Page 1 of 1
Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-02 14:48
by martin
To support TLS 1.3, hMailServer needs to be updated to use latest OpenSSL-version.
The latest OpenSSL-version does not come with SSL 3-support. It's possible to compile OpenSSL with SSL3 support, but haven't gotten this to work.
To solve this I'm leaning towards simply removing the SSL 3-support from hMailServer. The options will simply be removed from the UI and the API methods removed. SSL3 has been considered broken for decades, so supporting it may only be confusing to end-users.
Any objections to this?
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-02 15:05
by palinka
You will not find objections from actual users of hMailServer. Guaranteed.
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-02 15:20
by martin
Yes, I agree that it seems unlikely. Still wanted to post to see if someone says anything else than what I think.
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-02 15:27
by jimimaseye
No objections from me.
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-02 19:00
by RvdH
My hMailserver instance only accepts TLS 1.2 connections, so no objections here
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-02 20:06
by katip
never ever enabled SSL v3.0 option.
dropping it is absolutely ok for me.
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-03 02:14
by mattg
Even Microsoft have disabled SSLv3.0 on all modern operating systems
It provides no security at all - as it so easily broken
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-03 18:32
by RvdH
Do we need a updated ciphers list for this within hmailserver as well?
https://www.openssl.org/docs/man1.1.1/man1/ciphers.html
How is the ciphers list within hmailserver exactly build?
i mean for:
- SSL 3.0
+ TLS 1.3
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-03 21:22
by martin
The cipher list you enter in the user interface is given as-is to OpenSSL using an OpenSSL API (
https://www.openssl.org/docs/man1.0.2/m ... _list.html). OpenSSL parses it and decide what ciphers match. I'm honestly not 100% sure about the syntax for the cipher string itself. The one in hMailServer comes from Mozillas recommendations if I recall correctly.
The cipher list is separate from the TLS versions. By default, OpenSSL enables support for TLS1.0 - 1.3. hMailServer explicitly disables any TLS-version which the user has de-selected in the UI
I just installed the latest build and enabled TLS 1.3. I then verified that I was able to connect to the server using the OpenSSL client and that TLS 1.3 was selected. The cipher was TLS_AES_256_GCM_SHA384. If you go to
https://wiki.mozilla.org/Security/Server_Side_TLS and read about their recommendations they say "For services with clients that support TLS 1.3 and don't need backward compatibility, the Modern configuration provides an extremely high level of security." and then mention this cipher.
(I realize that this is a vague reply to your question but that's what I know about this so far)
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-03 22:05
by RvdH
So when we take the original ciphers list, eg;
Code: Select all
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;
The ones prefixed with '!' are explicitly disabled? Or are all in above list explicitly disabled?
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-04 00:01
by mattg
martin wrote: ↑2019-08-03 21:22
The one in hMailServer comes from Mozillas recommendations if I recall correctly.
Not a recent one I don't think
That list changes fairly frequently
I have updated mine a few times over the years
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-04 09:02
by RvdH
mattg wrote: ↑2019-08-04 00:01
I have updated mine a few times over the years
What is the point if it uses internal API ciphers list?
If i understand correctly this is only to explicitly disable some ciphers.... Docs are not very clear on this matter either
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-04 11:06
by martin
I was probably a bit unclear.
Forget the API part. The important part is:
The cipher list you specify in the UI is the cipher list used. There's no other internal cipher list which will be used.
The format of the cipher list is described under the section "CIPHER STRINGS" here:
https://www.openssl.org/docs/man1.1.0/man1/ciphers.html
The short version is that the cipher string is a semicolon-separated string containing rules on what ciphers to enable.
