Page 1 of 1

Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-02 14:48
by martin
To support TLS 1.3, hMailServer needs to be updated to use latest OpenSSL-version.

The latest OpenSSL-version does not come with SSL 3-support. It's possible to compile OpenSSL with SSL3 support, but haven't gotten this to work.

To solve this I'm leaning towards simply removing the SSL 3-support from hMailServer. The options will simply be removed from the UI and the API methods removed. SSL3 has been considered broken for decades, so supporting it may only be confusing to end-users.

Any objections to this?

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-02 15:05
by palinka
You will not find objections from actual users of hMailServer. Guaranteed.

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-02 15:20
by martin
Yes, I agree that it seems unlikely. Still wanted to post to see if someone says anything else than what I think. :)

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-02 15:27
by jimimaseye
No objections from me.

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-02 19:00
by RvdH
My hMailserver instance only accepts TLS 1.2 connections, so no objections here

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-02 20:06
by katip
never ever enabled SSL v3.0 option.
dropping it is absolutely ok for me.

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-03 02:14
by mattg
Even Microsoft have disabled SSLv3.0 on all modern operating systems
It provides no security at all - as it so easily broken

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-03 18:32
by RvdH
Do we need a updated ciphers list for this within hmailserver as well?
https://www.openssl.org/docs/man1.1.1/man1/ciphers.html

How is the ciphers list within hmailserver exactly build?

i mean for:
- SSL 3.0
+ TLS 1.3

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-03 21:22
by martin
The cipher list you enter in the user interface is given as-is to OpenSSL using an OpenSSL API (https://www.openssl.org/docs/man1.0.2/m ... _list.html). OpenSSL parses it and decide what ciphers match. I'm honestly not 100% sure about the syntax for the cipher string itself. The one in hMailServer comes from Mozillas recommendations if I recall correctly.

The cipher list is separate from the TLS versions. By default, OpenSSL enables support for TLS1.0 - 1.3. hMailServer explicitly disables any TLS-version which the user has de-selected in the UI

I just installed the latest build and enabled TLS 1.3. I then verified that I was able to connect to the server using the OpenSSL client and that TLS 1.3 was selected. The cipher was TLS_AES_256_GCM_SHA384. If you go to https://wiki.mozilla.org/Security/Server_Side_TLS and read about their recommendations they say "For services with clients that support TLS 1.3 and don't need backward compatibility, the Modern configuration provides an extremely high level of security." and then mention this cipher.

(I realize that this is a vague reply to your question but that's what I know about this so far)

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-03 22:05
by RvdH
So when we take the original ciphers list, eg;

Code: Select all

ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;


The ones prefixed with '!' are explicitly disabled? Or are all in above list explicitly disabled?

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-04 00:01
by mattg
martin wrote:
2019-08-03 21:22
The one in hMailServer comes from Mozillas recommendations if I recall correctly.
Not a recent one I don't think
That list changes fairly frequently

I have updated mine a few times over the years

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-04 09:02
by RvdH
mattg wrote:
2019-08-04 00:01
I have updated mine a few times over the years
:?:
What is the point if it uses internal API ciphers list?
If i understand correctly this is only to explicitly disable some ciphers.... Docs are not very clear on this matter either

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-04 11:06
by martin
I was probably a bit unclear.

Forget the API part. The important part is:

The cipher list you specify in the UI is the cipher list used. There's no other internal cipher list which will be used.

The format of the cipher list is described under the section "CIPHER STRINGS" here:
https://www.openssl.org/docs/man1.1.0/man1/ciphers.html

The short version is that the cipher string is a semicolon-separated string containing rules on what ciphers to enable.

