Disable SSLv3 in hMailServer >5.6.8

Use this forum if you want to discuss a problem or ask a question related to a hMailServer beta release.
Post Reply
User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Disable SSLv3 in hMailServer >5.6.8

Post by martin » 2019-08-02 14:48

To support TLS 1.3, hMailServer needs to be updated to use latest OpenSSL-version.

The latest OpenSSL-version does not come with SSL 3-support. It's possible to compile OpenSSL with SSL3 support, but haven't gotten this to work.

To solve this I'm leaning towards simply removing the SSL 3-support from hMailServer. The options will simply be removed from the UI and the API methods removed. SSL3 has been considered broken for decades, so supporting it may only be confusing to end-users.

Any objections to this?
Martin Knafve

palinka
Senior user
Senior user
Posts: 4455
Joined: 2017-09-12 17:57

Re: Disable SSLv3 in hMailServer >5.6.8

Post by palinka » 2019-08-02 15:05

You will not find objections from actual users of hMailServer. Guaranteed.

User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Disable SSLv3 in hMailServer >5.6.8

Post by martin » 2019-08-02 15:20

Yes, I agree that it seems unlikely. Still wanted to post to see if someone says anything else than what I think. :)
Martin Knafve

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: Disable SSLv3 in hMailServer >5.6.8

Post by jimimaseye » 2019-08-02 15:27

No objections from me.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Disable SSLv3 in hMailServer >5.6.8

Post by RvdH » 2019-08-02 19:00

My hMailserver instance only accepts TLS 1.2 connections, so no objections here
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
katip
Senior user
Senior user
Posts: 1158
Joined: 2006-12-22 07:58
Location: Istanbul

Re: Disable SSLv3 in hMailServer >5.6.8

Post by katip » 2019-08-02 20:06

never ever enabled SSL v3.0 option.
dropping it is absolutely ok for me.
Katip
--
HMS 5.7, MariaDB 10.4.10, SA 4.0.0, ClamAV 0.103.8

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Disable SSLv3 in hMailServer >5.6.8

Post by mattg » 2019-08-03 02:14

Even Microsoft have disabled SSLv3.0 on all modern operating systems
It provides no security at all - as it so easily broken
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Disable SSLv3 in hMailServer >5.6.8

Post by RvdH » 2019-08-03 18:32

Do we need a updated ciphers list for this within hmailserver as well?
https://www.openssl.org/docs/man1.1.1/man1/ciphers.html

How is the ciphers list within hmailserver exactly build?

i mean for:
- SSL 3.0
+ TLS 1.3
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Disable SSLv3 in hMailServer >5.6.8

Post by martin » 2019-08-03 21:22

The cipher list you enter in the user interface is given as-is to OpenSSL using an OpenSSL API (https://www.openssl.org/docs/man1.0.2/m ... _list.html). OpenSSL parses it and decide what ciphers match. I'm honestly not 100% sure about the syntax for the cipher string itself. The one in hMailServer comes from Mozillas recommendations if I recall correctly.

The cipher list is separate from the TLS versions. By default, OpenSSL enables support for TLS1.0 - 1.3. hMailServer explicitly disables any TLS-version which the user has de-selected in the UI

I just installed the latest build and enabled TLS 1.3. I then verified that I was able to connect to the server using the OpenSSL client and that TLS 1.3 was selected. The cipher was TLS_AES_256_GCM_SHA384. If you go to https://wiki.mozilla.org/Security/Server_Side_TLS and read about their recommendations they say "For services with clients that support TLS 1.3 and don't need backward compatibility, the Modern configuration provides an extremely high level of security." and then mention this cipher.

(I realize that this is a vague reply to your question but that's what I know about this so far)
Martin Knafve

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Disable SSLv3 in hMailServer >5.6.8

Post by RvdH » 2019-08-03 22:05

So when we take the original ciphers list, eg;

Code: Select all

ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;


The ones prefixed with '!' are explicitly disabled? Or are all in above list explicitly disabled?
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Disable SSLv3 in hMailServer >5.6.8

Post by mattg » 2019-08-04 00:01

martin wrote:
2019-08-03 21:22
The one in hMailServer comes from Mozillas recommendations if I recall correctly.
Not a recent one I don't think
That list changes fairly frequently

I have updated mine a few times over the years
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Disable SSLv3 in hMailServer >5.6.8

Post by RvdH » 2019-08-04 09:02

mattg wrote:
2019-08-04 00:01
I have updated mine a few times over the years
:?:
What is the point if it uses internal API ciphers list?
If i understand correctly this is only to explicitly disable some ciphers.... Docs are not very clear on this matter either
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Disable SSLv3 in hMailServer >5.6.8

Post by martin » 2019-08-04 11:06

I was probably a bit unclear.

