Bug 197027 - port mail/dovecot - patch to disable SSLv2 and SSLv3 (POODLE)
Summary: port mail/dovecot - patch to disable SSLv2 and SSLv3 (POODLE)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Bryan Drewery
URL:
Keywords:
: 197028 (view as bug list)
Depends on:
Blocks:
 
Reported: 2015-01-23 11:09 UTC by Kai Gallasch
Modified: 2015-03-19 17:06 UTC (History)
1 user (show)

See Also:
bdrewery: maintainer-feedback+


Attachments
patches dovecot 1.2.17 to not offer SSLv2 and SSLv3 protocols (poodle) (499 bytes, patch)
2015-01-23 11:09 UTC, Kai Gallasch
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Kai Gallasch 2015-01-23 11:09:56 UTC
Created attachment 152052 [details]
patches dovecot 1.2.17 to not offer SSLv2 and SSLv3 protocols (poodle)

Here is a patch for the port mail/dovecot against version 1.2.17 to disable SSLv2 and SSLv3 encryption protocols, making dovecot immune to POODLE (CVE-2014-3566).

In theory it should be possible to also achieve this through adapting your dovecot.conf (ssl_cipher_list), but my tests [1] show, that disabling SSLv2 and SSLv3 in the dovecot.conf also disables TLSv1 and TLSv1.1 - leaving only TLSv1.2 as a last and only resort for protocol negotiation between client and server.. This then effectively blocks many mail clients that still cannot make use of TLSv1.2. So this is not an option.


I have good results[2] by using this patch and using the following option in dovecot.conf
ssl_cipher_list = HIGH:!SSLv2:!aNULL:!MD5!DES:!3DES

I verified my tests by using the publicly available script from https://testssl.sh/
You can use this script to test for protocol security like this: "./testssl.sh my.pop-ssl-server.domain:995"

My opinion: This patch should become default a port option to secure dovecot 1 by default against POODLE.


Regards,
Kai Gallasch.



[1] Test results, with disabled SSLv2/3 in dovecot.conf: -> No TLSv1 and TLSv1.1 support.

./testssl.sh my.pop-ssl-server.domain:995

#########################################################
testssl.sh v2.2  (https://testssl.sh)
($Id: testssl.sh,v 1.151 2014/12/08 09:32:50 dirkw Exp $)

   This program is free software. Redistribution + 
   modification under GPLv2 is permitted. 
   USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!

 Note: you can only check the server with what is
 available (ciphers/protocols) locally on your machine!
#########################################################

 Using "OpenSSL 1.0.1f 6 Jan 2014" from
 orwell:/usr/bin/openssl
 (built: "Jan  9 17:52:48 2015", platform: "debian-amd64")


Testing now (2015-01-23 00:12) ---> 10.10.10.1:995 (my.pop-ssl-server.domain) <---

 rDNS (10.10.10.1):    my.pop-ssl-server.domain

 Couldn't determine what's running on port 995, assuming not HTTP


--> Testing Protocols 

 SSLv2      Local problem: /usr/bin/openssl doesn't support "s_client -ssl2" 
 SSLv3      not offered (OK) 
 TLSv1      not offered
 TLSv1.1    not offered 
 TLSv1.2    offered (OK) 
 SPDY/NPN   not offered

--> Testing standard cipher lists 

 Null Cipher              not offered (OK) 
 Anonymous NULL Cipher    not offered (OK) 
 Anonymous DH Cipher      not offered (OK) 
 40 Bit encryption        not offered (OK) 
 56 Bit encryption        Local problem: No 56 Bit encryption configured in /usr/bin/openssl 
 Export Cipher (general)  not offered (OK) 
 Low (<=64 Bit)           not offered (OK) 
 DES Cipher               not offered (OK) 
 Triple DES Cipher        not offered
 Medium grade encryption  not offered
 High grade encryption    offered (OK) 

--> Testing server defaults (Server Hello) 

 Negotiated protocol       TLSv1.2 
 Negotiated cipher         DHE-RSA-AES256-GCM-SHA384 

 Server key size           4096 bit 
 TLS server extensions     renegotiation info, session ticket, heartbeat
 Session Tickets RFC 5077  300 seconds
 OCSP stapling             not offered

--> Testing specific vulnerabilities 

 Heartbleed (CVE-2014-0160), experimental  not vulnerable (OK) 
 CCS  (CVE-2014-0224), experimental        not vulnerable (OK) 
 Renegotiation (CVE 2009-3555)             not vulnerable (OK) 
 CRIME, TLS (CVE-2012-4929)                Local Problem: Your /usr/bin/openssl lacks zlib support 
 POODLE (CVE-2014-3566), experimental      not vulnerable (OK) 

--> Checking RC4 Ciphers 

no RC4 ciphers detected (OK) 

--> Testing (Perfect) Forward Secrecy  (P)FS)  -- omitting 3DES, RC4 and Null Encryption here

PFS seems generally available. Now testing specific ciphers ... 

Hexcode  Cipher Suite Name (OpenSSL)    KeyExch.   Encryption Bits
-------------------------------------------------------------------------
 x9f     DHE-RSA-AES256-GCM-SHA384      DH         AESGCM     256                                                                                     
 x6b     DHE-RSA-AES256-SHA256          DH         AES        256                                                                                     
 x9e     DHE-RSA-AES128-GCM-SHA256      DH         AESGCM     128                                                                                     
 x67     DHE-RSA-AES128-SHA256          DH         AES        128                                                                                     

Please note: detected PFS ciphers don't necessarily mean any client/browser will use them









[2] Test results, with applied patch and dovecot.conf option "ssl_cipher_list = HIGH:!SSLv2:!aNULL:!MD5!DES:!3DES"

./testssl.sh my.pop-ssl-server.domain:995

#########################################################
testssl.sh v2.2  (https://testssl.sh)
($Id: testssl.sh,v 1.151 2014/12/08 09:32:50 dirkw Exp $)

   This program is free software. Redistribution + 
   modification under GPLv2 is permitted. 
   USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!

