DH-ciphers will be supported in 5.6

Use this forum if you want to discuss a problem or ask a question related to a hMailServer beta release.
Post Reply
User avatar
martin
Developer
Developer
Posts: 6833
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

DH-ciphers will be supported in 5.6

Post by martin » 2014-10-06 17:44

In hMailServer 5.6, it will be possible to use Diffie Hellman ciphers.

The hMailServer installation program will include a 2048bit Diffie Hellman parameter file which hMailServer can be used.

I'm also leaning towards setting the default cipher list to what is recommended by Mozilla. This would be set automatically during an upgrade, unless you've specified your own list of ciphers. This could potentially break backwards compatibility if you are using clients which supports none of these, but then you could simply delete the cipher list to allow all.
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;
Martin Knafve
martin@hmailserver.com
https://twitter.com/knafve

prisma
Senior user
Senior user
Posts: 309
Joined: 2010-07-09 13:16

Re: DH-ciphers will be supported in 5.6

Post by prisma » 2014-10-08 09:15

I very appreciate your work. Regarding backward compatibility you should have no concerns. I'm no crypto guru. But I think "...AES128:AES256:RC4-SHA..." is a build in fall-back for weak clients, isn't it?

User avatar
martin
Developer
Developer
Posts: 6833
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: DH-ciphers will be supported in 5.6

Post by martin » 2014-10-08 10:20

Yes, I think so to so of course the risk is quite low, but not nonexistant. I mean, there could be some client which requires MD5 for example, and after the upgrade such a client would no longer work (until the cipher list is cleared).
Martin Knafve
martin@hmailserver.com
https://twitter.com/knafve

prisma
Senior user
Senior user
Posts: 309
Joined: 2010-07-09 13:16

Re: DH-ciphers will be supported in 5.6

Post by prisma » 2014-10-21 13:39

While testing 5.6 I noticed that (EC)DH isn't used always. A fall-back to version=TLSv1 cipher=AES256-SHA bits=256 sometimes done.

Hmailserver is configured with the ciphers above. My ISP gave me info that only TLSv1 with following ciphers is supported:

Accepted TLSv1 256 bits DHE-RSA-AES256-SHA
Accepted TLSv1 256 bits AES256-SHA
Accepted TLSv1 128 bits DHE-RSA-AES128-SHA
Accepted TLSv1 128 bits AES128-SHA

Both DHE-RSA-AES256-SHA and DHE-RSA-AES128-SHA are accepted from both sides. But used is only AES256-SHA.

Observing the ISPs mailserver I noticed in header info the ISP mailserver uses DHE_RSA_AES_256_CBC_SHA1:32 with another server.

Martin, in the meantime you got more knowledge regarding encryption than me. Is DHE_RSA_AES_256_CBC_SHA1:32 not used with hmailserver because of "HIGH" within the ciphers you posted here? Or what other reasons you're able to imagine before checking any logs?

User avatar
martin
Developer
Developer
Posts: 6833
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: DH-ciphers will be supported in 5.6

Post by martin » 2014-10-22 11:13

Good question. Is the fallback always done when you communicate with the ISP's server?

Could it be that they do not accept DH keys of 2048 bits? Maybe they only accept 512 or 1028 bits?

Can you try removing HIGH from the cipher list and see if that changes things?

(Btw, did you see that I sent you a private message some days ago?)
Martin Knafve
martin@hmailserver.com
https://twitter.com/knafve

prisma
Senior user
Senior user
Posts: 309
Joined: 2010-07-09 13:16

Re: DH-ciphers will be supported in 5.6

Post by prisma » 2014-10-29 14:21

No. Usage of DH or not has nothing to do with HIGH. After deleting HIGH only TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16 was used instead of TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32. Arg!

It should be possible to use multiple DH keyfiles, shouldn't it? I'm not sure, but I think 1024 is standard. Openssl generates 512bit files if not configured otherwise.

Post Reply