Disable SSLv3 in hMailServer >5.6.8
Disable SSLv3 in hMailServer >5.6.8
To support TLS 1.3, hMailServer needs to be updated to use latest OpenSSL-version.
The latest OpenSSL-version does not come with SSL 3-support. It's possible to compile OpenSSL with SSL3 support, but haven't gotten this to work.
To solve this I'm leaning towards simply removing the SSL 3-support from hMailServer. The options will simply be removed from the UI and the API methods removed. SSL3 has been considered broken for decades, so supporting it may only be confusing to end-users.
Any objections to this?
The latest OpenSSL-version does not come with SSL 3-support. It's possible to compile OpenSSL with SSL3 support, but haven't gotten this to work.
To solve this I'm leaning towards simply removing the SSL 3-support from hMailServer. The options will simply be removed from the UI and the API methods removed. SSL3 has been considered broken for decades, so supporting it may only be confusing to end-users.
Any objections to this?
Martin Knafve
Re: Disable SSLv3 in hMailServer >5.6.8
You will not find objections from actual users of hMailServer. Guaranteed.
Re: Disable SSLv3 in hMailServer >5.6.8
Yes, I agree that it seems unlikely. Still wanted to post to see if someone says anything else than what I think.
Martin Knafve
- jimimaseye
- Moderator
- Posts: 10060
- Joined: 2011-09-08 17:48
Re: Disable SSLv3 in hMailServer >5.6.8
No objections from me.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
Re: Disable SSLv3 in hMailServer >5.6.8
My hMailserver instance only accepts TLS 1.2 connections, so no objections here
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
Re: Disable SSLv3 in hMailServer >5.6.8
never ever enabled SSL v3.0 option.
dropping it is absolutely ok for me.
dropping it is absolutely ok for me.
Katip
--
HMS 5.7, MariaDB 10.4.10, SA 4.0.0, ClamAV 0.103.8
--
HMS 5.7, MariaDB 10.4.10, SA 4.0.0, ClamAV 0.103.8
Re: Disable SSLv3 in hMailServer >5.6.8
Even Microsoft have disabled SSLv3.0 on all modern operating systems
It provides no security at all - as it so easily broken
It provides no security at all - as it so easily broken
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Disable SSLv3 in hMailServer >5.6.8
Do we need a updated ciphers list for this within hmailserver as well?
https://www.openssl.org/docs/man1.1.1/man1/ciphers.html
How is the ciphers list within hmailserver exactly build?
i mean for:
- SSL 3.0
+ TLS 1.3
https://www.openssl.org/docs/man1.1.1/man1/ciphers.html
How is the ciphers list within hmailserver exactly build?
i mean for:
- SSL 3.0
+ TLS 1.3
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
Re: Disable SSLv3 in hMailServer >5.6.8
The cipher list you enter in the user interface is given as-is to OpenSSL using an OpenSSL API (https://www.openssl.org/docs/man1.0.2/m ... _list.html). OpenSSL parses it and decide what ciphers match. I'm honestly not 100% sure about the syntax for the cipher string itself. The one in hMailServer comes from Mozillas recommendations if I recall correctly.
The cipher list is separate from the TLS versions. By default, OpenSSL enables support for TLS1.0 - 1.3. hMailServer explicitly disables any TLS-version which the user has de-selected in the UI
I just installed the latest build and enabled TLS 1.3. I then verified that I was able to connect to the server using the OpenSSL client and that TLS 1.3 was selected. The cipher was TLS_AES_256_GCM_SHA384. If you go to https://wiki.mozilla.org/Security/Server_Side_TLS and read about their recommendations they say "For services with clients that support TLS 1.3 and don't need backward compatibility, the Modern configuration provides an extremely high level of security." and then mention this cipher.
(I realize that this is a vague reply to your question but that's what I know about this so far)
The cipher list is separate from the TLS versions. By default, OpenSSL enables support for TLS1.0 - 1.3. hMailServer explicitly disables any TLS-version which the user has de-selected in the UI
I just installed the latest build and enabled TLS 1.3. I then verified that I was able to connect to the server using the OpenSSL client and that TLS 1.3 was selected. The cipher was TLS_AES_256_GCM_SHA384. If you go to https://wiki.mozilla.org/Security/Server_Side_TLS and read about their recommendations they say "For services with clients that support TLS 1.3 and don't need backward compatibility, the Modern configuration provides an extremely high level of security." and then mention this cipher.
