SSL 3.0 vulnerabilty and TLS 1.2 support

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
zubzazub
New user
New user
Posts: 9
Joined: 2014-10-15 10:53

SSL 3.0 vulnerabilty and TLS 1.2 support

Post by zubzazub » 2014-10-15 10:59

According to last news SSL 3.0 protocol is vulnerable (http://googleonlinesecurity.blogspot.ru ... sl-30.html).
1) Is there any way to allow hmailserver to use only TLS 1.2 protocol (for incoming/outgoing connections)?

2) besides is there any settings to allow hmailserver communicate only with hosts who have valid certificate?

User avatar
mattg
Moderator
Moderator
Posts: 21042
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SSL 3.0 vulnerabilty and TLS 1.2 support

Post by mattg » 2014-10-15 12:23

which hmailserver version are you using?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

zubzazub
New user
New user
Posts: 9
Joined: 2014-10-15 10:53

Re: SSL 3.0 vulnerabilty and TLS 1.2 support

Post by zubzazub » 2014-10-15 12:35

mattg wrote:which hmailserver version are you using?
5-4-2-B1964 but i can upgrade if a new version has this functionality

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: SSL 3.0 vulnerabilty and TLS 1.2 support

Post by martin » 2014-10-15 12:36

As far as I can understand, the exploit they have found requires a man-in-the-middle attack over an insecure connection as well (they use this to insert a javascript). I don't think that there is a known exploit if all the communication is encrypted (if there was I assume they would not have bothered combining that attack with a javascript injection), so I'm not sure there's a known exploit for SMTP/POP3/IMAP over SSL. But we should probably assume its vulnerable.

In hMailServer 5.5.1 you can specify a list of allowed ciphers. If you specify only TLSv1.2 ciphers then it will not be possible to connect using SSLv3. For example, if you specify the cipher "AES256-SHA256" then you can't connect using SSLv3 since AES256-SHA256 is a TLSv1.2 cipher. At least this is my understanding of it, and the tests I've ran locally confirms this. A list of TLSv1.2 ciphers are available here:
https://www.openssl.org/docs/apps/ciphers.html

Note that hMailServer 5.5.1 does not support DHE or ECDH ciphers, so the list of TLSv1.2 ciphers you can pick from is quite limited (AES128-SHA256, AES256-SHA256, AES128-GCM-SHA256 and AES256-GCM-SHA384). You can of course specify TLSv1.0 ciphers as well if you want to allow that.

hMailServer 5.5.1 verifies the correctness of remote certificates.

hMailServer 5.5.2 contains an upgraded version of OpenSSL which prevents an TLS connection from being downgraded to SSLv3.

hMailServer 5.6 (beta later this week hopefully) will have support for DHE/ECDH-chipers, and it will be possible to explicitly specify which SSL/TLS versions should be allowed.
Martin Knafve
martin@hmailserver.com
https://twitter.com/knafve

zubzazub
New user
New user
Posts: 9
Joined: 2014-10-15 10:53

Re: SSL 3.0 vulnerabilty and TLS 1.2 support

Post by zubzazub » 2014-10-15 13:04

great news, thanks for reply

could u help with a second question?
2) is there any settings to allow hmailserver communicate only with hosts who have valid certificate?

User avatar
mattg
Moderator
Moderator
Posts: 21042
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SSL 3.0 vulnerabilty and TLS 1.2 support

Post by mattg » 2014-10-15 13:26

martin wrote:hMailServer 5.5.1 verifies the correctness of remote certificates.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

zubzazub
New user
New user
Posts: 9
Joined: 2014-10-15 10:53

Re: SSL 3.0 vulnerabilty and TLS 1.2 support

Post by zubzazub » 2014-10-15 13:36

mattg wrote:
martin wrote:hMailServer 5.5.1 verifies the correctness of remote certificates.
Sorry and thanks

Is there documentation on the possibilities of adjustment certificate validation?
On the first server i need to carefully validate server certificates of other smtp-servers (while sending message and while recieveing messages) and on the second server i want to trust to any server with "valid" self-signed certificate just to be able to safe that connection is protected on my side

zubzazub
New user
New user
Posts: 9
Joined: 2014-10-15 10:53

Re: SSL 3.0 vulnerabilty and TLS 1.2 support

Post by zubzazub » 2014-10-15 13:59

martin wrote:I'm not sure there's a known exploit for SMTP/POP3/IMAP over SSL.
i'm not enough good in this but as i can understand according to this articles https://www.imperialviolet.org/2014/10/14/poodle.html https://www.openssl.org/~bodo/ssl-poodle.pdf every starttls/ssl connection is vulnerable (?)

