Page 1 of 1

Is hMailserver vulnerable to Logjam??

Posted: 2015-05-20 15:03
by ArenICT
Does anyone know if hMailserver is vulnerable to the Logjam Attack as described at https://weakdh.org/ ?

Re: Is hMailserver vulnerable to Logjam??

Posted: 2015-05-20 16:08
by mattg
viewtopic.php?f=7&t=27932&p=173855#p173855

Which version of hMailserver do you run?
Have you added the Diffie Hellman EC's
I don't think that they are included by default

Re: Is hMailserver vulnerable to Logjam??

Posted: 2015-05-20 16:53
by ArenICT
I'm running version 5.6.2-B2234 with these SSL/TLS ciphers:

Code: Select all

ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;

Re: Is hMailserver vulnerable to Logjam??

Posted: 2015-05-21 00:39
by mattg
from the link I posted above
Martiin wrote:Apparently support for EC ciphers is something which needed to be implemented explicitly, which I have done now. It will be included in the next 5.6.3 build.
And so your hMailserver is NOT vulnerable.
Newer mail server will only be if the user has implemented the EC ciphers.
My understanding is that this is NOT implemented by default.

Re: Is hMailserver vulnerable to Logjam??

Posted: 2015-05-21 16:40
by MikeLim
Does anyone know if hMailserver is vulnerable to the Logjam Attack as described at https://weakdh.org/ ?

LogJam affects DH ciphers.
As per https://weakdh.org/, DH with 512-bit prime is vulnerable. DH with 1024-bit requires "nation-state" computing resources to crack.

The recommendation is
"If you have a web or mail server, you should disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group. "
Just used openssl to verify DH length on a hMailSserver instance
openssl s_client -starttls smtp -connect MAILSERVER:25 -cipher "EDH" | grep "Server Temp Key"

Output
Server Temp Key: DH, 2048 bits


So if your hMailserver is not configured to use DH ciphers, your server is vulnerable
hMailServer DH implementation is 2048-bit which is good. However, we still need a way to generate unique 2048-bit DH to be secure.
Perhaps a new feature request?

Re: Is hMailserver vulnerable to Logjam??

Posted: 2015-05-21 23:38
by mattg
MikeLim wrote:LogJam affects DH ciphers.
MikeLim wrote:So if your hMailserver is not configured to use DH ciphers, your server is vulnerable
I'm sorry, I'm lost.
If LogJam ONLY affects DH ciphers, how can hMailserver be vulnerable if you don't use DH ciphers?

I really don't know this stuff, I'm basing my knowledge on what I read. The two quotes from you above seem (in my mind) to contradict each other.

Re: Is hMailserver vulnerable to Logjam??

Posted: 2015-05-22 04:42
by MikeLim
My bad.

Should be
So if your hMailserver is not configured to use DH ciphers, your server is NOT vulnerable

Re: Is hMailserver vulnerable to Logjam??

Posted: 2015-05-29 20:21
by martin
There are two other things which hMailServer not vulnerable.

First, hMailServer uses 2048 bit DH, and second, export ciphers are disabled (that's the !EXPORT in your cipher list).

Re: Is hMailserver vulnerable to Logjam??

Posted: 2015-06-02 21:11
by ArenICT
martin wrote:There are two other things which hMailServer not vulnerable.

First, hMailServer uses 2048 bit DH, and second, export ciphers are disabled (that's the !EXPORT in your cipher list).
Ok, now it's clear to me. Thanks for your explanation. :)

Re: Is hMailserver vulnerable to Logjam??

Posted: 2015-06-10 14:01
by AdrianaChavarria
it is important issue for all this is a critical issue carry on this topic

Re: Is hMailserver vulnerable to Logjam??

Posted: 2015-06-16 05:26
by MikeLim
AdrianaChavarria wrote:it is important issue for all this is a critical issue carry on this topic
As far a I am concerned, this issue has been fully explained.


Key points :
1) hMailServer default configuration uses 2048-bit DH. Export ciphers are disabled. => not vulnerable.
2) For further protection, disable DH ciphers in your hMail instance. Basically remove any cipher that starts with DHE or EDH. Latest version already support ECDHE which is better than DHE.
3) If you want to use DH (why?) but is concerned about hMailServer using "common" 2048-bit prime, you can generate your own and replace dh2048.pem file in hMailServer\bin folder.

Point 1 is good enough for most of us.

Point 2 is what we did. On a related note, most web sites (Google, CloudFlare) only support ECDHE and not DH ciphers.

Point 3 assumes a good understanding of cryptography and logjam (http://weakdh.org) analysis/implications.
Use OpenSSL (openssl dhparam -out dh2048.pem 2048) to do this.
Question is why do you want to do this when Option 2 is available?

The "vulnerability" allows attacker to sniff encrypted traffic; it does not allow attacker to gain direct access to your server or your cert (aka HeartBleed).
FWIW, STARTTLS encryption for mail traffic is optional, and the ECDHE is better than DHE.

Re: Is hMailserver vulnerable to Logjam??

Posted: 2015-06-16 11:25
by jimimaseye
MikeLim wrote:
AdrianaChavarria wrote:it is important issue for all this is a critical issue carry on this topic
As far a I am concerned, this issue has been fully explained.
Mike, I strongly suspect that 'Adriana' is no more interested in this topic as he/she is likely more interested in selling their single-minded religious books or unwanted cleaning chemical-fueled hooky drugs online. Only a matter of time before they appear. (Might be wrong, but the clues are here - Ive seen this pattern before).

However, your response is useful to others and summarises nicely.

Re: Is hMailserver vulnerable to Logjam??

Posted: 2015-06-16 23:52
by mattg
jimimaseye wrote:(Might be wrong, but the clues are here - Ive seen this pattern before).

However, your response is useful to others and summarises nicely.
+1 to both of these statements