Bug 197028 - port mail/dovecot - patch to disable SSLv2 and SSLv3 (POODLE)
Summary: port mail/dovecot - patch to disable SSLv2 and SSLv3 (POODLE)
Status: Closed DUPLICATE of bug 197027
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Bryan Drewery
Depends on:
Reported: 2015-01-23 11:12 UTC by Kai Gallasch
Modified: 2015-01-27 01:18 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (bdrewery)


Note You need to log in before you can comment on or make changes to this bug.
Description Kai Gallasch 2015-01-23 11:12:57 UTC
Here is a patch for the port mail/dovecot against version 1.2.17 to disable SSLv2 and SSLv3 encryption protocols, making dovecot immune to POODLE (CVE-2014-3566).

In theory it should be possible to also achieve this through adapting your dovecot.conf (ssl_cipher_list), but my tests [1] show, that disabling SSLv2 and SSLv3 in the dovecot.conf also disables TLSv1 and TLSv1.1 - leaving only TLSv1.2 as a last and only resort for protocol negotiation between client and server.. This then effectively blocks many mail clients that still cannot make use of TLSv1.2. So this is not an option.

I have good results[2] by using this patch and using the following option in dovecot.conf
ssl_cipher_list = HIGH:!SSLv2:!aNULL:!MD5!DES:!3DES

I verified my tests by using the publicly available script from https://testssl.sh/
You can use this script to test for protocol security like this: "./testssl.sh my.pop-ssl-server.domain:995"

My opinion: This patch should become default a port option to secure dovecot 1 by default against POODLE.

Kai Gallasch.

[1] Test results, with disabled SSLv2/3 in dovecot.conf: -> No TLSv1 and TLSv1.1 support.

./testssl.sh my.pop-ssl-server.domain:995

testssl.sh v2.2  (https://testssl.sh)
($Id: testssl.sh,v 1.151 2014/12/08 09:32:50 dirkw Exp $)

   This program is free software. Redistribution + 
   modification under GPLv2 is permitted. 

 Note: you can only check the server with what is
 available (ciphers/protocols) locally on your machine!

 Using "OpenSSL 1.0.1f 6 Jan 2014" from
 (built: "Jan  9 17:52:48 2015", platform: "debian-amd64")

Testing now (2015-01-23 00:12) ---> (my.pop-ssl-server.domain) <---

 rDNS (    my.pop-ssl-server.domain

 Couldn't determine what's running on port 995, assuming not HTTP

--> Testing Protocols 

 SSLv2      Local problem: /usr/bin/openssl doesn't support "s_client -ssl2" 
 SSLv3      not offered (OK) 
 TLSv1      not offered
 TLSv1.1    not offered 
 TLSv1.2    offered (OK) 
 SPDY/NPN   not offered

--> Testing standard cipher lists 

 Null Cipher              not offered (OK) 
 Anonymous NULL Cipher    not offered (OK) 
 Anonymous DH Cipher      not offered (OK) 
 40 Bit encryption        not offered (OK) 
 56 Bit encryption        Local problem: No 56 Bit encryption configured in /usr/bin/openssl 
 Export Cipher (general)  not offered (OK) 
 Low (<=64 Bit)           not offered (OK) 
 DES Cipher               not offered (OK) 
 Triple DES Cipher        not offered
 Medium grade encryption  not offered
 High grade encryption    offered (OK) 

--> Testing server defaults (Server Hello) 

 Negotiated protocol       TLSv1.2 
 Negotiated cipher         DHE-RSA-AES256-GCM-SHA384 

 Server key size           4096 bit 
 TLS server extensions     renegotiation info, session ticket, heartbeat
 Session Tickets RFC 5077  300 seconds
 OCSP stapling             not offered

--> Testing specific vulnerabilities 

 Heartbleed (CVE-2014-0160), experimental  not vulnerable (OK) 
 CCS  (CVE-2014-0224), experimental        not vulnerable (OK) 
 Renegotiation (CVE 2009-3555)             not vulnerable (OK) 
 CRIME, TLS (CVE-2012-4929)                Local Problem: Your /usr/bin/openssl lacks zlib support 
 POODLE (CVE-2014-3566), experimental      not vulnerable (OK) 

--> Checking RC4 Ciphers 

no RC4 ciphers detected (OK) 

--> Testing (Perfect) Forward Secrecy  (P)FS)  -- omitting 3DES, RC4 and Null Encryption here

PFS seems generally available. Now testing specific ciphers ... 

