From owner-freebsd-ports-bugs@FreeBSD.ORG Fri Jan 23 11:12:58 2015 Return-Path: Delivered-To: freebsd-ports-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 31F56F9D for ; Fri, 23 Jan 2015 11:12:58 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 190B2352 for ; Fri, 23 Jan 2015 11:12:58 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t0NBCv2e046835 for ; Fri, 23 Jan 2015 11:12:57 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 197028] port mail/dovecot - patch to disable SSLv2 and SSLv3 (POODLE) Date: Fri, 23 Jan 2015 11:12:57 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: k@free.de X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bdrewery@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jan 2015 11:12:58 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197028 Bug ID: 197028 Summary: port mail/dovecot - patch to disable SSLv2 and SSLv3 (POODLE) Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: bdrewery@FreeBSD.org Reporter: k@free.de Assignee: bdrewery@FreeBSD.org Flags: maintainer-feedback?(bdrewery@FreeBSD.org) Here is a patch for the port mail/dovecot against version 1.2.17 to disable SSLv2 and SSLv3 encryption protocols, making dovecot immune to POODLE (CVE-2014-3566). In theory it should be possible to also achieve this through adapting your dovecot.conf (ssl_cipher_list), but my tests [1] show, that disabling SSLv2 and SSLv3 in the dovecot.conf also disables TLSv1 and TLSv1.1 - leaving only TLSv1.2 as a last and only resort for protocol negotiation between client and server.. This then effectively blocks many mail clients that still cannot make use of TLSv1.2. So this is not an option. I have good results[2] by using this patch and using the following option in dovecot.conf ssl_cipher_list = HIGH:!SSLv2:!aNULL:!MD5!DES:!3DES I verified my tests by using the publicly available script from https://testssl.sh/ You can use this script to test for protocol security like this: "./testssl.sh my.pop-ssl-server.domain:995" My opinion: This patch should become default a port option to secure dovecot 1 by default against POODLE. Regards, Kai Gallasch. [1] Test results, with disabled SSLv2/3 in dovecot.conf: -> No TLSv1 and TLSv1.1 support. ./testssl.sh my.pop-ssl-server.domain:995 ######################################################### testssl.sh v2.2 (https://testssl.sh) ($Id: testssl.sh,v 1.151 2014/12/08 09:32:50 dirkw Exp $) This program is free software. Redistribution + modification under GPLv2 is permitted. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK! Note: you can only check the server with what is available (ciphers/protocols) locally on your machine! ######################################################### Using "OpenSSL 1.0.1f 6 Jan 2014" from orwell:/usr/bin/openssl (built: "Jan 9 17:52:48 2015", platform: "debian-amd64") Testing now (2015-01-23 00:12) ---> 10.10.10.1:995 (my.pop-ssl-server.domain) <--- rDNS (10.10.10.1): my.pop-ssl-server.domain Couldn't determine what's running on port 995, assuming not HTTP --> Testing Protocols SSLv2 Local problem: /usr/bin/openssl doesn't support "s_client -ssl2" SSLv3 not offered (OK) TLSv1 not offered TLSv1.1 not offered TLSv1.2 offered (OK) SPDY/NPN not offered --> Testing standard cipher lists Null Cipher not offered (OK) Anonymous NULL Cipher not offered (OK) Anonymous DH Cipher not offered (OK) 40 Bit encryption not offered (OK) 56 Bit encryption Local problem: No 56 Bit encryption configured in /usr/bin/openssl Export Cipher (general) not offered (OK) Low (<=64 Bit) not offered (OK) DES Cipher not offered (OK) Triple DES Cipher not offered Medium grade encryption not offered High grade encryption offered (OK) --> Testing server defaults (Server Hello) Negotiated protocol TLSv1.2 Negotiated cipher DHE-RSA-AES256-GCM-SHA384 Server key size 4096 bit TLS server extensions renegotiation info, session ticket, heartbeat Session Tickets RFC 5077 300 seconds OCSP stapling not offered --> Testing specific vulnerabilities Heartbleed (CVE-2014-0160), experimental not vulnerable (OK) CCS (CVE-2014-0224), experimental not vulnerable (OK) Renegotiation (CVE 2009-3555) not vulnerable (OK) CRIME, TLS (CVE-2012-4929) Local Problem: Your /usr/bin/openssl lacks zlib support POODLE (CVE-2014-3566), experimental not vulnerable (OK) --> Checking RC4 Ciphers no RC4 ciphers detected (OK) --> Testing (Perfect) Forward Secrecy (P)FS) -- omitting 3DES, RC4 and Null Encryption here PFS seems generally available. Now testing specific ciphers ... Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits ------------------------------------------------------------------------- x9f DHE-RSA-AES256-GCM-SHA384 DH AESGCM 256 x6b DHE-RSA-AES256-SHA256 DH AES 256 x9e DHE-RSA-AES128-GCM-SHA256 DH AESGCM 128 x67 DHE-RSA-AES128-SHA256 DH AES 128 Please note: detected PFS ciphers don't necessarily mean any client/browser will use them [2] Test results, with applied patch and dovecot.conf option "ssl_cipher_list = HIGH:!SSLv2:!aNULL:!MD5!DES:!3DES" ./testssl.sh my.pop-ssl-server.domain:995 ######################################################### testssl.sh v2.2 (https://testssl.sh) ($Id: testssl.sh,v 1.151 2014/12/08 09:32:50 dirkw Exp $) This program is free software. Redistribution + modification under GPLv2 is permitted. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK! Note: you can only check the server with what is available (ciphers/protocols) locally on your machine! ######################################################### Using "OpenSSL 1.0.1f 6 Jan 2014" from orwell:/usr/bin/openssl (built: "Jan 9 17:52:48 2015", platform: "debian-amd64") Testing now (2015-01-23 00:56) ---> 10.10.10.1:995 (my.pop-ssl-server.domain) <--- rDNS (10.10.10.1): my.pop-ssl-server.domain Couldn't determine what's running on port 995, assuming not HTTP --> Testing Protocols SSLv2 Local problem: /usr/bin/openssl doesn't support "s_client -ssl2" SSLv3 not offered (OK) TLSv1 offered (OK) TLSv1.1 offered (OK) TLSv1.2 offered (OK) SPDY/NPN not offered --> Testing standard cipher lists Null Cipher not offered (OK) Anonymous NULL Cipher not offered (OK) Anonymous DH Cipher not offered (OK) 40 Bit encryption not offered (OK) 56 Bit encryption Local problem: No 56 Bit encryption configured in /usr/bin/openssl Export Cipher (general) not offered (OK) Low (<=64 Bit) not offered (OK) DES Cipher not offered (OK) Triple DES Cipher not offered Medium grade encryption not offered High grade encryption offered (OK) --> Testing server defaults (Server Hello) Negotiated protocol TLSv1.2 Negotiated cipher DHE-RSA-AES256-GCM-SHA384 Server key size 4096 bit TLS server extensions renegotiation info, session ticket, heartbeat Session Tickets RFC 5077 300 seconds OCSP stapling not offered --> Testing specific vulnerabilities Heartbleed (CVE-2014-0160), experimental not vulnerable (OK) (timed out) CCS (CVE-2014-0224), experimental not vulnerable (OK) Renegotiation (CVE 2009-3555) not vulnerable (OK) CRIME, TLS (CVE-2012-4929) Local Problem: Your /usr/bin/openssl lacks zlib support POODLE (CVE-2014-3566), experimental not vulnerable (OK) --> Checking RC4 Ciphers no RC4 ciphers detected (OK) --> Testing (Perfect) Forward Secrecy (P)FS) -- omitting 3DES, RC4 and Null Encryption here PFS seems generally available. Now testing specific ciphers ... Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits ------------------------------------------------------------------------- x9f DHE-RSA-AES256-GCM-SHA384 DH AESGCM 256 x6b DHE-RSA-AES256-SHA256 DH AES 256 x39 DHE-RSA-AES256-SHA DH AES 256 x88 DHE-RSA-CAMELLIA256-SHA DH Camellia 256 x9e DHE-RSA-AES128-GCM-SHA256 DH AESGCM 128 x67 DHE-RSA-AES128-SHA256 DH AES 128 x33 DHE-RSA-AES128-SHA DH AES 128 x45 DHE-RSA-CAMELLIA128-SHA DH Camellia 128 Please note: detected PFS ciphers don't necessarily mean any client/browser will use them --- Comment #1 from Bugzilla Automation --- Auto-assigned to maintainer bdrewery@FreeBSD.org -- You are receiving this mail because: You are the assignee for the bug.