Enforcing diffie-hellman-keyexchange within SSL-handshake

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
prisma
Senior user
Senior user
Posts: 325
Joined: 2010-07-09 13:16

Enforcing diffie-hellman-keyexchange within SSL-handshake

Post by prisma » 2013-09-11 11:03

From webservers or other mailservers I know very simple configuration steps to enforce a diffie-hellman-keyexchange within the SSL-Handshake. How to do this with hmailserver?

prisma
Senior user
Senior user
Posts: 325
Joined: 2010-07-09 13:16

Re: Enforcing diffie-hellman-keyexchange within SSL-handshak

Post by prisma » 2013-09-17 11:21

Hello, are the developers all on vacation in Fort Meade, Maryland? ;)
To sort the ciphersuites to increase security is absolute standard procedure. From your silence I deduce that this is not possible.

Or uses Martin Microsofts CryptoAPI (schannel.dll) ?
Could it be possible to achieve this by configuring HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL ?

User avatar
Snorkasaurus
Normal user
Normal user
Posts: 191
Joined: 2010-08-29 16:32
Location: Canada
Contact:

Re: Enforcing diffie-hellman-keyexchange within SSL-handshak

Post by Snorkasaurus » 2013-09-24 02:12

Okay I'll bite... what is it about enforcing diffie-hellman that increases security and could the same be achieved by disabling any other possible handshake? Would this be specifically for client-server connections versus server-server connections?

S.

prisma
Senior user
Senior user
Posts: 325
Joined: 2010-07-09 13:16

Re: Enforcing diffie-hellman-keyexchange within SSL-handshak

Post by prisma » 2013-09-25 09:39

This post has nothing to do with security for Server-Server connections (RFC-3207). StartTLS for SMTP isn't implemented by Martin. If you also agree with me that this is a problem, please vote for it here: http://hmailserver.com/forum/viewtopic.php?t=15500

This post is about how to determine and sort the used ciphersuites to prevent weak encryption or encryption which can be broken if the data stream is first recorded and the servers private key is recalculated or stolen later. (EC)DH makes this more difficult.

This post is not about the sense of encryption. Every encryption can be broken, especially from NSA.

You wrote "could the same be achieved by disabling any other possible handshake". Yes, of course. But how achieve this with hmailserver? Please give me a hint. I'm to stupid to find it within the docs.

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: Enforcing diffie-hellman-keyexchange within SSL-handshak

Post by Bill48105 » 2014-01-06 23:15

Was looking closer at this & in hmail code openssl SSL_set_cipher_list() can be called to specify ciphers available in openssl as documented here:
http://www.openssl.org/docs/apps/ciphers.html

Assuming that will suffice to suit your needs I could add new INI setting to hmailserver.ini where YOU specify the string to be passed to that function in turn allowing YOU to specify which ciphers are allowed or not allowed.
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: Enforcing diffie-hellman-keyexchange within SSL-handshak

Post by Bill48105 » 2014-04-21 23:48

I have a TEST BUILD if anyone wants to try it. Understand this is not tested beyond making sure the values set show up as expected in the logs as shown.
*** I would not recommend using this test build in production ***

hmailserver.ini

Code: Select all

[Settings]
SSLOptionList=default_workarounds,no_sslv2,no_tlsv1
;DO NOT USE this examaple SSLOptionList. It is just an example
;Default if not defined is default_workarounds,no_sslv2
SSLCipherList=ECDH:DH
;DO NOT USE this examaple SSLCipherList. It is just an example
;Default if not defined is OpenSSL default Ciphers
IMPORTANT!
* Note that SSLOptionList defaults to default_workarounds,no_sslv2 if not set (that is what hmailserver uses now) and that it is a COMMA DELIMITED LIST. I would not put spaces between I do not know what that would do.
* SSLCipherList defaults to NOTHING as is the case with hmailserver now and it is a COLON DELIMITED LIST as shown & from the available options shown on openssl site: https://www.openssl.org/docs/apps/ciphers.html# Using ! in front of a cipher disables it. Do not put spaces between each.
* For now ensure all OPTIONS set to lower case and CIPHERS set to UPPER CASE, unless confirmed to work otherwise. (Tempted to force case in the code but for now just match case of example INI above)
* These lists are used for both listening (incoming) and outgoing. If there becomes a need I can make 2 more INI settings but for now this allows testing.