Hexcode  Cipher Suite Name (OpenSSL)    KeyExch.   Encryption Bits
 x9f     DHE-RSA-AES256-GCM-SHA384      DH         AESGCM     256                                                                                     
 x6b     DHE-RSA-AES256-SHA256          DH         AES        256                                                                                     
 x9e     DHE-RSA-AES128-GCM-SHA256      DH         AESGCM     128                                                                                     
 x67     DHE-RSA-AES128-SHA256          DH         AES        128                                                                                     

Please note: detected PFS ciphers don't necessarily mean any client/browser will use them

[2] Test results, with applied patch and dovecot.conf option "ssl_cipher_list = HIGH:!SSLv2:!aNULL:!MD5!DES:!3DES"

./testssl.sh my.pop-ssl-server.domain:995

testssl.sh v2.2  (https://testssl.sh)
($Id: testssl.sh,v 1.151 2014/12/08 09:32:50 dirkw Exp $)

   This program is free software. Redistribution + 
   modification under GPLv2 is permitted. 

 Note: you can only check the server with what is
 available (ciphers/protocols) locally on your machine!

 Using "OpenSSL 1.0.1f 6 Jan 2014" from
 (built: "Jan  9 17:52:48 2015", platform: "debian-amd64")

Testing now (2015-01-23 00:56) ---> (my.pop-ssl-server.domain) <---

 rDNS (    my.pop-ssl-server.domain

 Couldn't determine what's running on port 995, assuming not HTTP

--> Testing Protocols 

 SSLv2      Local problem: /usr/bin/openssl doesn't support "s_client -ssl2" 
 SSLv3      not offered (OK) 
 TLSv1      offered (OK) 
 TLSv1.1    offered (OK) 
 TLSv1.2    offered (OK) 
 SPDY/NPN   not offered

--> Testing standard cipher lists 

 Null Cipher              not offered (OK) 
 Anonymous NULL Cipher    not offered (OK) 
 Anonymous DH Cipher      not offered (OK) 
 40 Bit encryption        not offered (OK) 
 56 Bit encryption        Local problem: No 56 Bit encryption configured in /usr/bin/openssl 
 Export Cipher (general)  not offered (OK) 
 Low (<=64 Bit)           not offered (OK) 
 DES Cipher               not offered (OK) 
 Triple DES Cipher        not offered
 Medium grade encryption  not offered
 High grade encryption    offered (OK) 

--> Testing server defaults (Server Hello) 

 Negotiated protocol       TLSv1.2 
 Negotiated cipher         DHE-RSA-AES256-GCM-SHA384 

 Server key size           4096 bit 
 TLS server extensions     renegotiation info, session ticket, heartbeat
 Session Tickets RFC 5077  300 seconds
 OCSP stapling             not offered

--> Testing specific vulnerabilities 

 Heartbleed (CVE-2014-0160), experimental  not vulnerable (OK) (timed out)
 CCS  (CVE-2014-0224), experimental        not vulnerable (OK) 
 Renegotiation (CVE 2009-3555)             not vulnerable (OK) 
 CRIME, TLS (CVE-2012-4929)                Local Problem: Your /usr/bin/openssl lacks zlib support 
 POODLE (CVE-2014-3566), experimental      not vulnerable (OK) 

--> Checking RC4 Ciphers 

no RC4 ciphers detected (OK) 

--> Testing (Perfect) Forward Secrecy  (P)FS)  -- omitting 3DES, RC4 and Null Encryption here

PFS seems generally available. Now testing specific ciphers ... 

Hexcode  Cipher Suite Name (OpenSSL)    KeyExch.   Encryption Bits
 x9f     DHE-RSA-AES256-GCM-SHA384      DH         AESGCM     256                                                                                     
 x6b     DHE-RSA-AES256-SHA256          DH         AES        256                                                                                     
 x39     DHE-RSA-AES256-SHA             DH         AES        256                                                                                     
 x88     DHE-RSA-CAMELLIA256-SHA        DH         Camellia   256                                                                                     
 x9e     DHE-RSA-AES128-GCM-SHA256      DH         AESGCM     128                                                                                     
 x67     DHE-RSA-AES128-SHA256          DH         AES        128                                                                                     
 x33     DHE-RSA-AES128-SHA             DH         AES        128                                                                                     
 x45     DHE-RSA-CAMELLIA128-SHA        DH         Camellia   128                                                                                     

Please note: detected PFS ciphers don't necessarily mean any client/browser will use them
Comment 1 Bugzilla Automation freebsd_committer freebsd_triage 2015-01-23 11:12:57 UTC
Auto-assigned to maintainer bdrewery@FreeBSD.org
Comment 2 Mark Linimon freebsd_committer freebsd_triage 2015-01-27 01:18:37 UTC

*** This bug has been marked as a duplicate of bug 197027 ***