User avatar
mattg
Moderator
Moderator
Posts: 21042
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SSL 3.0 vulnerabilty and TLS 1.2 support

Post by mattg » 2014-10-15 14:34

Those articles only talk about HTTPS requests....
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
mattg
Moderator
Moderator
Posts: 21042
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SSL 3.0 vulnerabilty and TLS 1.2 support

Post by mattg » 2014-10-15 14:46

zubzazub wrote:On the first server i need to carefully validate server certificates of other smtp-servers (while sending message and while recieveing messages) and on the second server i want to trust to any server with "valid" self-signed certificate just to be able to safe that connection is protected on my side
I'm not sure that you understand how this stuff works....

If another server connects to your hmailserver 5.5.1 via SMTP (probably on port 25) and you 'require' StartTLS or SSL, then your server will provide the certificate for encryption.

If your hmailserver 5.5.1 connects to another server via SMTP, and they don't require StartTLS or SSL, then the connection will be in the clear (That's most email). If they do require SSL or StartTLS then your hmailserver 5.5.1 will verify the certificate provided by the other server.

If your server connects via POP3 as an external download to another server that requires SSL or StartTLS connections, then your hmailserver 5.5.1 will verify the certificate provided by the other server.

If a mail client connects to your hMailserver 5.5.1 to download mail, and you require StartTLS or SSL, then your server provides the certificate for encryption.

If a mail client connects to your hMailsevrer 5.5.1 to send mail, then you should make them authenticate first, and if you require StartTLS or SSL, then your server provides the certificate for encryption.


And so, the ONLY time that hMailserver verifies the certificate given to them by the other server is where the other server requires SSL or StartTLS for either an external POP3 download, or an SMTP connection.

If you want to secure your messages, then use message level encryption (PGP, SMIME or PKI). This is typically done at the mail client level.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

zubzazub
New user
New user
Posts: 9
Joined: 2014-10-15 10:53

Re: SSL 3.0 vulnerabilty and TLS 1.2 support

Post by zubzazub » 2014-10-15 17:16

Thanks for detailed answer
mattg wrote: If your hmailserver 5.5.1 connects to another server via SMTP, and they don't require StartTLS or SSL, then the connection will be in the clear (That's most email). If they do require SSL or StartTLS then your hmailserver 5.5.1 will verify the certificate provided by the other server.
in this case is there any way to prevent hmail connecting to another server insecure?
- you can't ssl? so i can't send you info

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: SSL 3.0 vulnerabilty and TLS 1.2 support

Post by martin » 2014-10-15 17:32

No, you can't force the deliveries to fail if STARTTLS is not available. That would prevent you from sending email to like 50% of all servers.
Martin Knafve
martin@hmailserver.com
https://twitter.com/knafve

zubzazub
New user
New user
Posts: 9
Joined: 2014-10-15 10:53

Re: SSL 3.0 vulnerabilty and TLS 1.2 support

Post by zubzazub » 2014-10-15 17:35

martin wrote:No, you can't force the deliveries to fail if STARTTLS is not available. That would prevent you from sending email to like 50% of all servers.
yeah i know
sad for me

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: SSL 3.0 vulnerabilty and TLS 1.2 support

Post by martin » 2014-10-15 17:45

An update regarding what I wrote earlier regarding a beta:
  • OpenSSL has released a patch just now which prevents an attacker from downgrading a TLS session to SSLv3. This was a big part of the Poodle issue, because clients will attempt to use the most secure protocol and will only use SSLv3 if that's all they support.
  • I've read in multiple locations that the exploit described today only affects HTTP and not POP3/IMAP. While there may be other exploits for those, that has not been uncovered today. (Just as there are likely exploits for TLSv1.2 as well...)
In other words, the "Poodle" exploit does not appear to have any effect on hMailServer so a patch disabling SSLv3 is not urgently needed as I see it (not more urgently than yesterday at least...). The possibility to disable SSLv3 this will still be included in 5.6 which will be released as beta later this week.