* IMPORTANT: This build has a LOT of extra debug logging but NOT shown by default. [Settings]LogLevel=10 for some extra to 100 for extremely verbose (10 needed to show below log lines)

Code: Select all

"DEBUG"	3448	"2014-04-21 17:08:32.079"	"TCPServer::InitSSL() - SSLOptionList Option: default_workarounds,no_sslv2,no_tlsv1"
"DEBUG"	3448	"2014-04-21 17:08:32.079"	"TCPServer::InitSSL() - SSL Cipher Option: ECDH:DH"
"DEBUG"	3448	"2014-04-21 17:08:32.079"	"TCPServer::InitSSL() - Found SSL Option: default_workarounds"
"DEBUG"	3448	"2014-04-21 17:08:32.079"	"TCPServer::InitSSL() - SSL Option SET: default_workarounds"
"DEBUG"	3448	"2014-04-21 17:08:32.079"	"TCPServer::InitSSL() - Found SSL Option: no_sslv2"
"DEBUG"	3448	"2014-04-21 17:08:32.079"	"TCPServer::InitSSL() - SSL Option SET: no_sslv2"
"DEBUG"	3448	"2014-04-21 17:08:32.079"	"TCPServer::InitSSL() - Found SSL Option: no_tlsv1"
"DEBUG"	3448	"2014-04-21 17:08:32.079"	"TCPServer::InitSSL() - SSL Option SET: no_tlsv1"
*** I would not recommend using this test build in production ***

Other changes in this build since 4/8 build:
* Fixed bug where built-in backup would abort if Data > 15GB despite BackupMessagesDBOnly=1 option. (Thx CU2U)
* Using martin's openssl 1.0.1g from official source vs my assembly built one. (Might as well stick with his now that it is available)

In addition I am posting up a 2nd test build which also changes:
* Used /LARGEADDRESSAWARE option during build which should allow hmailserver to use more memory if needed (such as heavy IMAP load)
* WARNING!!! - UNTESTED!!! - Could cause unknown problems due to memory space addressing.
* WARNING!!! - Should ONLY be tested on 64bit Windows Vista or later with AT LEAST 4GB MEMORY!! (It makes no sense to try this on 32bit or <2GB anyway but you should have at least 3GB before it could make a difference but really 4GB.)
* YOU'VE BEEN WARNED!

OK here are the downloads: (Install just like any other experimental build)

SSLOptions SSL Cipher TEST build: (See warnings above)
http://www.mediafire.com/download/dzel2 ... ns-TEST.7z
MD5: 531605ee555e7b2d175a2ebe31071e0b SHA1: c1209e9e666fe4ff3cfa4fd43b316015e3a02eb3

LargeMemory SSLPtions SSL Cipher TEST build: (See warnings above)
http://www.mediafire.com/download/nu0f7 ... ns-TEST.7z
MD5: e1fd3a6787e62297af607893d2d5fd4a SHA1: 8f50730f7783ee1dcec8631c0b28de757529e6ba
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: Enforcing diffie-hellman-keyexchange within SSL-handshak

Post by Bill48105 » 2014-04-22 00:05

UPDATE: Tried out the bolet test tool & would not connect so I was worried. Come find out my sample ciphers was a bad choice. lol based on the test tool the INI settings DO WORK just make sure to use reasonable ciphers & not the ones I used in the example.
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

braniak
Normal user
Normal user
Posts: 33
Joined: 2014-02-08 18:21

Re: Enforcing diffie-hellman-keyexchange within SSL-handshak

Post by braniak » 2014-04-24 00:39

Bill48105 wrote:These lists are used for both listening (incoming) and outgoing. If there becomes a need I can make 2 more INI settings but for now this allows testing.
Thank you Bill. I have this installed and running on my server.

I think it's a good idea to have separate settings for incoming and outgoing mail. Also, please compile all future hMail builds to load OpenSSL dynamically.

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: Enforcing diffie-hellman-keyexchange within SSL-handshak

Post by Bill48105 » 2014-04-24 03:19

braniak wrote:
Bill48105 wrote:These lists are used for both listening (incoming) and outgoing. If there becomes a need I can make 2 more INI settings but for now this allows testing.
Thank you Bill. I have this installed and running on my server.

I think it's a good idea to have separate settings for incoming and outgoing mail. Also, please compile all future hMail builds to load OpenSSL dynamically.
OK cool. Yeah let me know how it works.

As I said in my other post I can't promise anything in terms of the builds & openssl for the reasons noted in my other post. Please make a feature request for it & we'll get a poll going on it so I can see if there is even any interest.
Thx
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

Post Reply