Thomas Preissler
2015-Mar-15 09:35 UTC
Dovecot 2.1.7 still accepting SSLv3 though disabled?
Hello,
I came across a strange problem with my Dovecot 2.1.7 installation
(updated Debian Wheezy) in regards to SSL/TLS connections.
My configuration is as follows:
$ dovecot -n | grep ssl
service imap-login {
ssl = yes
...
}
ssl_cert = <......
ssl_cipher_list
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
ssl_key = <......
ssl_protocols = !SSLv3 !SSLv2
This cipherstring has been taken from
https://bettercrypto.org/static/applied-crypto-hardening.pdf. But this
is not the problem, when I comment it out, Dovecot still behaves the
same way.
When I enable verbose_ssl I get this:
2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x10, ret=1:
before/accept initialization [$CLIENTIP]
2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, ret=1:
before/accept initialization [$CLIENTIP]
2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2002, ret=-1: unknown
state [$CLIENTIP]
2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3
read client hello A [$CLIENTIP]
2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3
write server hello A [$CLIENTIP]
2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3
write certificate A [$CLIENTIP]
2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3
write server done A [$CLIENTIP]
2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3
flush data [$CLIENTIP]
2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3
read client certificate A [$CLIENTIP]
2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3
read client certificate A [$CLIENTIP]
2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3
read client key exchange A [$CLIENTIP]
2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3
read finished A [$CLIENTIP]
2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3
write change cipher spec A [$CLIENTIP]
2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3
write finished A [$CLIENTIP]
2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3
flush data [$CLIENTIP]
2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x20, ret=1: SSL
negotiation finished successfully [$CLIENTIP]
2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2002, ret=1: SSL
negotiation finished successfully [$CLIENTIP]
Is this right? Is SSLv3 used on this connection?
But when I explicitely test for SSLv3 support I get
$ openssl s_client -connect $SERVERIP:993 -ssl3
CONNECTED(00000003)
140683835029160:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert
handshake failure:s3_pkt.c:1260:SSL alert number 40
140683835029160:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:598:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1426411304
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
Where I got this from says "if you you get a handshake failure, then you
don't
support SSLv3". But in my case the following output kinda says, that I do
support it - with a ciphers of (NONE)?
In regards to libraries
$ ldd /usr/lib/dovecot/imap-login | grep ssl
libssl.so.1.0.0 => /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0
(0x00007f1f55025000)
$ dpkg -l | grep ssl
ii libcrypt-openssl-bignum-perl 0.04-3 amd64
Access OpenSSL multiprecision integer arithmetic libraries
ii libcrypt-openssl-dsa-perl 0.13-6 amd64
module which implements the DSA signature verification system
ii libcrypt-openssl-rsa-perl 0.28-1 amd64
module for RSA encryption using OpenSSL
ii libcrypt-ssleay-perl 0.58-1 amd64
OpenSSL support for LWP
ii libio-socket-ssl-perl 1.76-2 all
Perl module implementing object oriented interface to SSL sockets
ii libnet-ssleay-perl 1.48-1+b1 amd64
Perl module for Secure Sockets Layer (SSL)
rc libssl0.9.8 0.9.8o-4squeeze14 amd64
SSL shared libraries
ii libssl1.0.0:amd64 1.0.1e-2+deb7u14 amd64
SSL shared libraries
ii openssl 1.0.1e-2+deb7u14 amd64
Secure Socket Layer (SSL) binary and related cryptographic tools
ii openssl-blacklist 0.5-3 all
Blacklists for OpenSSL RSA keys and tools
ii python-openssl 0.13-2+deb7u1 amd64
Python 2 wrapper around the OpenSSL library
ii ssl-cert 1.0.32 all
simple debconf wrapper for OpenSSL
ii ssl-cert-check 3.22-1 all
proactively handling X.509 certificate expiration
ii sslmate 0.6.2-1 all
Buy and manage SSL certificates from the command line
My NginX is using the same library, and this does indeed support TLSv2, so what
I am doing wrong in my Dovecot configuration?
Any clues?
Regards
Thomas
--
www.preissler.co.uk | Twitter: @module0x90 | PGP-Key: 75889415
GPG Fingerprint: CCBD 153A D257 CA7E A217 FDF7 5928 03D1 7588 9415
Thomas Preissler:> ssl_protocols = !SSLv3 !SSLv2that disable SSLv3> When I enable verbose_ssl I get this: > 2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, > ret=1: SSLv3 flush data [$CLIENTIP] > ... > Is this right? Is SSLv3 used on this connection?The logging is right, but SSLv3 isn't used. Today it's not uncommon that application /log/ SSLv3, where they /mean/ TLS1.x Some days ago where TLSv1 became available there wasn't a great difference between SSLv3 and TLSv1 So Developers reused large portions of code. That's what you see here..> But when I explicitely test for SSLv3 support I get > > $ openssl s_client -connect $SERVERIP:993 -ssl3 > > CONNECTED(00000003) > 140683835029160:error:14094410:SSL > routines:SSL3_READ_BYTES:sslv3 alert handshake > failure:s3_pkt.c:1260:SSL alert number 40 > 140683835029160:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl > handshake failure:s3_pkt.c:598:That is the ultimate prove your server have SSLv3 disabled. Andreas
On Sun, Mar 15, 2015 at 02:42:00PM +0100, A. Schulze wrote:> Thomas Preissler: > The logging is right, but SSLv3 isn't used. > Today it's not uncommon that application /log/ SSLv3, where they /mean/ TLS1.x > > Some days ago where TLSv1 became available there wasn't a great > difference between SSLv3 and TLSv1 > So Developers reused large portions of code. That's what you see here.. > > > But when I explicitely test for SSLv3 support I get > > > > $ openssl s_client -connect $SERVERIP:993 -ssl3 > > > > CONNECTED(00000003) > > 140683835029160:error:14094410:SSL > > routines:SSL3_READ_BYTES:sslv3 alert handshake > > failure:s3_pkt.c:1260:SSL alert number 40 > > 140683835029160:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl > > handshake failure:s3_pkt.c:598: > > That is the ultimate prove your server have SSLv3 disabled.Another fun trick for testing is nmap -p 993 --script ssl-enum-ciphers foo.example.com You'll then see (if you've got a new enough version) something like: [...] 993/tcp open imaps | ssl-enum-ciphers: | TLSv1.0: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong | TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong | TLS_RSA_WITH_AES_128_CBC_SHA - strong | TLS_RSA_WITH_AES_256_CBC_SHA - strong | TLS_RSA_WITH_RC4_128_MD5 - strong | TLS_RSA_WITH_RC4_128_SHA - strong [...] w
Possibly Parallel Threads
- Dovecot 2.1.7 still accepting SSLv3 though disabled?
- using ecc-certificates (ellyptic curve) will not establish connection
- [patch] TLS Handshake failures can crash imap-login
- imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
- TLS not working with iOS beta?