dovecot - May 2020 - Unable to disable TLSv1.3 or fallback to TLSv1.2 when 1 cipher is disabled

I have an operational need to disable TLSv1.3 due to inadequate support 
to exclude certain ciphers.

Much to my dismay, the `ssl_protocols` had been renamed and 
re-functionalized into `ssl_min_protocol`.

Now, there is no way to exclude a specific group of one or more TLS 
versions.

For a new bug report, I think we need two new settings:

* `ssl_tls13_ciphersuite` and
* `ssl_tls10_cipher`

settings introduced into Dovecot for better granularity.

ALong with support for fallback to TLSv1.2 as outlined in 
https://bugzilla.mozilla.org/show_bug.cgi?id=1250568

I'm still being hammered with the following error with Thunderbird 
76.0b3, Dovecot 2.3.4.1-5+deb10u1, Debian 11:

May  8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x10, ret=1: 
before SSL initialization
May  8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001, 
ret=1: before SSL initialization
May  8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002, 
ret=-1: before SSL initialization
May  8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001, 
ret=1: before SSL initialization
May  8 11:15:47 ns1 dovecot: imap-login: Debug: SSL alert: where=0x4008, 
ret=582: fatal protocol version
May  8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002, 
ret=-1: error
May  8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept() 
failed: error:14209102:SSL 
routines:tls_early_post_process_client_hello:unsupported protocol
May  8 11:15:47 ns1 dovecot: imap-login: Disconnected (disconnected 
before auth was ready, waited 0 secs): user=<>, rip=XX.XX.XX.XX, 
lip=XX.XX.XX.XX, TLS handshaking: SSL_accept() failed: 
error:14209102:SSL 
routines:tls_early_post_process_client_hello:unsupported protocol, 
session=<GN/GeCSlYuhEhl2U>
May  8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept() 
syscall failed: Invalid argument

This occurred when specifying one TLSv1.3 cipher to be excluded in 
ssl_cipher via an exclamation mark.

On a side note of IMAP client,  Latest Mozilla Thunderbird had its pref 
setting security.tls.version.fallback-limit to 4 (TLSv1.3), of which I 
have adjusted it to 3 (TLSv1.2) and it .... works when Dovecot is set to 
TLSv1.2.

(Details of Thunderbird security.tls.version.fallback-limit is given in 
http://kb.mozillazine.org/Security.tls.version.* )


Steve

Also, more testimony to the same problem (by others) is posted over at 
ServerFault (StackOverflow):

https://serverfault.com/questions/975871/forcing-dovecot-2-3-4-1-to-use-tlsv1-2



On 5/8/20 11:50 AM, Steve Egbert wrote:
> I have an operational need to disable TLSv1.3 due to inadequate support 
> to exclude certain ciphers.
> 
> Much to my dismay, the `ssl_protocols` had been renamed and 
> re-functionalized into `ssl_min_protocol`.
> 
> Now, there is no way to exclude a specific group of one or more TLS 
> versions.
> 
> For a new bug report, I think we need two new settings:
> 
> * `ssl_tls13_ciphersuite` and
> * `ssl_tls10_cipher`
> 
> settings introduced into Dovecot for better granularity.
> 
> ALong with support for fallback to TLSv1.2 as outlined in 
> https://bugzilla.mozilla.org/show_bug.cgi?id=1250568
> 
> I'm still being hammered with the following error with Thunderbird 
> 76.0b3, Dovecot 2.3.4.1-5+deb10u1, Debian 11:
> 
> May? 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x10, ret=1: 
> before SSL initialization
> May? 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001, 
> ret=1: before SSL initialization
> May? 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002, 
> ret=-1: before SSL initialization
> May? 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001, 
> ret=1: before SSL initialization
> May? 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL alert: where=0x4008, 
> ret=582: fatal protocol version
> May? 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002, 
> ret=-1: error
> May? 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept() 
> failed: error:14209102:SSL 
> routines:tls_early_post_process_client_hello:unsupported protocol
> May? 8 11:15:47 ns1 dovecot: imap-login: Disconnected (disconnected 
> before auth was ready, waited 0 secs): user=<>, rip=XX.XX.XX.XX, 
> lip=XX.XX.XX.XX, TLS handshaking: SSL_accept() failed: 
> error:14209102:SSL 
> routines:tls_early_post_process_client_hello:unsupported protocol, 
> session=<GN/GeCSlYuhEhl2U>
> May? 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept() 
> syscall failed: Invalid argument
> 
> This occurred when specifying one TLSv1.3 cipher to be excluded in 
> ssl_cipher via an exclamation mark.
> 
> On a side note of IMAP client,? Latest Mozilla Thunderbird had its pref 
> setting security.tls.version.fallback-limit to 4 (TLSv1.3), of which I 
> have adjusted it to 3 (TLSv1.2) and it .... works when Dovecot is set to 
> TLSv1.2.
> 
> (Details of Thunderbird security.tls.version.fallback-limit is given in 
> http://kb.mozillazine.org/Security.tls.version.* )
> 
> 
> Steve
> 
>

I cannot even reorder the server-side TLSv1.3 such that CHACHA20 has 
first-order before AES.

https://github.com/openssl/openssl/issues/7562