dovecot - Oct 2020 - Dovecot won't accept IMAP TLS 1 connections from older devices [SOLVED]

I've spent days scouring the Internet and trying various solutions on a 
problem with my Dovecot installation, so I thought I'd share what I 
learned in hopes of saving other people a lot of time.? The dedicated 
Dovecot hands will know all of the following already.? This is for those 
of us that have to cover a lot of bases.

I upgraded my mail server from Ubuntu 18.04.1 to Ubuntu 20.04.1, and 
found that older Mac-books and iPads (and probably other devices) could 
no longer establish IMAP connections to Dovecot. Dovecot logged:

 ?? SSL routines:tls_early_post_process_client_hello:unsupported protocol

and TCP/IP traces showed that it dropped the connection after the 
client's initial HELLO.? I tested what kinds of connections Dovecot 
would accept with (for example):

 ??? openssl s_client -tls1_1 -connect localhost:993?? # Test whether 
TLSv1.1 is accepted - received "unsupported protocol" message.

Searching showed that Dovecot has a parameter "ssl_min_protocol",
which
is documented as defaulting to TLSv1.? Nevertheless I explicitly set it 
to TLSv1 with no effect.? This was a red herring.? I spent a long time 
looking to see if Dovecot had a bug in handling this newish parameter, etc.

Eventually I came across one posting regarding a web server, that told 
me the OpenSSL libraries that Dovecot and lots of other packages use has 
a single configuration file for the entire system.? In Ubuntu 20.04 it 
defaults to requiring TLSv1.2 or above.? Changing the configuration for 
OpenSSL affects everything on the system using the library.? I changed 
the file, restarted Dovecot, and it immediately accepted TLSv1 connections.

Obviously I'd prefer to maintain the improved security of TLSv1.2, but 
in my case it was better to continue providing mail service at a lower 
security level than to deny service to some users until they upgraded 
their personal devices.? You'll need to make your on decision on that score.

The file to change is (on Ubuntu, at least) /usr/lib/ssl/openssl.cnf.? 
The change consists of adding a line of code in the initial section that 
invokes several new sections later:

In the initial section I added:

 ??? openssl_conf = default_conf

Then at the bottom of the file I added:

 ??? [default_conf]
 ??? ssl_conf = ssl_sect

 ??? [ssl_sect]
 ??? system_default = system_default_sect

 ??? [system_default_sect]
 ??? MinProtocol = TLSv1
 ??? CipherString = DEFAULT at SECLEVEL=1

There is an alternative approach that I have read of but not tested.? 
Basically you can create a new file elsewhere with the customized 
content, and then set an environmental variable (OPENSSL_CONF) just 
before launching Dovecot that points to your new file.? This way, only 
Dovecot is using downgraded security. Since my mail server is a 
dedicated system and I didn't want to muck with the Dovecot start-up 
environment, I didn't feel the need to go that route.

So all my digging into why Dovecot wouldn't accept TLSv1 connections and 
how to change it were completely on the wrong path.? It would be nice if 
Dovecot could log a message when its ssl_min_protocol is set lower than 
what OpenSSL will accept, but Dovecot may not be able to tell what 
OpenSSL is doing.? In any case, those are the symptoms, the real 
problem, and how to fix it.? Good luck, and thanks to Matt Caswell for 
posting the answer that I eventually found.