(I realize that this is a vague reply to your question but that's what I know about this so far)
Martin Knafve
Re: Disable SSLv3 in hMailServer >5.6.8
So when we take the original ciphers list, eg;
The ones prefixed with '!' are explicitly disabled? Or are all in above list explicitly disabled?
Code: Select all
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;
The ones prefixed with '!' are explicitly disabled? Or are all in above list explicitly disabled?
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
Re: Disable SSLv3 in hMailServer >5.6.8
Not a recent one I don't think
That list changes fairly frequently
I have updated mine a few times over the years
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Disable SSLv3 in hMailServer >5.6.8
What is the point if it uses internal API ciphers list?
If i understand correctly this is only to explicitly disable some ciphers.... Docs are not very clear on this matter either
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
Re: Disable SSLv3 in hMailServer >5.6.8
I was probably a bit unclear.
Forget the API part. The important part is:
The cipher list you specify in the UI is the cipher list used. There's no other internal cipher list which will be used.
The format of the cipher list is described under the section "CIPHER STRINGS" here:
https://www.openssl.org/docs/man1.1.0/man1/ciphers.html
The short version is that the cipher string is a semicolon-separated string containing rules on what ciphers to enable.
Forget the API part. The important part is:
The cipher list you specify in the UI is the cipher list used. There's no other internal cipher list which will be used.
The format of the cipher list is described under the section "CIPHER STRINGS" here:
https://www.openssl.org/docs/man1.1.0/man1/ciphers.html
The short version is that the cipher string is a semicolon-separated string containing rules on what ciphers to enable.
Martin Knafve
Re: Disable SSLv3 in hMailServer >5.6.8
Do we have to list all allowed ciphers there? Or can this be shortened like:
openssl ciphers -v HIGH:MEDIUM:!SHA1:!SHA256:!SHA384:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
In above example only High and Medium security TLS 1.2 and 1.3 are allowed protocols
Another example to enable all high security TLS 1.2 and 1.3 ciphers, could be:
openssl ciphers -v HIGH:!TLSv1:!SSLv3;
Code: Select all
HIGH:MEDIUM:!SHA1:!SHA256:!SHA384:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;
Code: Select all
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(256) Mac=AEAD
DHE-RSA-AES256-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(256) Mac=AEAD
DHE-RSA-AES256-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(256) Mac=AEAD
ECDHE-ECDSA-ARIA256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ARIAGCM(256) Mac=AEAD
ECDHE-ARIA256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=ARIAGCM(256) Mac=AEAD
DHE-DSS-ARIA256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=ARIAGCM(256) Mac=AEAD
DHE-RSA-ARIA256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=ARIAGCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(128) Mac=AEAD
DHE-RSA-AES128-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(128) Mac=AEAD
DHE-RSA-AES128-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-ARIA128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ARIAGCM(128) Mac=AEAD
ECDHE-ARIA128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=ARIAGCM(128) Mac=AEAD
DHE-DSS-ARIA128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=ARIAGCM(128) Mac=AEAD
DHE-RSA-ARIA128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=ARIAGCM(128) Mac=AEAD
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
AES256-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(256) Mac=AEAD
AES256-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(256) Mac=AEAD
ARIA256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=ARIAGCM(256) Mac=AEAD
AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
AES128-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(128) Mac=AEAD
AES128-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(128) Mac=AEAD
ARIA128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=ARIAGCM(128) Mac=AEAD
Another example to enable all high security TLS 1.2 and 1.3 ciphers, could be:
openssl ciphers -v HIGH:!TLSv1:!SSLv3;
Code: Select all
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(256) Mac=AEAD
DHE-RSA-AES256-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(256) Mac=AEAD
DHE-RSA-AES256-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(256) Mac=AEAD
ECDHE-ECDSA-ARIA256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ARIAGCM(256) Mac=AEAD
ECDHE-ARIA256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=ARIAGCM(256) Mac=AEAD
DHE-DSS-ARIA256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=ARIAGCM(256) Mac=AEAD
DHE-RSA-ARIA256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=ARIAGCM(256) Mac=AEAD
ADH-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=None Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(128) Mac=AEAD
DHE-RSA-AES128-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(128) Mac=AEAD
DHE-RSA-AES128-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-ARIA128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ARIAGCM(128) Mac=AEAD
ECDHE-ARIA128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=ARIAGCM(128) Mac=AEAD
DHE-DSS-ARIA128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=ARIAGCM(128) Mac=AEAD
DHE-RSA-ARIA128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=ARIAGCM(128) Mac=AEAD
ADH-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=None Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384
DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256
DHE-DSS-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA256
ADH-AES256-SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(256) Mac=SHA256
ADH-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=None Enc=Camellia(256) Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256
DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256
DHE-DSS-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA256
ADH-AES128-SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(128) Mac=SHA256
ADH-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=None Enc=Camellia(128) Mac=SHA256
RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(256) Mac=AEAD
RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-PSK-AES256-CCM8 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM8(256) Mac=AEAD
DHE-PSK-AES256-CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(256) Mac=AEAD
RSA-PSK-ARIA256-GCM-SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=ARIAGCM(256) Mac=AEAD
DHE-PSK-ARIA256-GCM-SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=ARIAGCM(256) Mac=AEAD
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
AES256-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(256) Mac=AEAD
AES256-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(256) Mac=AEAD
ARIA256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=ARIAGCM(256) Mac=AEAD
PSK-AES256-GCM-SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(256) Mac=AEAD
PSK-CHACHA20-POLY1305 TLSv1.2 Kx=PSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
PSK-AES256-CCM8 TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM8(256) Mac=AEAD
PSK-AES256-CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(256) Mac=AEAD
PSK-ARIA256-GCM-SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=ARIAGCM(256) Mac=AEAD
RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(128) Mac=AEAD
DHE-PSK-AES128-CCM8 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM8(128) Mac=AEAD
DHE-PSK-AES128-CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(128) Mac=AEAD
RSA-PSK-ARIA128-GCM-SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=ARIAGCM(128) Mac=AEAD
DHE-PSK-ARIA128-GCM-SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=ARIAGCM(128) Mac=AEAD
AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
AES128-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(128) Mac=AEAD
AES128-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(128) Mac=AEAD
ARIA128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=ARIAGCM(128) Mac=AEAD
PSK-AES128-GCM-SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(128) Mac=AEAD
PSK-AES128-CCM8 TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM8(128) Mac=AEAD
PSK-AES128-CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(128) Mac=AEAD
PSK-ARIA128-GCM-SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=ARIAGCM(128) Mac=AEAD
AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
CAMELLIA256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256
AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
CAMELLIA128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA256
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
Re: Disable SSLv3 in hMailServer >5.6.8
cool
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
Re: Disable SSLv3 in hMailServer >5.6.8
Have you tried to use the new build already? I'm running it on my server now and was thinking I'll run it for a few days before I put it up on the download section. But I've verified that the communication with external services (such as gmail) is now done using TLS 1.3.
Martin Knafve
Re: Disable SSLv3 in hMailServer >5.6.8
Yup, i am running 5.6.8-B2450.21 (*.21 are a few fixes and changes i made myself)
my ISP (external download of POP3 messages) doesn't seem to support TLS 1.3 (yet)
Still have to try with gmail, hotmail...
EDIT:
hotmail fails to make a valid TLS handshake using:
but works with:
gmail uses TLS cipher 1.3 as you mentioned
my ISP (external download of POP3 messages) doesn't seem to support TLS 1.3 (yet)
Still have to try with gmail, hotmail...
EDIT:
hotmail fails to make a valid TLS handshake using:
Code: Select all
HIGH:MEDIUM:!SHA1:!SHA256:!SHA384:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;
Code: Select all
HIGH:!TLSv1:!SSLv3;
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
Re: Disable SSLv3 in hMailServer >5.6.8
Me too now.
Doing this now too thanks - we will see how it goes.RvdH wrote: ↑2019-08-04 12:24but works with:gmail uses TLS cipher 1.3 as you mentionedCode: Select all
HIGH:!TLSv1:!SSLv3;
Gmail is TLSv1.3 both directions
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Disable SSLv3 in hMailServer >5.6.8
NOTE: This only is suitable if you only allow TLS 1.2 + 1.3mattg wrote: ↑2019-08-04 14:04Me too now.
Doing this now too thanks - we see how it goes.RvdH wrote: ↑2019-08-04 12:24but works with:gmail uses TLS cipher 1.3 as you mentionedCode: Select all
HIGH:!TLSv1:!SSLv3;
i know mattg does, but for others, if you need lower TLS version this cipher string is not suitable for you
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
Re: Disable SSLv3 in hMailServer >5.6.8
If you're using "STARTTLS (Optional)", I'm not sure tweaking this has so much value since doing a downgrade-MITM-attack would be trivial in those cases anyway. If you have configured hMailServer to enforce TLS then it makes more sense.
Martin Knafve
Re: Disable SSLv3 in hMailServer >5.6.8
I only have StartTLS Optional for port 25
I get so many unencrypted connections on port 25, don't see how I could force StartTLS on port 25.