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-04 11:23
by RvdH
Do we have to list all allowed ciphers there? Or can this be shortened like:

Code: Select all

HIGH:MEDIUM:!SHA1:!SHA256:!SHA384:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;
openssl ciphers -v HIGH:MEDIUM:!SHA1:!SHA256:!SHA384:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK

Code: Select all

TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM8(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(256) Mac=AEAD
DHE-RSA-AES256-CCM8     TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM8(256) Mac=AEAD
DHE-RSA-AES256-CCM      TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM(256) Mac=AEAD
ECDHE-ECDSA-ARIA256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=ARIAGCM(256) Mac=AEAD
ECDHE-ARIA256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=ARIAGCM(256) Mac=AEAD
DHE-DSS-ARIA256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=ARIAGCM(256) Mac=AEAD
DHE-RSA-ARIA256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=ARIAGCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM8(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(128) Mac=AEAD
DHE-RSA-AES128-CCM8     TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM8(128) Mac=AEAD
DHE-RSA-AES128-CCM      TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-ARIA128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=ARIAGCM(128) Mac=AEAD
ECDHE-ARIA128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=ARIAGCM(128) Mac=AEAD
DHE-DSS-ARIA128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=ARIAGCM(128) Mac=AEAD
DHE-RSA-ARIA128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=ARIAGCM(128) Mac=AEAD
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
AES256-CCM8             TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM8(256) Mac=AEAD
AES256-CCM              TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM(256) Mac=AEAD
ARIA256-GCM-SHA384      TLSv1.2 Kx=RSA      Au=RSA  Enc=ARIAGCM(256) Mac=AEAD
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
AES128-CCM8             TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM8(128) Mac=AEAD
AES128-CCM              TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM(128) Mac=AEAD
ARIA128-GCM-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=ARIAGCM(128) Mac=AEAD
In above example only High and Medium security TLS 1.2 and 1.3 are allowed protocols


Another example to enable all high security TLS 1.2 and 1.3 ciphers, could be:

openssl ciphers -v HIGH:!TLSv1:!SSLv3;

