Understanding the SSL/TLS ciphers list

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
mibyge
New user
New user
Posts: 16
Joined: 2016-09-07 20:28

Understanding the SSL/TLS ciphers list

Post by mibyge » 2018-07-16 17:42

Hello.

I was curious to know which SSL/TLS ciphers that are actually being used by my mail server as I had the idea, that I could remove the unused and unsafe ones to tighten security a bit.

To do that, I've made my own PowerShell script that analyzes the hMailServer log files to gather some statistics and compare usage to the ciphers listed in Settings - Advanced - SSL/TLS - SSL/TLS ciphers list.

However, I discovered that several handshakes were completed using ciphers that are NOT listed in the SSL/TLS ciphers list. Examples of this includes "AES128-SHA" where only "AES128" is in the list, and "DHE-RSA-AES256-GCM-SHA384" where only "ECDHE-RSA-AES256-GCM-SHA384" is in the list.

My understanding from reading https://www.hmailserver.com/documentati ... nce_ssltls was that you had to use a cipher from that list in order to successfully complete a handshake with the mail server and that you can add additional ciphers (i.e. OpenSSL) if needed? Or have I misunderstood something?

Thanks in advance.

User avatar
mattg
Moderator
Moderator
Posts: 20632
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Understanding the SSL/TLS ciphers list

Post by mattg » 2018-07-17 00:00

Yep, that's pretty well correct

Can you post your cipher list, and also the original log line (+ and - about 2 lines each side) of one or two that you think are not in your list.

In my testing, some scammers 'test' my mail server to see what ciphers I use, and what TLS level I accept.

ALSO, many spammers use StartTLS TLS encrypted connections to try an send me spam, or to connect to an account via IMAP or POP3. (IMAP and POP3 connections aren't limited by Autoban in hMailserver, only SMTP is limited by Autoban - I'd guess this is fairly common across all mail servers.

I use this to generate a cipher list https://mozilla.github.io/server-side-t ... generator/
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

mibyge
New user
New user
Posts: 16
Joined: 2016-09-07 20:28

Re: Understanding the SSL/TLS ciphers list

Post by mibyge » 2018-07-17 09:43

Here's my current cipher list - it should be the default one as I've never changed it.

Code: Select all

ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;
Examples of a successful handshake with a cipher not in above list:

Code: Select all

"TCPIP"	4792	"2018-07-15 21:19:40.475"	"TCP - 80.82.77.33 connected to myServerIP:995."
"DEBUG"	4792	"2018-07-15 21:19:40.491"	"TCP connection started for session 431"
"DEBUG"	4792	"2018-07-15 21:19:40.506"	"Performing SSL/TLS handshake for session 431. Verify certificate: False"
"TCPIP"	6548	"2018-07-15 21:19:40.741"	"TCPConnection - TLS/SSL handshake completed. Session Id: 431, Remote IP: 80.82.77.33, Version: TLSv1.2, Cipher: DHE-RSA-AES256-GCM-SHA384, Bits: 256"
"DEBUG"	7044	"2018-07-15 21:19:40.850"	"The read operation failed. Bytes transferred: 0 Remote IP: 80.82.77.33, Session: 431, Code: 2, Message: End of file"
"DEBUG"	7044	"2018-07-15 21:19:40.866"	"Ending session 431"

Code: Select all

"TCPIP"	5384	"2018-07-01 06:26:55.737"	"TCP - 101.108.154.49 connected to myServerIP:993."
"DEBUG"	5384	"2018-07-01 06:26:55.753"	"TCP connection started for session 79"
"DEBUG"	5384	"2018-07-01 06:26:55.753"	"Performing SSL/TLS handshake for session 79. Verify certificate: False"
"TCPIP"	2084	"2018-07-01 06:26:56.925"	"TCPConnection - TLS/SSL handshake completed. Session Id: 79, Remote IP: 101.108.154.49, Version: TLSv1, Cipher: AES128-SHA, Bits: 128"
"DEBUG"	1236	"2018-07-01 06:26:57.971"	"The read operation failed. Bytes transferred: 0 Remote IP: 101.108.154.49, Session: 79, Code: 335544539, Message: short read"
"DEBUG"	1236	"2018-07-01 06:26:57.987"	"Ending session 79"
I'm using hMailServer v5.6.7-B2425.

Thanks.

User avatar
mattg
Moderator
Moderator
Posts: 20632
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Understanding the SSL/TLS ciphers list

Post by mattg » 2018-07-18 02:50

So I've just done some tests, and I agree with what you say, and I can't explain it.