However, I also don't allow AUTH on port 25 (using the ini setting), so there are no usernames / passwords accessible
I get so many unencrypted connections on port 25, don't see how I could force StartTLS on port 25.
However, I also don't allow AUTH on port 25 (using the ini setting), so there are no usernames / passwords accessible
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Disable SSLv3 in hMailServer >5.6.8
Don't know why, but I had to turn off 'verify remote server SSL/TLS certificates' for gmail pop3 external download to work
viewtopic.php?f=21&t=32158&p=200990&hil ... og#p200990
I checked that installed all of these.
Stopped working (with verify checked) when I upgraded to RvdH's 5.6.8-B2450.21 build
It is downloading via TLSv1.3
Edit:- just found this https://ssl-tools.net/mailservers/pop.gmail.com
viewtopic.php?f=21&t=32158&p=200990&hil ... og#p200990
I checked that installed all of these.
Stopped working (with verify checked) when I upgraded to RvdH's 5.6.8-B2450.21 build
It is downloading via TLSv1.3
Edit:- just found this https://ssl-tools.net/mailservers/pop.gmail.com
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Disable SSLv3 in hMailServer >5.6.8
Nice find. I'm seeing that as well. Only happens for TLS 1.3 - if I disable TLS 1.3 it works fine.
Will debug and see what's causing it.
Will debug and see what's causing it.
Martin Knafve
Re: Disable SSLv3 in hMailServer >5.6.8
Found the issue, it's related to SNI. I'll see if I can fix it.
Martin Knafve
Re: Disable SSLv3 in hMailServer >5.6.8
I've pushed a fix (still testing it though)
In TLS 1.3, SNI is required and I hadn't implemented that in hMailServer. If hMailServer connects to pop.gmail.com:995 without including SNI, then pop.gmail.com will complete the TLS-handshake but return an incorrect SSL-certificate. This incorrect SSL-certificate has a Subject/Issuer/etc all containing something like "client did not send SNI; fix your client", so it's basically Google's way of finding bugs in clients, which appears to have worked this time.
In TLS 1.3, SNI is required and I hadn't implemented that in hMailServer. If hMailServer connects to pop.gmail.com:995 without including SNI, then pop.gmail.com will complete the TLS-handshake but return an incorrect SSL-certificate. This incorrect SSL-certificate has a Subject/Issuer/etc all containing something like "client did not send SNI; fix your client", so it's basically Google's way of finding bugs in clients, which appears to have worked this time.
Martin Knafve
Re: Disable SSLv3 in hMailServer >5.6.8
How did you solve certain build Errors
#For OpenSSL_1.1.x
Error C3861: 'EVP_MD_CTX_cleanup': identifier not found \hmailserver\hmailserver\source\Server\Common\AntiSpam\DKIM\DKIM.cpp 227
#BOOST 1.70.0
Error 24 error C2039: 'get_io_service' : is not a member of 'boost::asio::basic_socket_acceptor<boost::asio::ip::tcp,boost::asio::executor>' .\hmailserver\hmailserver\source\Server\Common\TCPIP\TCPServer.cpp 137 1 hMailServer
The BOOST 1.70.0 hMailServer build errors doesn't go away if you for example fall back to openssl-1.0.2s
but BOOST 1.63.0 and openssl-1.0.2s works ok.
#For OpenSSL_1.1.x
Error C3861: 'EVP_MD_CTX_cleanup': identifier not found \hmailserver\hmailserver\source\Server\Common\AntiSpam\DKIM\DKIM.cpp 227
#BOOST 1.70.0
Error 24 error C2039: 'get_io_service' : is not a member of 'boost::asio::basic_socket_acceptor<boost::asio::ip::tcp,boost::asio::executor>' .\hmailserver\hmailserver\source\Server\Common\TCPIP\TCPServer.cpp 137 1 hMailServer
The BOOST 1.70.0 hMailServer build errors doesn't go away if you for example fall back to openssl-1.0.2s
but BOOST 1.63.0 and openssl-1.0.2s works ok.
Re: Disable SSLv3 in hMailServer >5.6.8
Are you trying to use the master branch or 5.7-branch with the new OpenSSL/Boost? I have not merged the fixes to the master branch/5.7-branch yet - I will do that later this week. You can check the 5.6.8 branch to see what changes I had to do. The short version is that a few of the OpenSSL/Boost API:s hMailServer was using has been removed (like 2-3 of them) so I had to make a few small changes to no longer use them.