But as mentioned above, OpenSSL released a patch an hour ago fixing 4 different issues, so I will still release a 5.5.2 which includes this new OpenSSL version.
Martin Knafve
martin@hmailserver.com
https://twitter.com/knafve

zubzazub
New user
New user
Posts: 9
Joined: 2014-10-15 10:53

Re: SSL 3.0 vulnerabilty and TLS 1.2 support

Post by zubzazub » 2014-10-15 17:50

great news

zubzazub
New user
New user
Posts: 9
Joined: 2014-10-15 10:53

Re: SSL 3.0 vulnerabilty and TLS 1.2 support

Post by zubzazub » 2014-10-16 18:38

martin wrote:No, you can't force the deliveries to fail if STARTTLS is not available. That would prevent you from sending email to like 50% of all servers.
just for example
http://www.postfix.org/postconf.5.html#smtp_enforce_tls
smtp_enforce_tls (default: no)
Enforcement mode: require that remote SMTP servers use TLS encryption, and never send mail in the clear. This also requires that the remote SMTP server hostname matches the information in the remote server certificate, and that the remote SMTP server certificate was issued by a CA that is trusted by the Postfix SMTP client. If the certificate doesn't verify or the hostname doesn't match, delivery is deferred and mail stays in the queue.

The server hostname is matched against all names provided as dNSNames in the SubjectAlternativeName. If no dNSNames are specified, the CommonName is checked. The behavior may be changed with the smtp_tls_enforce_peername option.

This option is useful only if you are definitely sure that you will only connect to servers that support RFC 2487 _and_ that provide valid server certificates. Typical use is for clients that send all their email to a dedicated mailhub.

This feature is available in Postfix 2.2 and later. With Postfix 2.3 and later use smtp_tls_security_level instead.

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: SSL 3.0 vulnerabilty and TLS 1.2 support

Post by martin » 2014-10-16 19:56

What I meant was that you can't force hMailServer to behave that way. There's no setting for it, and the use seems very limited so there's no plans to add it right now.
Martin Knafve
martin@hmailserver.com
https://twitter.com/knafve

User avatar
mattg
Moderator
Moderator
Posts: 21042
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SSL 3.0 vulnerabilty and TLS 1.2 support

Post by mattg » 2014-10-17 00:10

zubzazub wrote:This option is useful only if you are definitely sure that you will only connect to servers that support RFC 2487 _and_ that provide valid server certificates. Typical use is for clients that send all their email to a dedicated mailhub.
Not useful in real situations then.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Noego
New user
New user
Posts: 13
Joined: 2010-11-08 21:15

Re: SSL 3.0 vulnerabilty and TLS 1.2 support

Post by Noego » 2014-10-17 16:06

Hi,

today I updated hmailserver to version 5.5.2-B2129 and stuck in some problems to get messages with the external accounts (POP3).

The log told me this:

Code: Select all

"DEBUG" 5324 "2014-10-17 15:02:12.298" "Adding task ExternalFetchTask to work queue External fetch queue"
"DEBUG" 5028 "2014-10-17 15:02:12.298" "Executing task ExternalFetchTask in work queue External fetch queue"
"DEBUG" 5028 "2014-10-17 15:02:12.298" "Retrieving messages from external account name.surname@domain.de"
"DEBUG" 5028 "2014-10-17 15:02:12.298" "Creating session 22"
"DEBUG" 5612 "2014-10-17 15:02:12.391" "TCP connection started for session 22"
"DEBUG" 5612 "2014-10-17 15:02:12.391" "Performing SSL/TLS handshake for session 22. Verify certificate: True, Expected remote host name: mail.domain.de"
"DEBUG" 5004 "2014-10-17 15:02:12.516" "Certificate verification failed for session 22. Expected host: mail.domain.de, Windows error code: -2146762481, Windows error message: Der CN-Name des Zertifikats stimmt nicht mit dem übergebenen Wert überein."
"DEBUG" 5004 "2014-10-17 15:02:12.516" "Ending session 22"
"DEBUG" 5028 "2014-10-17 15:02:12.516" "Completed retrieval of messages from external account."

It seems that this disturbs the download:
If your server connects via POP3 as an external download to another server that requires SSL or StartTLS connections, then your hmailserver 5.5.1 will verify the certificate provided by the other server.

How can I adjust hmailserver (5.5.2-B2129) to skip the verify process?

Or is my webprovider able to fix this? I know they use just self-signed SSL certs not the required one (mail.domain.de)


Need help urgent...thanks

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: SSL 3.0 vulnerabilty and TLS 1.2 support

Post by martin » 2014-10-17 16:36

Place the following in a file called something like DisableCertificateVerification.vbs. Double click the file and enter your hMailServer administrator password. This will disable the certificate verification.