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-04 11:23
by RvdH
Do we have to list all allowed ciphers there? Or can this be shortened like:
Code: Select all
HIGH:MEDIUM:!SHA1:!SHA256:!SHA384:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;
openssl ciphers -v HIGH:MEDIUM:!SHA1:!SHA256:!SHA384:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
Code: Select all
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(256) Mac=AEAD
DHE-RSA-AES256-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(256) Mac=AEAD
DHE-RSA-AES256-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(256) Mac=AEAD
ECDHE-ECDSA-ARIA256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ARIAGCM(256) Mac=AEAD
ECDHE-ARIA256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=ARIAGCM(256) Mac=AEAD
DHE-DSS-ARIA256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=ARIAGCM(256) Mac=AEAD
DHE-RSA-ARIA256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=ARIAGCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(128) Mac=AEAD
DHE-RSA-AES128-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(128) Mac=AEAD
DHE-RSA-AES128-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-ARIA128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ARIAGCM(128) Mac=AEAD
ECDHE-ARIA128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=ARIAGCM(128) Mac=AEAD
DHE-DSS-ARIA128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=ARIAGCM(128) Mac=AEAD
DHE-RSA-ARIA128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=ARIAGCM(128) Mac=AEAD
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
AES256-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(256) Mac=AEAD
AES256-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(256) Mac=AEAD
ARIA256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=ARIAGCM(256) Mac=AEAD
AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
AES128-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(128) Mac=AEAD
AES128-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(128) Mac=AEAD
ARIA128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=ARIAGCM(128) Mac=AEAD
In above example only High and Medium security TLS 1.2 and 1.3 are allowed protocols
Another example to enable all high security TLS 1.2 and 1.3 ciphers, could be:
openssl ciphers -v HIGH:!TLSv1:!SSLv3;
Code: Select all
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(256) Mac=AEAD
DHE-RSA-AES256-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(256) Mac=AEAD
DHE-RSA-AES256-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(256) Mac=AEAD
ECDHE-ECDSA-ARIA256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ARIAGCM(256) Mac=AEAD
ECDHE-ARIA256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=ARIAGCM(256) Mac=AEAD
DHE-DSS-ARIA256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=ARIAGCM(256) Mac=AEAD
DHE-RSA-ARIA256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=ARIAGCM(256) Mac=AEAD
ADH-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=None Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(128) Mac=AEAD
DHE-RSA-AES128-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(128) Mac=AEAD
DHE-RSA-AES128-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-ARIA128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ARIAGCM(128) Mac=AEAD
ECDHE-ARIA128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=ARIAGCM(128) Mac=AEAD
DHE-DSS-ARIA128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=ARIAGCM(128) Mac=AEAD
DHE-RSA-ARIA128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=ARIAGCM(128) Mac=AEAD
ADH-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=None Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384
DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256
DHE-DSS-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA256
ADH-AES256-SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(256) Mac=SHA256
ADH-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=None Enc=Camellia(256) Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256
DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256
DHE-DSS-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA256
ADH-AES128-SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(128) Mac=SHA256
ADH-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=None Enc=Camellia(128) Mac=SHA256
RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(256) Mac=AEAD
RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-PSK-AES256-CCM8 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM8(256) Mac=AEAD
DHE-PSK-AES256-CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(256) Mac=AEAD
RSA-PSK-ARIA256-GCM-SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=ARIAGCM(256) Mac=AEAD
DHE-PSK-ARIA256-GCM-SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=ARIAGCM(256) Mac=AEAD
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
AES256-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(256) Mac=AEAD
AES256-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(256) Mac=AEAD
ARIA256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=ARIAGCM(256) Mac=AEAD
PSK-AES256-GCM-SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(256) Mac=AEAD
PSK-CHACHA20-POLY1305 TLSv1.2 Kx=PSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
PSK-AES256-CCM8 TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM8(256) Mac=AEAD
PSK-AES256-CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(256) Mac=AEAD
PSK-ARIA256-GCM-SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=ARIAGCM(256) Mac=AEAD
RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(128) Mac=AEAD
DHE-PSK-AES128-CCM8 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM8(128) Mac=AEAD
DHE-PSK-AES128-CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(128) Mac=AEAD
RSA-PSK-ARIA128-GCM-SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=ARIAGCM(128) Mac=AEAD
DHE-PSK-ARIA128-GCM-SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=ARIAGCM(128) Mac=AEAD
AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
AES128-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(128) Mac=AEAD
AES128-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(128) Mac=AEAD
ARIA128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=ARIAGCM(128) Mac=AEAD
PSK-AES128-GCM-SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(128) Mac=AEAD
PSK-AES128-CCM8 TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM8(128) Mac=AEAD
PSK-AES128-CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(128) Mac=AEAD
PSK-ARIA128-GCM-SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=ARIAGCM(128) Mac=AEAD
AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
CAMELLIA256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256
AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
CAMELLIA128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA256
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-04 11:51
by martin
It can be shortened.
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-04 11:53
by RvdH
cool
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-04 12:20
by martin
Have you tried to use the new build already? I'm running it on my server now and was thinking I'll run it for a few days before I put it up on the download section. But I've verified that the communication with external services (such as gmail) is now done using TLS 1.3.