Martin Knafve
Re: Disable SSLv3 in hMailServer >5.6.8
The ONLY servers that I am connecting with via TLSv1.3 is the gmail servers, for incoming, outgoing and external pop3 download.
All others are still TLSv1.2 (or nude)
All others are still TLSv1.2 (or nude)
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Disable SSLv3 in hMailServer >5.6.8
Not sure if you're saying that there's a problem or just sharing what you're seeing? Roughly ~15% of web sites supports TLS1.3, and I would guess that the same number for email is ~5% or so.
Martin Knafve
Re: Disable SSLv3 in hMailServer >5.6.8
Just sharing what I'm seeing
No problem at all (other than the aforementioned External POP3 'verify' issue that you say you have fixed...) - thanks for implementing TLSv1.3
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Disable SSLv3 in hMailServer >5.6.8
Alright, cool
The latest 'official' beta-build on the download page resolves the "verify"-issue. But I understand you're using a fork.
The latest 'official' beta-build on the download page resolves the "verify"-issue. But I understand you're using a fork.
Martin Knafve
Re: Disable SSLv3 in hMailServer >5.6.8
Yep, But just checked an RvhD has updated the fork, so I've just installed it and tested.
Verify certs is turned on, and gmail external POP3 download works fine-
Thanks to you both
Verify certs is turned on, and gmail external POP3 download works fine-
Thanks to you both
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Disable SSLv3 in hMailServer >5.6.8
My QNAPNas now won't negotiate a secure connectionRvdH wrote: ↑2019-08-04 14:06NOTE: This only is suitable if you only allow TLS 1.2 + 1.3mattg wrote: ↑2019-08-04 14:04Me too now.
Doing this now too thanks - we see how it goes.RvdH wrote: ↑2019-08-04 12:24but works with:gmail uses TLS cipher 1.3 as you mentionedCode: Select all
HIGH:!TLSv1:!SSLv3;
i know mattg does, but for others, if you need lower TLS version this cipher string is not suitable for you
Last month (before I updated and changed my cipher) the cipher used by my QNAP for notifications was
"TCPIP" 141948 "2019-07-26 13:42:22.826" "TCPConnection - TLS/SSL handshake completed. Session Id: 664, Remote IP: 192.168.0.250, Version: TLSv1.2, Cipher: DHE-RSA-AES256-SHA, Bits: 256"
Not that big a deal - just though that I'd mention it
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Disable SSLv3 in hMailServer >5.6.8
Just remembered too that I have one (ex) client with DVR attached to some IP cameras that will only use SSLv3.0 to connect to mail servers to email footage, or snapshots
Doesn't change my view. SSL3.0 should remain removed from hMailserver
Doesn't change my view. SSL3.0 should remain removed from hMailserver
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
-
- New user
- Posts: 1
- Joined: 2019-08-21 21:45
Re: Disable SSLv3 in hMailServer >5.6.8
Here is a tool I use: https://www.nartac.com/Products/IISCrypto/martin wrote: ↑2019-08-04 11:06I was probably a bit unclear.
Forget the API part. The important part is:
The cipher list you specify in the UI is the cipher list used. There's no other internal cipher list which will be used.
The format of the cipher list is described under the section "CIPHER STRINGS" here:
https://www.openssl.org/docs/man1.1.0/man1/ciphers.html
The short version is that the cipher string is a semicolon-separated string containing rules on what ciphers to enable.
Re: Disable SSLv3 in hMailServer >5.6.8
Thats for Windows SChannel Cyphers.janvdweyer wrote: ↑2019-08-21 21:50Here is a tool I use: https://www.nartac.com/Products/IISCrypto/
hMailServer uses OpenSSL and not MS-SChannel for SSL/TLS.
Re: Disable SSLv3 in hMailServer >5.6.8
Just noticed that the latest iOS mail app now uses TLSv1.3 for mail server connections
Microsoft is still not committing
Microsoft is still not committing
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Disable SSLv3 in hMailServer >5.6.8
I have a client using Entourage 2008 that couldn't connect using the OpenSSL 1.1 builds.
Turns out it needs TLS 1.0/RC4-SHA/128bit. RC4 is disabled by default in OpenSSL 1.1
Rebuilding OpenSSL with enable-weak-ssl-ciphers got things working.
Turns out it needs TLS 1.0/RC4-SHA/128bit. RC4 is disabled by default in OpenSSL 1.1
Rebuilding OpenSSL with enable-weak-ssl-ciphers got things working.