Code: Select all

Option Explicit

Dim oApp
Set oApp = CreateObject("hMailServer.Application")

Dim sAdminPwd
sAdminPwd = InputBox("Enter your main hMailServer administrator password.", "hMailServer")
Call oApp.Authenticate ("Administrator", sAdminPwd)

oApp.Settings.VerifyRemoteSslCertificate = False

MsgBox "Certificate verification disabled"
In version 5.6, there will be a UI option to do this. An alternative is to add the certificate to the Windows certificate store (to the store with trusted certificate authorities).
Martin Knafve
martin@hmailserver.com
https://twitter.com/knafve

Noego
New user
New user
Posts: 13
Joined: 2010-11-08 21:15

Re: SSL 3.0 vulnerabilty and TLS 1.2 support

Post by Noego » 2014-10-17 17:11

Oh that was fast...thank you very much martin.
I´ll try this script.

Yet I ended switching all external accounts to connection security to "None"...now I´ve to rewind.

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: SSL 3.0 vulnerabilty and TLS 1.2 support

Post by martin » 2014-10-17 18:30

Just to add to this: The 5.6 beta is now available for download (not for production usage yet though).

In this version, you can go to Settings -> SSL/TLS and de-select "Verify remote server SSL/TLS certificates".

You can also de-select SSLv3 completely in this version (setting in same location as above).
Martin Knafve
martin@hmailserver.com
https://twitter.com/knafve

AndreyRa
New user
New user
Posts: 1
Joined: 2014-11-01 22:45

Re: SSL 3.0 vulnerabilty and TLS 1.2 support

Post by AndreyRa » 2014-11-01 22:59

Place the following in a file called something like DisableCertificateVerification.vbs. Double click the file and enter your hMailServer administrator password. This will disable the certificate verification.
This helped for me too, thank you!

Just for history, here is my logs (5.5.2-B2129):
"DEBUG" 3872 "2014-11-01 22:45:56.731" "TCP connection started for session 60"
"DEBUG" 3872 "2014-11-01 22:45:56.731" "Performing SSL/TLS handshake for session 60. Verify certificate: True, Expected remote host name: npop7.masterhost.ru"
"DEBUG" 3468 "2014-11-01 22:45:56.794" "Certificate verification failed for session 60. Expected host: npop7.masterhost.ru, Windows error code: -2146885614, Windows error message: "DEBUG" 3468 "2014-11-01 22:45:56.794" "Ending session 60"

-2146885614 - is the something about CRL that is absent in the certificate.

Noego
New user
New user
Posts: 13
Joined: 2010-11-08 21:15

Re: SSL 3.0 vulnerabilty and TLS 1.2 support

Post by Noego » 2014-11-21 19:57

I upgraded now to newest version (hMailServer 5.6 - Build 2145) with the new features (SSL/TLS).
But if I disable "SSL v3.0" I can´t get my e-mail via my android phone. In the e-mail app I switched to "TLS (accept all certificates)" but the connection will not established. Logs Show that verification not working:


"DEBUG" 5508 "2014-11-21 18:06:48.995" "TCP connection started for session 121"
"DEBUG" 5508 "2014-11-21 18:06:48.995" "Performing SSL/TLS handshake for session 121. Verify certificate: False"
"DEBUG" 3644 "2014-11-21 18:06:49.464" "Ending session 121"
"DEBUG" 7116 "2014-11-21 18:06:50.136" "Creating session 125"
"DEBUG" 7116 "2014-11-21 18:06:50.136" "TCP connection started for session 124"
"DEBUG" 7116 "2014-11-21 18:06:50.136" "Performing SSL/TLS handshake for session 124. Verify certificate: False"
"DEBUG" 7116 "2014-11-21 18:06:53.745" "Creating session 126"
"DEBUG" 7116 "2014-11-21 18:06:53.745" "TCP connection started for session 125"
"DEBUG" 7116 "2014-11-21 18:06:53.745" "Performing SSL/TLS handshake for session 125. Verify certificate: False"



"TCPIP" 3644 "2014-11-21 18:06:49.901" "TCPConnection - TLS/SSL handshake failed. Session Id: 117, Remote IP: NN.NN.NN.NNN, Error code: 335544539, Message: short read"


What means Error code 335544539?
How can I fix this Problem? I want to disable SSL v3.0 fast as possible.

Thanks in advance.

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: SSL 3.0 vulnerabilty and TLS 1.2 support

Post by percepts » 2014-11-21 20:56

my android (galaxy ace 3 so recent) works but with TLS 1.0 by the look of it. If I disable that it doesn't work.
Using TLS any certificate.

Post Reply