Ref: 
https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level

> On 16/10/2020 07:18 Brian Martin <bmartin at silverflash.net> wrote:
> 
>  
> I've spent days scouring the Internet and trying various solutions on a
> problem with my Dovecot installation, so I thought I'd share what I 
> learned in hopes of saving other people a lot of time.? The dedicated 
> Dovecot hands will know all of the following already.? This is for those 
> of us that have to cover a lot of bases.
> 
> I upgraded my mail server from Ubuntu 18.04.1 to Ubuntu 20.04.1, and 
> found that older Mac-books and iPads (and probably other devices) could 
> no longer establish IMAP connections to Dovecot. Dovecot logged:
> 
>  ?? SSL routines:tls_early_post_process_client_hello:unsupported protocol
> 
> and TCP/IP traces showed that it dropped the connection after the 
> client's initial HELLO.? I tested what kinds of connections Dovecot 
> would accept with (for example):
> 
>  ??? openssl s_client -tls1_1 -connect localhost:993?? # Test whether 
> TLSv1.1 is accepted - received "unsupported protocol" message.
> 
> Searching showed that Dovecot has a parameter "ssl_min_protocol",
which
> is documented as defaulting to TLSv1.? Nevertheless I explicitly set it 
> to TLSv1 with no effect.? This was a red herring.? I spent a long time 
> looking to see if Dovecot had a bug in handling this newish parameter, etc.
> 
> Eventually I came across one posting regarding a web server, that told 
> me the OpenSSL libraries that Dovecot and lots of other packages use has 
> a single configuration file for the entire system.? In Ubuntu 20.04 it 
> defaults to requiring TLSv1.2 or above.? Changing the configuration for 
> OpenSSL affects everything on the system using the library.? I changed 
> the file, restarted Dovecot, and it immediately accepted TLSv1 connections.
> 
> Obviously I'd prefer to maintain the improved security of TLSv1.2, but 
> in my case it was better to continue providing mail service at a lower 
> security level than to deny service to some users until they upgraded 
> their personal devices.? You'll need to make your on decision on that
score.
> 
> The file to change is (on Ubuntu, at least) /usr/lib/ssl/openssl.cnf.? 
> The change consists of adding a line of code in the initial section that 
> invokes several new sections later:
> 
> In the initial section I added:
> 
>  ??? openssl_conf = default_conf
> 
> Then at the bottom of the file I added:
> 
>  ??? [default_conf]
>  ??? ssl_conf = ssl_sect
> 
>  ??? [ssl_sect]
>  ??? system_default = system_default_sect
> 
>  ??? [system_default_sect]
>  ??? MinProtocol = TLSv1
>  ??? CipherString = DEFAULT at SECLEVEL=1
> 
> There is an alternative approach that I have read of but not tested.? 
> Basically you can create a new file elsewhere with the customized 
> content, and then set an environmental variable (OPENSSL_CONF) just 
> before launching Dovecot that points to your new file.? This way, only 
> Dovecot is using downgraded security. Since my mail server is a 
> dedicated system and I didn't want to muck with the Dovecot start-up 
> environment, I didn't feel the need to go that route.
> 
> So all my digging into why Dovecot wouldn't accept TLSv1 connections
and
> how to change it were completely on the wrong path.? It would be nice if 
> Dovecot could log a message when its ssl_min_protocol is set lower than 
> what OpenSSL will accept, but Dovecot may not be able to tell what 
> OpenSSL is doing.? In any case, those are the symptoms, the real 
> problem, and how to fix it.? Good luck, and thanks to Matt Caswell for 
> posting the answer that I eventually found.
> 
> Ref: 
>
https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level

Yeah. This is a known issue, and we have a ticket about allowing configuring the
minimum accepted level on dovecot. It has not been done yet, though.

Thank you for the workaround.

Aki

On 15 Oct 2020, at 22:18, Brian Martin <bmartin at silverflash.net>
wrote:
> Eventually I came across one posting regarding a web server, that told me
the OpenSSL libraries that Dovecot and lots of other packages use has a single
configuration file for the entire system.  In Ubuntu 20.04 it defaults to
requiring TLSv1.2 or above.  Changing the configuration for OpenSSL affects
everything on the system using the library.  I changed the file, restarted
Dovecot, and it immediately accepted TLSv1 connections.
I believe current versions of OpenSSL have removed support for TLSv1 and
TLSv1.1, so is your OpenSSL up-to-date?

The recommendation on this is clear, BTW:

<https://tools.ietf.org/id/draft-ietf-tls-oldversions-deprecate-02.html#rfc.section.4>
> "TLSv1.0 MUST NOT be used. Negotiation of TLSv1.0 from any version of
TLS MUST NOT be permitted."
> 
> ?
> 
> "TLSv1.1 MUST NOT be used. Negotiation of TLSv1.1 from any version of
TLS MUST NOT be permitted."
I removed support for TLSv1.1 quite some time ago (and T:Sv1.0 some time before
that). People with older clients can use the webmail or their mobile devices, if
their browser supports TLSv1.2 or TLSv1.3. I did have one Mac user who refused
to upgrade his OS though his device supported it, but then was forced to in
order to connect his iPhone, if I recall correctly.

Not sure what browsers support TLS 1.0 or 1.1 anymore, but I do know Google
Chrome and Firefox dropped support some months back, though they might have
rolled it back temporarily since so many government sites were not updated in
the midst of the pandemic. (Not sure about this, but it seems I read something
along these lines. I have no way of verifying as I moved everything off TLS1.1
and lower quite a while back.)

Anyone on a machine that will not support TLSv1.2 or TLSv1.3 is going to be
having a very limited experience with the entirety of the Internet, not just
with mail.


-- 
If you must choose between two evils, pick the one you've never tried
	before.