Perhaps my knowledge of ciphers isn't good enough, and I don't understand something fundamental about how they work, but my list of acceptable ciphers is

Code: Select all

ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384
DHE-RSA-AES128-GCM-SHA256
DHE-DSS-AES128-GCM-SHA256
kEDH+AESGCM
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA
ECDHE-ECDSA-AES128-SHA
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES256-SHA
DHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA
DHE-DSS-AES128-SHA256
DHE-RSA-AES256-SHA256
DHE-DSS-AES256-SHA
DHE-RSA-AES256-SHA
AES128-GCM-SHA256
AES256-GCM-SHA384
AES128
AES256
!aNULL
!eNULL
!EXPORT
!DES
!3DES
!MD5
!PSK
The list of ciphers used for successful connections so far this month, and count of use is

Code: Select all

 Cipher: AES128-GCM-SHA256			13
 Cipher: AES128-SHA				14
 Cipher: AES256-SHA256				12
 Cipher: DHE-RSA-AES128-GCM-SHA256		846
 Cipher: DHE-RSA-AES128-SHA			69
 Cipher: DHE-RSA-AES256-GCM-SHA384		3
 Cipher: DHE-RSA-AES256-SHA			17
 Cipher: ECDHE-RSA-AES128-GCM-SHA256		2606
 Cipher: ECDHE-RSA-AES128-SHA			60
 Cipher: ECDHE-RSA-AES128-SHA256		33
 Cipher: ECDHE-RSA-AES256-GCM-SHA384		10703
 Cipher: ECDHE-RSA-AES256-SHA			1411
 Cipher: ECDHE-RSA-AES256-SHA384		377
I can only see about half of ciphers used in my allowed list - and that doesn't make sense to me.

I also have 63 occasions of 'no shared cipher' in my logs.
about 2/3 used a single cipher, the ECDHE-RSA-AES256-GCM-SHA384, which is forth on my list.
I only accept TLS v1.0, TLSv1.1 and TLSv1.2

Other interesting stats
TLSv1.0 = 1552 connections (across 5 ciphers, with 1135 connections coming from one client IP address)
TLSv1.1 = 6 connections (all same cipher, each a different IP)
TLSv1.2 = 14606 connections (across 10 ciphers)


Anyone know more about ciphers that can explain this, or should we log it as a bug?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
mattg
Moderator
Moderator
Posts: 20632
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Understanding the SSL/TLS ciphers list

Post by mattg » 2018-07-18 02:57

This is how I tested
You need TCP/IP logging enable in hMailserver

Ignore the barracuda.log, I was using that to test the DNSBL scoring of b.barracudacentral.org (which seems to work fine actually)

Code: Select all

Rem
Rem separates SSL/TLS connections from hmailserver logs
Rem
Rem By Matt  G
Rem

Option Explicit

Dim sYear, iMonth, iDay, sMonth, sDay, sCommand, RelevantDate
Dim s, FSO, OBJfile, OBJoutfile1, OBJoutfile2, OBJoutfile3, OBJoutfile4, OBJoutfile5, OBJoutfile6, OBJoutfile7
Dim FileIn, FileOut1, FileOut2, FileOut3, FileOut4, Fileout5, FileOut6, Fileout7, Filebase

Filebase = "C:\hMailServer\Logs\"                                             'hard coded so no password used - change me
FileOut1 = Filebase + "SSL Connections.log"
FileOut2 = Filebase + "TLSv1 Connections.log"
FileOut3 = Filebase + "TLSv1.1 Connections.log"
FileOut4 = Filebase + "TLSv1.2 Connections.log"
Fileout5 = Filebase + "TLS_SSL Failures.log"
Fileout6 = Filebase + "ciphers.csv"
Fileout7 = Filebase + "barracuda.log"

Call CreateFiles(FileOut1)
Call CreateFiles(FileOut2)
Call CreateFiles(FileOut3)
Call CreateFiles(FileOut4)
Call CreateFiles(Fileout5)
Call CreateFiles(Fileout6)
Call CreateFiles(Fileout7)

Set OBJoutfile1 = FSO.opentextfile(FileOut1,8)
Set OBJoutfile2 = FSO.opentextfile(FileOut2,8)
Set OBJoutfile3 = FSO.opentextfile(FileOut3,8)
Set OBJoutfile4 = FSO.opentextfile(fileOUT4,8)
Set OBJoutfile5 = FSO.opentextfile(fileOUT5,8)
Set OBJoutfile6 = FSO.opentextfile(fileOUT6,8)
Set OBJoutfile7 = FSO.OpenTextFile(Fileout7,8)