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-04 12:24
by RvdH
Yup, i am running 5.6.8-B2450.21 (*.21 are a few fixes and changes i made myself)
my ISP (external download of POP3 messages) doesn't seem to support TLS 1.3 (yet)
Still have to try with gmail, hotmail...
EDIT:
hotmail fails to make a valid TLS handshake using:
Code: Select all
HIGH:MEDIUM:!SHA1:!SHA256:!SHA384:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;
but works with:
gmail uses TLS cipher 1.3 as you mentioned
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-04 14:04
by mattg
RvdH wrote: ↑2019-08-04 12:24
Yup, i am running 5.6.8-B2450.21 (*.21 are a few fixes and changes i made myself)
Me too now.
RvdH wrote: ↑2019-08-04 12:24
but works with:
gmail uses TLS cipher 1.3 as you mentioned
Doing this now too thanks - we will see how it goes.
Gmail is TLSv1.3 both directions
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-04 14:06
by RvdH
mattg wrote: ↑2019-08-04 14:04
RvdH wrote: ↑2019-08-04 12:24
Yup, i am running 5.6.8-B2450.21 (*.21 are a few fixes and changes i made myself)
Me too now.
RvdH wrote: ↑2019-08-04 12:24
but works with:
gmail uses TLS cipher 1.3 as you mentioned
Doing this now too thanks - we see how it goes.
NOTE: This only is suitable if you only allow TLS 1.2 + 1.3
i know mattg does, but for others, if you need lower TLS version this cipher string is not suitable for you
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-04 15:21
by martin
If you're using "STARTTLS (Optional)", I'm not sure tweaking this has so much value since doing a downgrade-MITM-attack would be trivial in those cases anyway. If you have configured hMailServer to enforce TLS then it makes more sense.
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-04 16:50
by mattg
I only have StartTLS Optional for port 25
I get so many unencrypted connections on port 25, don't see how I could force StartTLS on port 25.
However, I also don't allow AUTH on port 25 (using the ini setting), so there are no usernames / passwords accessible
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-04 17:34
by mattg
Don't know why, but I had to turn off 'verify remote server SSL/TLS certificates' for gmail pop3 external download to work
viewtopic.php?f=21&t=32158&p=200990&hil ... og#p200990
I checked that installed all of these.
Stopped working (with verify checked) when I upgraded to RvdH's 5.6.8-B2450.21 build
It is downloading via TLSv1.3
Edit:- just found this
https://ssl-tools.net/mailservers/pop.gmail.com
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-04 19:11
by martin
Nice find. I'm seeing that as well. Only happens for TLS 1.3 - if I disable TLS 1.3 it works fine.
Will debug and see what's causing it.
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-04 19:18
by martin
Found the issue, it's related to SNI. I'll see if I can fix it.
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-04 20:14
by martin
I've pushed a fix (still testing it though)
In TLS 1.3, SNI is required and I hadn't implemented that in hMailServer. If hMailServer connects to pop.gmail.com:995 without including SNI, then pop.gmail.com will complete the TLS-handshake but return an incorrect SSL-certificate. This incorrect SSL-certificate has a Subject/Issuer/etc all containing something like "
client did not send SNI; fix your client", so it's basically Google's way of finding bugs in clients, which appears to have worked this time.
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-05 08:10
by Dravion
How did you solve certain build Errors
#For OpenSSL_1.1.x
Error C3861: 'EVP_MD_CTX_cleanup': identifier not found \hmailserver\hmailserver\source\Server\Common\AntiSpam\DKIM\DKIM.cpp 227
#BOOST 1.70.0
Error 24 error C2039: 'get_io_service' : is not a member of 'boost::asio::basic_socket_acceptor<boost::asio::ip::tcp,boost::asio::executor>' .\hmailserver\hmailserver\source\Server\Common\TCPIP\TCPServer.cpp 137 1 hMailServer
The BOOST 1.70.0 hMailServer build errors doesn't go away if you for example fall back to openssl-1.0.2s
but BOOST 1.63.0 and openssl-1.0.2s works ok.
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-05 11:16
by martin
Are you trying to use the master branch or 5.7-branch with the new OpenSSL/Boost? I have not merged the fixes to the master branch/5.7-branch yet - I will do that later this week. You can check the 5.6.8 branch to see what changes I had to do. The short version is that a few of the OpenSSL/Boost API:s hMailServer was using has been removed (like 2-3 of them) so I had to make a few small changes to no longer use them.