Forget the API part. The important part is:

The cipher list you specify in the UI is the cipher list used. There's no other internal cipher list which will be used.

The format of the cipher list is described under the section "CIPHER STRINGS" here:
https://www.openssl.org/docs/man1.1.0/man1/ciphers.html

The short version is that the cipher string is a semicolon-separated string containing rules on what ciphers to enable.
Martin Knafve

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Disable SSLv3 in hMailServer >5.6.8

Post by RvdH » 2019-08-04 11:23

Do we have to list all allowed ciphers there? Or can this be shortened like:

Code: Select all

HIGH:MEDIUM:!SHA1:!SHA256:!SHA384:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;
openssl ciphers -v HIGH:MEDIUM:!SHA1:!SHA256:!SHA384:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK

Code: Select all

TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM8(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(256) Mac=AEAD
DHE-RSA-AES256-CCM8     TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM8(256) Mac=AEAD
DHE-RSA-AES256-CCM      TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM(256) Mac=AEAD
ECDHE-ECDSA-ARIA256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=ARIAGCM(256) Mac=AEAD
ECDHE-ARIA256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=ARIAGCM(256) Mac=AEAD
DHE-DSS-ARIA256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=ARIAGCM(256) Mac=AEAD
DHE-RSA-ARIA256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=ARIAGCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM8(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(128) Mac=AEAD
DHE-RSA-AES128-CCM8     TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM8(128) Mac=AEAD
DHE-RSA-AES128-CCM      TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-ARIA128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=ARIAGCM(128) Mac=AEAD
ECDHE-ARIA128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=ARIAGCM(128) Mac=AEAD
DHE-DSS-ARIA128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=ARIAGCM(128) Mac=AEAD
DHE-RSA-ARIA128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=ARIAGCM(128) Mac=AEAD
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
AES256-CCM8             TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM8(256) Mac=AEAD
AES256-CCM              TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM(256) Mac=AEAD
ARIA256-GCM-SHA384      TLSv1.2 Kx=RSA      Au=RSA  Enc=ARIAGCM(256) Mac=AEAD
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
AES128-CCM8             TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM8(128) Mac=AEAD
AES128-CCM              TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM(128) Mac=AEAD
ARIA128-GCM-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=ARIAGCM(128) Mac=AEAD
In above example only High and Medium security TLS 1.2 and 1.3 are allowed protocols


Another example to enable all high security TLS 1.2 and 1.3 ciphers, could be:

openssl ciphers -v HIGH:!TLSv1:!SSLv3;

