1 amd64 Perl module for Secure Sockets Layer (SSL) rc libssl0.9.8 0.9.8o-4squeeze14 amd64 SSL shared libraries ii libssl1.0.0:amd64 1.0.1e-2+deb7u14 amd64 SSL shared libraries ii openssl 1.0.1e-2+deb7u14 amd64 Secure Socket Layer (SSL) binary and related cryptographic tools ii openssl-blacklist 0.5-3 all Blacklists for OpenSSL RSA keys and tools ii python-openssl 0.13-2+deb7u1 amd64 Python 2 wrapper around the OpenSSL library ii ssl-cert 1.0.32 all simple debconf wrapper for OpenSSL ii ssl-cert-check 3.22-1 all proactively handling X.509 certificate expiration ii sslmate 0.6.2-1 all Buy and manage SSL certificates from the command line My NginX is using the same library, and this does indeed support TLSv2, so what I am doing wrong in my Dovecot configuration? Any clues? Regards Thomas -- www.preissler.co.uk | Twitter: @module0x90 | PGP-Key: 75889415 GPG Fingerprint: CCBD 153A D257 CA7E A217 FDF7 5928 03D1 7588 9415
Thomas Preissler:> ssl_protocols = !SSLv3 !SSLv2that disable SSLv3> When I enable verbose_ssl I get this: > 2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, > ret=1: SSLv3 flush data [$CLIENTIP] > ... > Is this right? Is SSLv3 used on this connection?The logging is right, but SSLv3 isn't used. Today it's not uncommon that application /log/ SSLv3, where they /mean/ TLS1.x Some days ago where TLSv1 became available there wasn't a great difference between SSLv3 and TLSv1 So Developers reused large portions of code. That's what you see here..> But when I explicitely test for SSLv3 support I get > > $ openssl s_client -connect $SERVERIP:993 -ssl3 > > CONNECTED(00000003) > 140683835029160:error:14094410:SSL > routines:SSL3_READ_BYTES:sslv3 alert handshake > failure:s3_pkt.c:1260:SSL alert number 40 > 140683835029160:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl > handshake failure:s3_pkt.c:598:That is the ultimate prove your server have SSLv3 disabled. Andreas
On Sun, Mar 15, 2015 at 02:42:00PM +0100, A. Schulze wrote:> Thomas Preissler: > The logging is right, but SSLv3 isn't used. > Today it's not uncommon that application /log/ SSLv3, where they /mean/ TLS1.x > > Some days ago where TLSv1 became available there wasn't a great > difference between SSLv3 and TLSv1 > So Developers reused large portions of code. That's what you see here.. > > > But when I explicitely test for SSLv3 support I get > > > > $ openssl s_client -connect $SERVERIP:993 -ssl3 > > > > CONNECTED(00000003) > > 140683835029160:error:14094410:SSL > > routines:SSL3_READ_BYTES:sslv3 alert handshake > > failure:s3_pkt.c:1260:SSL alert number 40 > > 140683835029160:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl > > handshake failure:s3_pkt.c:598: > > That is the ultimate prove your server have SSLv3 disabled.Another fun trick for testing is nmap -p 993 --script ssl-enum-ciphers foo.example.com You'll then see (if you've got a new enough version) something like: [...] 993/tcp open imaps | ssl-enum-ciphers: | TLSv1.0: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong | TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong | TLS_RSA_WITH_AES_128_CBC_SHA - strong | TLS_RSA_WITH_AES_256_CBC_SHA - strong | TLS_RSA_WITH_RC4_128_MD5 - strong | TLS_RSA_WITH_RC4_128_SHA - strong [...] w
Reasonably Related Threads
- Dovecot 2.1.7 still accepting SSLv3 though disabled?
- using ecc-certificates (ellyptic curve) will not establish connection
- [patch] TLS Handshake failures can crash imap-login
- imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
- TLS not working with iOS beta?