Relevantdate = Now()

sYear = Year(RelevantDate)
iMonth = Month(RelevantDate)
iDay = Day(RelevantDate)

if  iMonth < 10 then
	sMonth = "0" + cstr(iMonth)
Else 'iMonth >= 10
	sMonth = cstr(iMonth)
End if

for iDay = 1 to Day(RelevantDate)
	if iDay < 10 then
		sDay = "0" + cstr(iDay)
	Else 'sDay >= 10
		sDay = cstr(iDay)
	End if
	filein = filebase & "hMailserver_" & cstr(sYear) & "-" & sMonth & "-" & sDay & ".log"
	If fso.FileExists(Filein) Then
		set OBJfile = FSO.opentextfile(filein,1,0)
		While Not OBJfile.atendofstream
			s = OBJfile.ReadLine
'			If InStr(s,"No messages to index") > 0 then
			If InStr(s,"TCPConnection - TLS/SSL handshake completed. Session Id: ") > 0 Then
				If InStr(s, "Version: SSL") > 0 Then
					OBJoutfile1.writeline s
				ElseIf InStr(s, "Version: TLSv1, Cipher:") > 0 Then
					OBJoutfile2.writeline s
				ElseIf InStr(s, "Version: TLSv1.1, Cipher:") > 0 then
					OBJoutfile3.writeline s
				Else
					OBJoutfile4.writeline s
				End If
				OBJoutfile6.WriteLine Right(s, Len(s) - InStr(s, " Remote IP: ")-11)	
			ElseIf InStr(s, "TCPConnection - TLS/SSL handshake failed.") > 0 then
				OBJoutfile5.writeline s
				OBJoutfile6.WriteLine Right(s, Len(s) - InStr(s, " Remote IP: ")-11)	
			ElseIf InStr(s, "Certificate verification failed for session ") > 0 then
				OBJoutfile5.writeline s
				OBJoutfile6.WriteLine Right(s, Len(s) - InStr(s, " Remote IP: ")-11)
			ElseIf InStr(s, ".b.barracudacentral.org") >0 Then
				OBJoutfile7.WriteLine s
			End If
		Wend
		OBJfile.Close
		set Objfile = nothing
	End if
Next 'iDay

OBJoutfile1.Close
OBJoutfile2.Close
OBJoutfile3.Close
OBJoutfile4.Close
OBJoutfile5.Close
OBJoutfile6.Close
OBJoutfile7.Close
set OBJoutfile1 = nothing
set OBJoutfile2 = nothing
set OBJoutfile3 = nothing
set OBJoutfile4 = nothing
set OBJoutfile5 = nothing
set OBJoutfile6 = nothing
Set OBJoutfile7 = nothing

Sub CreateFiles(Name)
	Set FSO = CreateObject("Scripting.FileSystemObject")
	If FSO.FileExists(Name) Then
		FSO.DeleteFile(Name)
	End If
	Dim txtFile
	Set txtFile = FSO.CreateTextFile(Name,true)
	txtFile.close
End Sub
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
Dravion
Senior user
Senior user
Posts: 1635
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Understanding the SSL/TLS ciphers list

Post by Dravion » 2018-07-18 03:24

Ciphers are simply Methods how encryption can be done. However, TLS1.0 / TLS 1.1 / TLS 1.2 / TLS 1.3 / TLS .x only supporting specific combinations of cyphers. Security Researchers trying all the time to braek cyphers.As a result its up to the Programmers and Server Admins to allow only the most and best known TLS+Cypher combinations and disable/restrict risky TLS+Cypher Combinations.

However:
The older or less maintained TLS.x.x Client-Program a connecting User is using the less Connectionsecurity can be archived. Its allways a tradeof between TLS + Cypher combinations a server should allow vs. what TLS.x.x + Cyphera older or less carefully maintained connecting Client Software is capable to support.

For example: If you try to connect with Outlook Express 6.0 all Connection and TLS Handshakes will fail because its hopeless outdated and no TLS+Cypher Combination can be negotiated.

Some Websites and Security Researchers listing TLS+Cypher Combinations which can be seen as secure nowdays but this list will costantly change,

User avatar
mattg
Moderator
Moderator
Posts: 20632
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Understanding the SSL/TLS ciphers list

Post by mattg » 2018-07-18 04:09

Yep I know all of the Dravion (and thanks as always for your continued support of this forum)

I was hoping that you could explain why some ciphers are used when they are not on my accepted cipher list.
For instance does having one (lower security) cipher automatically allow similar but higher security ciphers?