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-05 11:17
by mattg
The ONLY servers that I am connecting with via TLSv1.3 is the gmail servers, for incoming, outgoing and external pop3 download.
All others are still TLSv1.2 (or nude)
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-05 11:21
by martin
mattg wrote: ↑2019-08-05 11:17
The ONLY servers that I am connecting with via TLSv1.3 is the gmail servers, for incoming, outgoing and external pop3 download. All others are still TLSv1.2 (or nude)
Not sure if you're saying that there's a problem or just sharing what you're seeing? Roughly ~15% of web sites supports TLS1.3, and I would guess that the same number for email is ~5% or so.
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-05 12:08
by Dravion
martin wrote: ↑2019-08-05 11:16
The short version is that a few of the OpenSSL/Boost API:s hMailServer was using has been removed (like 2-3 of them) so I had to make a few small changes to no longer use them.
Ok, i am curious to find out how it works now
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-05 12:44
by mattg
martin wrote: ↑2019-08-05 11:21
mattg wrote: ↑2019-08-05 11:17
The ONLY servers that I am connecting with via TLSv1.3 is the gmail servers, for incoming, outgoing and external pop3 download. All others are still TLSv1.2 (or nude)
Not sure if you're saying that there's a problem or just sharing what you're seeing?
Just sharing what I'm seeing
No problem at all (other than the aforementioned External POP3 'verify' issue that you say you have fixed...) - thanks for implementing TLSv1.3
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-05 12:47
by martin
Alright, cool
The latest 'official' beta-build on the download page resolves the "verify"-issue. But I understand you're using a fork.
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-05 12:57
by mattg
Yep, But just checked an RvhD has updated the fork, so I've just installed it and tested.
Verify certs is turned on, and gmail external POP3 download works fine-
Thanks to you both
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-07 09:39
by mattg
RvdH wrote: ↑2019-08-04 14:06
mattg wrote: ↑2019-08-04 14:04
RvdH wrote: ↑2019-08-04 12:24
Yup, i am running 5.6.8-B2450.21 (*.21 are a few fixes and changes i made myself)
Me too now.
RvdH wrote: ↑2019-08-04 12:24
but works with:
gmail uses TLS cipher 1.3 as you mentioned
Doing this now too thanks - we see how it goes.
NOTE: This only is suitable if you only allow TLS 1.2 + 1.3
i know mattg does, but for others, if you need lower TLS version this cipher string is not suitable for you
My QNAPNas now won't negotiate a secure connection
Last month (before I updated and changed my cipher) the cipher used by my QNAP for notifications was
"TCPIP" 141948 "2019-07-26 13:42:22.826" "TCPConnection - TLS/SSL handshake completed. Session Id: 664, Remote IP: 192.168.0.250, Version: TLSv1.2, Cipher: DHE-RSA-AES256-SHA, Bits: 256"
Not that big a deal - just though that I'd mention it
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-14 03:54
by mattg
Just remembered too that I have one (ex) client with DVR attached to some IP cameras that will only use SSLv3.0 to connect to mail servers to email footage, or snapshots
Doesn't change my view. SSL3.0 should remain removed from hMailserver
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-21 21:50
by janvdweyer
martin wrote: ↑2019-08-04 11:06
I was probably a bit unclear.
Forget the API part. The important part is:
The cipher list you specify in the UI is the cipher list used. There's no other internal cipher list which will be used.
The format of the cipher list is described under the section "CIPHER STRINGS" here:
https://www.openssl.org/docs/man1.1.0/man1/ciphers.html
The short version is that the cipher string is a semicolon-separated string containing rules on what ciphers to enable.
Here is a tool I use:
https://www.nartac.com/Products/IISCrypto/
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-08-21 22:25
by Dravion
Thats for Windows SChannel Cyphers.
hMailServer uses OpenSSL and not MS-SChannel for SSL/TLS.
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-10-24 01:54
by mattg
Just noticed that the latest iOS mail app now uses TLSv1.3 for mail server connections
Microsoft is still not committing
Re: Disable SSLv3 in hMailServer >5.6.8
Posted: 2019-12-09 04:44
by sprint
I have a client using Entourage 2008 that couldn't connect using the OpenSSL 1.1 builds.
Turns out it needs TLS 1.0/RC4-SHA/128bit. RC4 is disabled by default in OpenSSL 1.1
Rebuilding OpenSSL with enable-weak-ssl-ciphers got things working.