Code: Select all

TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM8(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(256) Mac=AEAD
DHE-RSA-AES256-CCM8     TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM8(256) Mac=AEAD
DHE-RSA-AES256-CCM      TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM(256) Mac=AEAD
ECDHE-ECDSA-ARIA256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=ARIAGCM(256) Mac=AEAD
ECDHE-ARIA256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=ARIAGCM(256) Mac=AEAD
DHE-DSS-ARIA256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=ARIAGCM(256) Mac=AEAD
DHE-RSA-ARIA256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=ARIAGCM(256) Mac=AEAD
ADH-AES256-GCM-SHA384   TLSv1.2 Kx=DH       Au=None Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM8(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(128) Mac=AEAD
DHE-RSA-AES128-CCM8     TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM8(128) Mac=AEAD
DHE-RSA-AES128-CCM      TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-ARIA128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=ARIAGCM(128) Mac=AEAD
ECDHE-ARIA128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=ARIAGCM(128) Mac=AEAD
DHE-DSS-ARIA128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=ARIAGCM(128) Mac=AEAD
DHE-RSA-ARIA128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=ARIAGCM(128) Mac=AEAD
ADH-AES128-GCM-SHA256   TLSv1.2 Kx=DH       Au=None Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-DSS-AES256-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA256
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(256) Mac=SHA384
DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA256
DHE-DSS-CAMELLIA256-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=Camellia(256) Mac=SHA256
ADH-AES256-SHA256       TLSv1.2 Kx=DH       Au=None Enc=AES(256)  Mac=SHA256
ADH-CAMELLIA256-SHA256  TLSv1.2 Kx=DH       Au=None Enc=Camellia(256) Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-DSS-AES128-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(128) Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(128) Mac=SHA256
DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA256
DHE-DSS-CAMELLIA128-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=Camellia(128) Mac=SHA256
ADH-AES128-SHA256       TLSv1.2 Kx=DH       Au=None Enc=AES(128)  Mac=SHA256
ADH-CAMELLIA128-SHA256  TLSv1.2 Kx=DH       Au=None Enc=Camellia(128) Mac=SHA256
RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESGCM(256) Mac=AEAD
RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-PSK-AES256-CCM8     TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESCCM8(256) Mac=AEAD
DHE-PSK-AES256-CCM      TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESCCM(256) Mac=AEAD
RSA-PSK-ARIA256-GCM-SHA384 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=ARIAGCM(256) Mac=AEAD
DHE-PSK-ARIA256-GCM-SHA384 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=ARIAGCM(256) Mac=AEAD
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
AES256-CCM8             TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM8(256) Mac=AEAD
AES256-CCM              TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM(256) Mac=AEAD
ARIA256-GCM-SHA384      TLSv1.2 Kx=RSA      Au=RSA  Enc=ARIAGCM(256) Mac=AEAD
PSK-AES256-GCM-SHA384   TLSv1.2 Kx=PSK      Au=PSK  Enc=AESGCM(256) Mac=AEAD
PSK-CHACHA20-POLY1305   TLSv1.2 Kx=PSK      Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
PSK-AES256-CCM8         TLSv1.2 Kx=PSK      Au=PSK  Enc=AESCCM8(256) Mac=AEAD
PSK-AES256-CCM          TLSv1.2 Kx=PSK      Au=PSK  Enc=AESCCM(256) Mac=AEAD
PSK-ARIA256-GCM-SHA384  TLSv1.2 Kx=PSK      Au=PSK  Enc=ARIAGCM(256) Mac=AEAD
RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESGCM(128) Mac=AEAD
DHE-PSK-AES128-CCM8     TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESCCM8(128) Mac=AEAD
DHE-PSK-AES128-CCM      TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESCCM(128) Mac=AEAD
RSA-PSK-ARIA128-GCM-SHA256 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=ARIAGCM(128) Mac=AEAD
DHE-PSK-ARIA128-GCM-SHA256 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=ARIAGCM(128) Mac=AEAD
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
AES128-CCM8             TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM8(128) Mac=AEAD
AES128-CCM              TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM(128) Mac=AEAD
ARIA128-GCM-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=ARIAGCM(128) Mac=AEAD
PSK-AES128-GCM-SHA256   TLSv1.2 Kx=PSK      Au=PSK  Enc=AESGCM(128) Mac=AEAD
PSK-AES128-CCM8         TLSv1.2 Kx=PSK      Au=PSK  Enc=AESCCM8(128) Mac=AEAD
PSK-AES128-CCM          TLSv1.2 Kx=PSK      Au=PSK  Enc=AESCCM(128) Mac=AEAD
PSK-ARIA128-GCM-SHA256  TLSv1.2 Kx=PSK      Au=PSK  Enc=ARIAGCM(128) Mac=AEAD
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
CAMELLIA256-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA256
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
CAMELLIA128-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA256

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-04 11:51
by martin
It can be shortened.

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-04 11:53
by RvdH
cool 8)

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-04 12:20
by martin
Have you tried to use the new build already? I'm running it on my server now and was thinking I'll run it for a few days before I put it up on the download section. But I've verified that the communication with external services (such as gmail) is now done using TLS 1.3.

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-04 12:24
by RvdH
Yup, i am running 5.6.8-B2450.21 (*.21 are a few fixes and changes i made myself)

my ISP (external download of POP3 messages) doesn't seem to support TLS 1.3 (yet)
Still have to try with gmail, hotmail...


EDIT:

hotmail fails to make a valid TLS handshake using:

Code: Select all

HIGH:MEDIUM:!SHA1:!SHA256:!SHA384:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;
but works with:

Code: Select all

HIGH:!TLSv1:!SSLv3;
gmail uses TLS cipher 1.3 as you mentioned

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-04 14:04
by mattg
RvdH wrote:
2019-08-04 12:24
Yup, i am running 5.6.8-B2450.21 (*.21 are a few fixes and changes i made myself)
Me too now.
RvdH wrote:
2019-08-04 12:24
but works with:

Code: Select all

HIGH:!TLSv1:!SSLv3;
gmail uses TLS cipher 1.3 as you mentioned
Doing this now too thanks - we will see how it goes.

