Created attachment 152052 [details] patches dovecot 1.2.17 to not offer SSLv2 and SSLv3 protocols (poodle) Here is a patch for the port mail/dovecot against version 1.2.17 to disable SSLv2 and SSLv3 encryption protocols, making dovecot immune to POODLE (CVE-2014-3566). In theory it should be possible to also achieve this through adapting your dovecot.conf (ssl_cipher_list), but my tests [1] show, that disabling SSLv2 and SSLv3 in the dovecot.conf also disables TLSv1 and TLSv1.1 - leaving only TLSv1.2 as a last and only resort for protocol negotiation between client and server.. This then effectively blocks many mail clients that still cannot make use of TLSv1.2. So this is not an option. I have good results[2] by using this patch and using the following option in dovecot.conf ssl_cipher_list = HIGH:!SSLv2:!aNULL:!MD5!DES:!3DES I verified my tests by using the publicly available script from https://testssl.sh/ You can use this script to test for protocol security like this: "./testssl.sh my.pop-ssl-server.domain:995" My opinion: This patch should become default a port option to secure dovecot 1 by default against POODLE. Regards, Kai Gallasch. [1] Test results, with disabled SSLv2/3 in dovecot.conf: -> No TLSv1 and TLSv1.1 support. ./testssl.sh my.pop-ssl-server.domain:995 ######################################################### testssl.sh v2.2 (https://testssl.sh) ($Id: testssl.sh,v 1.151 2014/12/08 09:32:50 dirkw Exp $) This program is free software. Redistribution + modification under GPLv2 is permitted. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK! Note: you can only check the server with what is available (ciphers/protocols) locally on your machine! ######################################################### Using "OpenSSL 1.0.1f 6 Jan 2014" from orwell:/usr/bin/openssl (built: "Jan 9 17:52:48 2015", platform: "debian-amd64") Testing now (2015-01-23 00:12) ---> 10.10.10.1:995 (my.pop-ssl-server.domain) <--- rDNS (10.10.10.1): my.pop-ssl-server.domain Couldn't determine what's running on port 995, assuming not HTTP --> Testing Protocols SSLv2 Local problem: /usr/bin/openssl doesn't support "s_client -ssl2" SSLv3 not offered (OK) TLSv1 not offered TLSv1.1 not offered TLSv1.2 offered (OK) SPDY/NPN not offered --> Testing standard cipher lists Null Cipher not offered (OK) Anonymous NULL Cipher not offered (OK) Anonymous DH Cipher not offered (OK) 40 Bit encryption not offered (OK) 56 Bit encryption Local problem: No 56 Bit encryption configured in /usr/bin/openssl Export Cipher (general) not offered (OK) Low (<=64 Bit) not offered (OK) DES Cipher not offered (OK) Triple DES Cipher not offered Medium grade encryption not offered High grade encryption offered (OK) --> Testing server defaults (Server Hello) Negotiated protocol TLSv1.2 Negotiated cipher DHE-RSA-AES256-GCM-SHA384 Server key size 4096 bit TLS server extensions renegotiation info, session ticket, heartbeat Session Tickets RFC 5077 300 seconds OCSP stapling not offered --> Testing specific vulnerabilities Heartbleed (CVE-2014-0160), experimental not vulnerable (OK) CCS (CVE-2014-0224), experimental not vulnerable (OK) Renegotiation (CVE 2009-3555) not vulnerable (OK) CRIME, TLS (CVE-2012-4929) Local Problem: Your /usr/bin/openssl lacks zlib support POODLE (CVE-2014-3566), experimental not vulnerable (OK) --> Checking RC4 Ciphers no RC4 ciphers detected (OK) --> Testing (Perfect) Forward Secrecy (P)FS) -- omitting 3DES, RC4 and Null Encryption here PFS seems generally available. Now testing specific ciphers ... Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits ------------------------------------------------------------------------- x9f DHE-RSA-AES256-GCM-SHA384 DH AESGCM 256 x6b DHE-RSA-AES256-SHA256 DH AES 256 x9e DHE-RSA-AES128-GCM-SHA256 DH AESGCM 128 x67 DHE-RSA-AES128-SHA256 DH AES 128 Please note: detected PFS ciphers don't necessarily mean any client/browser will use them [2] Test results, with applied patch and dovecot.conf option "ssl_cipher_list = HIGH:!SSLv2:!aNULL:!MD5!DES:!3DES" ./testssl.sh my.pop-ssl-server.domain:995 ######################################################### testssl.sh v2.2 (https://testssl.sh) ($Id: testssl.sh,v 1.151 2014/12/08 09:32:50 dirkw Exp $) This program is free software. Redistribution + modification under GPLv2 is permitted. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK! Note: you can only check the server with what is available (ciphers/protocols) locally on your machine! ######################################################### Using "OpenSSL 1.0.1f 6 Jan 2014" from orwell:/usr/bin/openssl (built: "Jan 9 17:52:48 2015", platform: "debian-amd64") Testing now (2015-01-23 00:56) ---> 10.10.10.1:995 (my.pop-ssl-server.domain) <--- rDNS (10.10.10.1): my.pop-ssl-server.domain Couldn't determine what's running on port 995, assuming not HTTP --> Testing Protocols SSLv2 Local problem: /usr/bin/openssl doesn't support "s_client -ssl2" SSLv3 not offered (OK) TLSv1 offered (OK) TLSv1.1 offered (OK) TLSv1.2 offered (OK) SPDY/NPN not offered --> Testing standard cipher lists Null Cipher not offered (OK) Anonymous NULL Cipher not offered (OK) Anonymous DH Cipher not offered (OK) 40 Bit encryption not offered (OK) 56 Bit encryption Local problem: No 56 Bit encryption configured in /usr/bin/openssl Export Cipher (general) not offered (OK) Low (<=64 Bit) not offered (OK) DES Cipher not offered (OK) Triple DES Cipher not offered Medium grade encryption not offered High grade encryption offered (OK) --> Testing server defaults (Server Hello) Negotiated protocol TLSv1.2 Negotiated cipher DHE-RSA-AES256-GCM-SHA384 Server key size 4096 bit TLS server extensions renegotiation info, session ticket, heartbeat Session Tickets RFC 5077 300 seconds OCSP stapling not offered --> Testing specific vulnerabilities Heartbleed (CVE-2014-0160), experimental not vulnerable (OK) (timed out) CCS (CVE-2014-0224), experimental not vulnerable (OK) Renegotiation (CVE 2009-3555) not vulnerable (OK) CRIME, TLS (CVE-2012-4929) Local Problem: Your /usr/bin/openssl lacks zlib support POODLE (CVE-2014-3566), experimental not vulnerable (OK) --> Checking RC4 Ciphers no RC4 ciphers detected (OK) --> Testing (Perfect) Forward Secrecy (P)FS) -- omitting 3DES, RC4 and Null Encryption here PFS seems generally available. Now testing specific ciphers ... Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits ------------------------------------------------------------------------- x9f DHE-RSA-AES256-GCM-SHA384 DH AESGCM 256 x6b DHE-RSA-AES256-SHA256 DH AES 256 x39 DHE-RSA-AES256-SHA DH AES 256 x88 DHE-RSA-CAMELLIA256-SHA DH Camellia 256 x9e DHE-RSA-AES128-GCM-SHA256 DH AESGCM 128 x67 DHE-RSA-AES128-SHA256 DH AES 128 x33 DHE-RSA-AES128-SHA DH AES 128 x45 DHE-RSA-CAMELLIA128-SHA DH Camellia 128 Please note: detected PFS ciphers don't necessarily mean any client/browser will use them
*** Bug 197028 has been marked as a duplicate of this bug. ***
over to maintainer
A commit references this bug: Author: bdrewery Date: Thu Mar 19 17:04:09 UTC 2015 New revision: 381622 URL: https://svnweb.freebsd.org/changeset/ports/381622 Log: Disable SSLv2 and SSLv3. PR: 197027 Submitted by: Kai Gallasch <k@free.de> MFH: 2015Q1 Changes: head/mail/dovecot/Makefile head/mail/dovecot/files/patch-src__login-common__ssl-proxy-openssl.c
A commit references this bug: Author: bdrewery Date: Thu Mar 19 17:04:39 UTC 2015 New revision: 381623 URL: https://svnweb.freebsd.org/changeset/ports/381623 Log: MFH: r381622 Disable SSLv2 and SSLv3. PR: 197027 Submitted by: Kai Gallasch <k@free.de> Changes: _U branches/2015Q1/ branches/2015Q1/mail/dovecot/Makefile branches/2015Q1/mail/dovecot/files/patch-src__login-common__ssl-proxy-openssl.c
Thanks!