Is hMailserver vulnerable to Logjam??

Use this forum if you want to discuss a problem or ask a question related to a hMailServer beta release.
Post Reply
ArenICT
New user
New user
Posts: 5
Joined: 2014-09-17 18:35

Is hMailserver vulnerable to Logjam??

Post by ArenICT » 2015-05-20 15:03

Does anyone know if hMailserver is vulnerable to the Logjam Attack as described at https://weakdh.org/ ?

User avatar
mattg
Moderator
Moderator
Posts: 20965
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Is hMailserver vulnerable to Logjam??

Post by mattg » 2015-05-20 16:08

viewtopic.php?f=7&t=27932&p=173855#p173855

Which version of hMailserver do you run?
Have you added the Diffie Hellman EC's
I don't think that they are included by default
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

ArenICT
New user
New user
Posts: 5
Joined: 2014-09-17 18:35

Re: Is hMailserver vulnerable to Logjam??

Post by ArenICT » 2015-05-20 16:53

I'm running version 5.6.2-B2234 with these SSL/TLS ciphers:

Code: Select all

ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;

User avatar
mattg
Moderator
Moderator
Posts: 20965
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Is hMailserver vulnerable to Logjam??

Post by mattg » 2015-05-21 00:39

from the link I posted above
Martiin wrote:Apparently support for EC ciphers is something which needed to be implemented explicitly, which I have done now. It will be included in the next 5.6.3 build.
And so your hMailserver is NOT vulnerable.
Newer mail server will only be if the user has implemented the EC ciphers.
My understanding is that this is NOT implemented by default.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

MikeLim
New user
New user
Posts: 16
Joined: 2015-05-21 16:17

Re: Is hMailserver vulnerable to Logjam??

Post by MikeLim » 2015-05-21 16:40

Does anyone know if hMailserver is vulnerable to the Logjam Attack as described at https://weakdh.org/ ?

LogJam affects DH ciphers.
As per https://weakdh.org/, DH with 512-bit prime is vulnerable. DH with 1024-bit requires "nation-state" computing resources to crack.

The recommendation is
"If you have a web or mail server, you should disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group. "
Just used openssl to verify DH length on a hMailSserver instance
openssl s_client -starttls smtp -connect MAILSERVER:25 -cipher "EDH" | grep "Server Temp Key"

Output
Server Temp Key: DH, 2048 bits


So if your hMailserver is not configured to use DH ciphers, your server is vulnerable
hMailServer DH implementation is 2048-bit which is good. However, we still need a way to generate unique 2048-bit DH to be secure.
Perhaps a new feature request?

User avatar
mattg
Moderator
Moderator
Posts: 20965
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Is hMailserver vulnerable to Logjam??

Post by mattg » 2015-05-21 23:38

MikeLim wrote:LogJam affects DH ciphers.
MikeLim wrote:So if your hMailserver is not configured to use DH ciphers, your server is vulnerable
I'm sorry, I'm lost.
If LogJam ONLY affects DH ciphers, how can hMailserver be vulnerable if you don't use DH ciphers?

I really don't know this stuff, I'm basing my knowledge on what I read. The two quotes from you above seem (in my mind) to contradict each other.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

MikeLim
New user
New user
Posts: 16
Joined: 2015-05-21 16:17

Re: Is hMailserver vulnerable to Logjam??

Post by MikeLim » 2015-05-22 04:42

My bad.

Should be
So if your hMailserver is not configured to use DH ciphers, your server is NOT vulnerable

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Is hMailserver vulnerable to Logjam??

Post by martin » 2015-05-29 20:21

There are two other things which hMailServer not vulnerable.

First, hMailServer uses 2048 bit DH, and second, export ciphers are disabled (that's the !EXPORT in your cipher list).
Martin Knafve
martin@hmailserver.com
https://twitter.com/knafve

ArenICT
New user
New user
Posts: 5
Joined: 2014-09-17 18:35

Re: Is hMailserver vulnerable to Logjam??

Post by ArenICT » 2015-06-02 21:11

martin wrote:There are two other things which hMailServer not vulnerable.

First, hMailServer uses 2048 bit DH, and second, export ciphers are disabled (that's the !EXPORT in your cipher list).
Ok, now it's clear to me. Thanks for your explanation. :)

AdrianaChavarria
New user
New user
Posts: 1
Joined: 2015-06-10 13:53

Re: Is hMailserver vulnerable to Logjam??

Post by AdrianaChavarria » 2015-06-10 14:01

it is important issue for all this is a critical issue carry on this topic

MikeLim
New user
New user
Posts: 16
Joined: 2015-05-21 16:17

Re: Is hMailserver vulnerable to Logjam??

Post by MikeLim » 2015-06-16 05:26

AdrianaChavarria wrote:it is important issue for all this is a critical issue carry on this topic
As far a I am concerned, this issue has been fully explained.


Key points :
1) hMailServer default configuration uses 2048-bit DH. Export ciphers are disabled. => not vulnerable.
2) For further protection, disable DH ciphers in your hMail instance. Basically remove any cipher that starts with DHE or EDH. Latest version already support ECDHE which is better than DHE.
3) If you want to use DH (why?) but is concerned about hMailServer using "common" 2048-bit prime, you can generate your own and replace dh2048.pem file in hMailServer\bin folder.

Point 1 is good enough for most of us.

Point 2 is what we did. On a related note, most web sites (Google, CloudFlare) only support ECDHE and not DH ciphers.

Point 3 assumes a good understanding of cryptography and logjam (http://weakdh.org) analysis/implications.
Use OpenSSL (openssl dhparam -out dh2048.pem 2048) to do this.
Question is why do you want to do this when Option 2 is available?

The "vulnerability" allows attacker to sniff encrypted traffic; it does not allow attacker to gain direct access to your server or your cert (aka HeartBleed).
FWIW, STARTTLS encryption for mail traffic is optional, and the ECDHE is better than DHE.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8680
Joined: 2011-09-08 17:48

Re: Is hMailserver vulnerable to Logjam??

Post by jimimaseye » 2015-06-16 11:25

MikeLim wrote:
AdrianaChavarria wrote:it is important issue for all this is a critical issue carry on this topic
As far a I am concerned, this issue has been fully explained.
Mike, I strongly suspect that 'Adriana' is no more interested in this topic as he/she is likely more interested in selling their single-minded religious books or unwanted cleaning chemical-fueled hooky drugs online. Only a matter of time before they appear. (Might be wrong, but the clues are here - Ive seen this pattern before).

However, your response is useful to others and summarises nicely.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 20965
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Is hMailserver vulnerable to Logjam??

Post by mattg » 2015-06-16 23:52

jimimaseye wrote:(Might be wrong, but the clues are here - Ive seen this pattern before).

However, your response is useful to others and summarises nicely.
+1 to both of these statements
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Post Reply