 Note: you can only check the server with what is
 available (ciphers/protocols) locally on your machine!
#########################################################

 Using "OpenSSL 1.0.1f 6 Jan 2014" from
 orwell:/usr/bin/openssl
 (built: "Jan  9 17:52:48 2015", platform: "debian-amd64")


Testing now (2015-01-23 00:56) ---> 10.10.10.1:995 (my.pop-ssl-server.domain) <---

 rDNS (10.10.10.1):    my.pop-ssl-server.domain

 Couldn't determine what's running on port 995, assuming not HTTP


--> Testing Protocols 

 SSLv2      Local problem: /usr/bin/openssl doesn't support "s_client -ssl2" 
 SSLv3      not offered (OK) 
 TLSv1      offered (OK) 
 TLSv1.1    offered (OK) 
 TLSv1.2    offered (OK) 
 SPDY/NPN   not offered

--> Testing standard cipher lists 

 Null Cipher              not offered (OK) 
 Anonymous NULL Cipher    not offered (OK) 
 Anonymous DH Cipher      not offered (OK) 
 40 Bit encryption        not offered (OK) 
 56 Bit encryption        Local problem: No 56 Bit encryption configured in /usr/bin/openssl 
 Export Cipher (general)  not offered (OK) 
 Low (<=64 Bit)           not offered (OK) 
 DES Cipher               not offered (OK) 
 Triple DES Cipher        not offered
 Medium grade encryption  not offered
 High grade encryption    offered (OK) 

--> Testing server defaults (Server Hello) 

 Negotiated protocol       TLSv1.2 
 Negotiated cipher         DHE-RSA-AES256-GCM-SHA384 

 Server key size           4096 bit 
 TLS server extensions     renegotiation info, session ticket, heartbeat
 Session Tickets RFC 5077  300 seconds
 OCSP stapling             not offered

--> Testing specific vulnerabilities 

 Heartbleed (CVE-2014-0160), experimental  not vulnerable (OK) (timed out)
 CCS  (CVE-2014-0224), experimental        not vulnerable (OK) 
 Renegotiation (CVE 2009-3555)             not vulnerable (OK) 
 CRIME, TLS (CVE-2012-4929)                Local Problem: Your /usr/bin/openssl lacks zlib support 
 POODLE (CVE-2014-3566), experimental      not vulnerable (OK) 

--> Checking RC4 Ciphers 

no RC4 ciphers detected (OK) 

--> Testing (Perfect) Forward Secrecy  (P)FS)  -- omitting 3DES, RC4 and Null Encryption here

PFS seems generally available. Now testing specific ciphers ... 

Hexcode  Cipher Suite Name (OpenSSL)    KeyExch.   Encryption Bits
-------------------------------------------------------------------------
 x9f     DHE-RSA-AES256-GCM-SHA384      DH         AESGCM     256                                                                                     
 x6b     DHE-RSA-AES256-SHA256          DH         AES        256                                                                                     
 x39     DHE-RSA-AES256-SHA             DH         AES        256                                                                                     
 x88     DHE-RSA-CAMELLIA256-SHA        DH         Camellia   256                                                                                     
 x9e     DHE-RSA-AES128-GCM-SHA256      DH         AESGCM     128                                                                                     
 x67     DHE-RSA-AES128-SHA256          DH         AES        128                                                                                     
 x33     DHE-RSA-AES128-SHA             DH         AES        128                                                                                     
 x45     DHE-RSA-CAMELLIA128-SHA        DH         Camellia   128                                                                                     

Please note: detected PFS ciphers don't necessarily mean any client/browser will use them
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2015-01-27 01:18:37 UTC
*** Bug 197028 has been marked as a duplicate of this bug. ***
Comment 2 Tilman Keskinoz freebsd_committer 2015-02-20 16:30:40 UTC
over to maintainer
Comment 3 commit-hook freebsd_committer 2015-03-19 17:05:03 UTC
A commit references this bug:

Author: bdrewery
Date: Thu Mar 19 17:04:09 UTC 2015
New revision: 381622
URL: https://svnweb.freebsd.org/changeset/ports/381622

Log:
  Disable SSLv2 and SSLv3.

  PR:		197027
  Submitted by:	Kai Gallasch <k@free.de>
  MFH:		2015Q1

Changes:
  head/mail/dovecot/Makefile
  head/mail/dovecot/files/patch-src__login-common__ssl-proxy-openssl.c
Comment 4 commit-hook freebsd_committer 2015-03-19 17:05:05 UTC
A commit references this bug:

Author: bdrewery
Date: Thu Mar 19 17:04:39 UTC 2015
New revision: 381623
URL: https://svnweb.freebsd.org/changeset/ports/381623

Log:
  MFH: r381622

  Disable SSLv2 and SSLv3.

  PR:		197027
  Submitted by:	Kai Gallasch <k@free.de>

Changes:
_U  branches/2015Q1/
  branches/2015Q1/mail/dovecot/Makefile
  branches/2015Q1/mail/dovecot/files/patch-src__login-common__ssl-proxy-openssl.c
Comment 5 Bryan Drewery freebsd_committer 2015-03-19 17:06:21 UTC
Thanks!