Gmail is TLSv1.3 both directions

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-04 14:06
by RvdH
mattg wrote:
2019-08-04 14:04
RvdH wrote:
2019-08-04 12:24
Yup, i am running 5.6.8-B2450.21 (*.21 are a few fixes and changes i made myself)
Me too now.
RvdH wrote:
2019-08-04 12:24
but works with:

Code: Select all

HIGH:!TLSv1:!SSLv3;
gmail uses TLS cipher 1.3 as you mentioned
Doing this now too thanks - we see how it goes.
NOTE: This only is suitable if you only allow TLS 1.2 + 1.3
i know mattg does, but for others, if you need lower TLS version this cipher string is not suitable for you

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-04 15:21
by martin
If you're using "STARTTLS (Optional)", I'm not sure tweaking this has so much value since doing a downgrade-MITM-attack would be trivial in those cases anyway. If you have configured hMailServer to enforce TLS then it makes more sense.

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-04 16:50
by mattg
I only have StartTLS Optional for port 25

I get so many unencrypted connections on port 25, don't see how I could force StartTLS on port 25.
However, I also don't allow AUTH on port 25 (using the ini setting), so there are no usernames / passwords accessible

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-04 17:34
by mattg
Don't know why, but I had to turn off 'verify remote server SSL/TLS certificates' for gmail pop3 external download to work

viewtopic.php?f=21&t=32158&p=200990&hil ... og#p200990
I checked that installed all of these.

Stopped working (with verify checked) when I upgraded to RvdH's 5.6.8-B2450.21 build

It is downloading via TLSv1.3

Edit:- just found this https://ssl-tools.net/mailservers/pop.gmail.com

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-04 19:11
by martin
Nice find. I'm seeing that as well. Only happens for TLS 1.3 - if I disable TLS 1.3 it works fine.

Will debug and see what's causing it.

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-04 19:18
by martin
Found the issue, it's related to SNI. I'll see if I can fix it.

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-04 20:14
by martin
I've pushed a fix (still testing it though)

In TLS 1.3, SNI is required and I hadn't implemented that in hMailServer. If hMailServer connects to pop.gmail.com:995 without including SNI, then pop.gmail.com will complete the TLS-handshake but return an incorrect SSL-certificate. This incorrect SSL-certificate has a Subject/Issuer/etc all containing something like "client did not send SNI; fix your client", so it's basically Google's way of finding bugs in clients, which appears to have worked this time. :)

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-05 08:10
by Dravion
How did you solve certain build Errors

#For OpenSSL_1.1.x

Error C3861: 'EVP_MD_CTX_cleanup': identifier not found \hmailserver\hmailserver\source\Server\Common\AntiSpam\DKIM\DKIM.cpp 227

#BOOST 1.70.0
Error 24 error C2039: 'get_io_service' : is not a member of 'boost::asio::basic_socket_acceptor<boost::asio::ip::tcp,boost::asio::executor>' .\hmailserver\hmailserver\source\Server\Common\TCPIP\TCPServer.cpp 137 1 hMailServer

The BOOST 1.70.0 hMailServer build errors doesn't go away if you for example fall back to openssl-1.0.2s
but BOOST 1.63.0 and openssl-1.0.2s works ok.

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-05 11:16
by martin
Are you trying to use the master branch or 5.7-branch with the new OpenSSL/Boost? I have not merged the fixes to the master branch/5.7-branch yet - I will do that later this week. You can check the 5.6.8 branch to see what changes I had to do. The short version is that a few of the OpenSSL/Boost API:s hMailServer was using has been removed (like 2-3 of them) so I had to make a few small changes to no longer use them.

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-05 11:17
by mattg
The ONLY servers that I am connecting with via TLSv1.3 is the gmail servers, for incoming, outgoing and external pop3 download.