Matt
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
Dravion
Senior user
Senior user
Posts: 1635
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Understanding the SSL/TLS ciphers list

Post by Dravion » 2018-07-18 06:37

Hmm, this could happen if the client software can initiate the tls cipher negotiation. The Postfix SMTP-Server for example can be configured to dictate which ciphers and in which descending order must be used and refuse client dominated negotiation attemps. HMailServer and Postfix using both the OpenSSL Encryption Library and there must be a TLS1.x param exist which can be set.I think it should be avaiable for hMailServer to atleast at Compiletime when hMailServer.exe is being built in Visual Studio.

User avatar
mattg
Moderator
Moderator
Posts: 20632
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Understanding the SSL/TLS ciphers list

Post by mattg » 2018-07-18 07:52

I'm all good to force approved ciphers and the order

In Apache I see that I can 'SSLHonorCipherOrder on' to force the order that ciphers will be used.
There are a number of exploits for web sites that allow downgrading of security protocol, and also changes of ciphers.

So you think this could be a bug too?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

mibyge
New user
New user
Posts: 16
Joined: 2016-09-07 20:28

Re: Understanding the SSL/TLS ciphers list

Post by mibyge » 2018-07-19 21:26

Here's my stats from my relatively small mail server. This is just raw data without much formatting, so hope it makes sense :wink:

Overall.PNG
SSL version.PNG
SSL version.PNG (10.97 KiB) Viewed 5400 times
Cipher.PNG

mibyge
New user
New user
Posts: 16
Joined: 2016-09-07 20:28

Re: Understanding the SSL/TLS ciphers list

Post by mibyge » 2018-07-19 21:27

Bits.PNG
Bits.PNG (6.02 KiB) Viewed 5400 times
hms cipher status.PNG

User avatar
mattg
Moderator
Moderator
Posts: 20632
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Understanding the SSL/TLS ciphers list

Post by mattg » 2018-10-27 04:43

Looking at this again with a view to hopefully switch off all but TLS v1.2 very soon (given Office365.com's decision to do that from 1 November 2018)

In the last month, I have had:-
- 1 connection that was TLS 1.1, and this was from a local government educational institution
- about four regular senders that I don't control (>10 emails in the month), that sent using TLS 1.0. Hopefully they will pick up their act with the 1 November Office365 deadline for nothing but TLS 1.2
- many of my clients that needed to update their level of security to TLS 1.2 from TLS 1.0 (hopefully got them all now, but we will see)
- other than my client's machines that I have (hopefully) now fixed, I had about 200 connections via TLS 1.0, and some 18000 that were TLS 1.2 (mostly SPAM I reckon, but harder to quantify that)
- I had stopped accepting SSL 3 quite a while back, and only had 1 known video recording device try to send me emails via SSL3.0 this month (91 times!!)
- I had 175 certificates that terminated in an untrusted root certificate
- I had 51 certificates where the CN name didn't match the passed value (ie the remote server presented fake ID)
- 12651 were 256 bit, 7606 were 128 bit
- a total of 11 ciphers used, including two that I don't have set in hMailserver
- only 1300 connections were using NOT ECDHE-RSA- type ciphers


My cipher list in hmailserver is

Code: Select all

SslCipherList  :

ECDHE-RSA-AES128-GCM-SHA256     - ECDHE-ECDSA-AES128-GCM-SHA256   - ECDHE-RSA-AES256-GCM-SHA384     
ECDHE-ECDSA-AES256-GCM-SHA384   - DHE-RSA-AES128-GCM-SHA256       - DHE-DSS-AES128-GCM-SHA256       
kEDH+AESGCM                     - ECDHE-RSA-AES128-SHA256         - ECDHE-ECDSA-AES128-SHA256       
ECDHE-RSA-AES128-SHA            - ECDHE-ECDSA-AES128-SHA          - ECDHE-RSA-AES256-SHA384         
ECDHE-ECDSA-AES256-SHA384       - ECDHE-RSA-AES256-SHA            - ECDHE-ECDSA-AES256-SHA          
DHE-RSA-AES128-SHA256           - DHE-RSA-AES128-SHA              - DHE-DSS-AES128-SHA256           
DHE-RSA-AES256-SHA256           - DHE-DSS-AES256-SHA              - DHE-RSA-AES256-SHA              
AES128-GCM-SHA256               - AES256-GCM-SHA384               - AES128                          
AES256                          - !aNULL                          - !eNULL                          
!EXPORT                         - !DES                            - !3DES                           
!MD5                            - !PSK;                           
The EXTRA two ciphers used, not in my list are
AES128-SHA
AES256-SHA256

The three connections using AES128-SHA were from 2 IP addresses and were incoming connections
The 55 connections using AES256-SHA256 were from 2 IP addresses and all appear to be outgoing connections
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Post Reply