All others are still TLSv1.2 (or nude)

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-05 11:21
by martin
mattg wrote:
2019-08-05 11:17
The ONLY servers that I am connecting with via TLSv1.3 is the gmail servers, for incoming, outgoing and external pop3 download. All others are still TLSv1.2 (or nude)
Not sure if you're saying that there's a problem or just sharing what you're seeing? Roughly ~15% of web sites supports TLS1.3, and I would guess that the same number for email is ~5% or so.

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-05 12:08
by Dravion
martin wrote:
2019-08-05 11:16
The short version is that a few of the OpenSSL/Boost API:s hMailServer was using has been removed (like 2-3 of them) so I had to make a few small changes to no longer use them.
Ok, i am curious to find out how it works now :)

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-05 12:44
by mattg
martin wrote:
2019-08-05 11:21
mattg wrote:
2019-08-05 11:17
The ONLY servers that I am connecting with via TLSv1.3 is the gmail servers, for incoming, outgoing and external pop3 download. All others are still TLSv1.2 (or nude)
Not sure if you're saying that there's a problem or just sharing what you're seeing?
Just sharing what I'm seeing

No problem at all (other than the aforementioned External POP3 'verify' issue that you say you have fixed...) - thanks for implementing TLSv1.3

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-05 12:47
by martin
Alright, cool :)

The latest 'official' beta-build on the download page resolves the "verify"-issue. But I understand you're using a fork.

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-05 12:57
by mattg
Yep, But just checked an RvhD has updated the fork, so I've just installed it and tested.

Verify certs is turned on, and gmail external POP3 download works fine-

Thanks to you both

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-07 09:39
by mattg
RvdH wrote:
2019-08-04 14:06
mattg wrote:
2019-08-04 14:04
RvdH wrote:
2019-08-04 12:24
Yup, i am running 5.6.8-B2450.21 (*.21 are a few fixes and changes i made myself)
Me too now.
RvdH wrote:
2019-08-04 12:24
but works with:

Code: Select all

HIGH:!TLSv1:!SSLv3;
gmail uses TLS cipher 1.3 as you mentioned
Doing this now too thanks - we see how it goes.
NOTE: This only is suitable if you only allow TLS 1.2 + 1.3
i know mattg does, but for others, if you need lower TLS version this cipher string is not suitable for you
My QNAPNas now won't negotiate a secure connection
Last month (before I updated and changed my cipher) the cipher used by my QNAP for notifications was

"TCPIP" 141948 "2019-07-26 13:42:22.826" "TCPConnection - TLS/SSL handshake completed. Session Id: 664, Remote IP: 192.168.0.250, Version: TLSv1.2, Cipher: DHE-RSA-AES256-SHA, Bits: 256"

Not that big a deal - just though that I'd mention it

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-14 03:54
by mattg
Just remembered too that I have one (ex) client with DVR attached to some IP cameras that will only use SSLv3.0 to connect to mail servers to email footage, or snapshots

Doesn't change my view. SSL3.0 should remain removed from hMailserver

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-21 21:50
by janvdweyer
martin wrote:
2019-08-04 11:06
I was probably a bit unclear.

Forget the API part. The important part is:

The cipher list you specify in the UI is the cipher list used. There's no other internal cipher list which will be used.

The format of the cipher list is described under the section "CIPHER STRINGS" here:
https://www.openssl.org/docs/man1.1.0/man1/ciphers.html

The short version is that the cipher string is a semicolon-separated string containing rules on what ciphers to enable.
Here is a tool I use: https://www.nartac.com/Products/IISCrypto/

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-08-21 22:25
by Dravion
janvdweyer wrote:
2019-08-21 21:50
Here is a tool I use: https://www.nartac.com/Products/IISCrypto/
Thats for Windows SChannel Cyphers.

hMailServer uses OpenSSL and not MS-SChannel for SSL/TLS.

Re: Disable SSLv3 in hMailServer >5.6.8

Posted: 2019-10-24 01:54
by mattg
Just noticed that the latest iOS mail app now uses TLSv1.3 for mail server connections

Microsoft is still not committing