Code: Select all

TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM8(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(256) Mac=AEAD
DHE-RSA-AES256-CCM8     TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM8(256) Mac=AEAD
DHE-RSA-AES256-CCM      TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM(256) Mac=AEAD
ECDHE-ECDSA-ARIA256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=ARIAGCM(256) Mac=AEAD
ECDHE-ARIA256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=ARIAGCM(256) Mac=AEAD
DHE-DSS-ARIA256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=ARIAGCM(256) Mac=AEAD
DHE-RSA-ARIA256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=ARIAGCM(256) Mac=AEAD
ADH-AES256-GCM-SHA384   TLSv1.2 Kx=DH       Au=None Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM8(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(128) Mac=AEAD
DHE-RSA-AES128-CCM8     TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM8(128) Mac=AEAD
DHE-RSA-AES128-CCM      TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-ARIA128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=ARIAGCM(128) Mac=AEAD
ECDHE-ARIA128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=ARIAGCM(128) Mac=AEAD
DHE-DSS-ARIA128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=ARIAGCM(128) Mac=AEAD
DHE-RSA-ARIA128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=ARIAGCM(128) Mac=AEAD
ADH-AES128-GCM-SHA256   TLSv1.2 Kx=DH       Au=None Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-DSS-AES256-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA256
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(256) Mac=SHA384
DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA256
DHE-DSS-CAMELLIA256-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=Camellia(256) Mac=SHA256
ADH-AES256-SHA256       TLSv1.2 Kx=DH       Au=None Enc=AES(256)  Mac=SHA256
ADH-CAMELLIA256-SHA256  TLSv1.2 Kx=DH       Au=None Enc=Camellia(256) Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-DSS-AES128-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(128) Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(128) Mac=SHA256
DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA256
DHE-DSS-CAMELLIA128-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=Camellia(128) Mac=SHA256
ADH-AES128-SHA256       TLSv1.2 Kx=DH       Au=None Enc=AES(128)  Mac=SHA256
ADH-CAMELLIA128-SHA256  TLSv1.2 Kx=DH       Au=None Enc=Camellia(128) Mac=SHA256
RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESGCM(256) Mac=AEAD
RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-PSK-AES256-CCM8     TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESCCM8(256) Mac=AEAD
DHE-PSK-AES256-CCM      TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESCCM(256) Mac=AEAD
RSA-PSK-ARIA256-GCM-SHA384 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=ARIAGCM(256) Mac=AEAD
DHE-PSK-ARIA256-GCM-SHA384 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=ARIAGCM(256) Mac=AEAD
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
AES256-CCM8             TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM8(256) Mac=AEAD
AES256-CCM              TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM(256) Mac=AEAD
ARIA256-GCM-SHA384      TLSv1.2 Kx=RSA      Au=RSA  Enc=ARIAGCM(256) Mac=AEAD
PSK-AES256-GCM-SHA384   TLSv1.2 Kx=PSK      Au=PSK  Enc=AESGCM(256) Mac=AEAD
PSK-CHACHA20-POLY1305   TLSv1.2 Kx=PSK      Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
PSK-AES256-CCM8         TLSv1.2 Kx=PSK      Au=PSK  Enc=AESCCM8(256) Mac=AEAD
PSK-AES256-CCM          TLSv1.2 Kx=PSK      Au=PSK  Enc=AESCCM(256) Mac=AEAD
PSK-ARIA256-GCM-SHA384  TLSv1.2 Kx=PSK      Au=PSK  Enc=ARIAGCM(256) Mac=AEAD
RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESGCM(128) Mac=AEAD
DHE-PSK-AES128-CCM8     TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESCCM8(128) Mac=AEAD
DHE-PSK-AES128-CCM      TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESCCM(128) Mac=AEAD
RSA-PSK-ARIA128-GCM-SHA256 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=ARIAGCM(128) Mac=AEAD
DHE-PSK-ARIA128-GCM-SHA256 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=ARIAGCM(128) Mac=AEAD
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
AES128-CCM8             TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM8(128) Mac=AEAD
AES128-CCM              TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM(128) Mac=AEAD
ARIA128-GCM-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=ARIAGCM(128) Mac=AEAD
PSK-AES128-GCM-SHA256   TLSv1.2 Kx=PSK      Au=PSK  Enc=AESGCM(128) Mac=AEAD
PSK-AES128-CCM8         TLSv1.2 Kx=PSK      Au=PSK  Enc=AESCCM8(128) Mac=AEAD
PSK-AES128-CCM          TLSv1.2 Kx=PSK      Au=PSK  Enc=AESCCM(128) Mac=AEAD
PSK-ARIA128-GCM-SHA256  TLSv1.2 Kx=PSK      Au=PSK  Enc=ARIAGCM(128) Mac=AEAD
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
CAMELLIA256-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA256
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
CAMELLIA128-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA256
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Disable SSLv3 in hMailServer >5.6.8

Post by martin » 2019-08-04 11:51

It can be shortened.
Martin Knafve

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Disable SSLv3 in hMailServer >5.6.8

Post by RvdH » 2019-08-04 11:53

cool 8)
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Disable SSLv3 in hMailServer >5.6.8

Post by martin » 2019-08-04 12:20

Have you tried to use the new build already? I'm running it on my server now and was thinking I'll run it for a few days before I put it up on the download section. But I've verified that the communication with external services (such as gmail) is now done using TLS 1.3.
Martin Knafve

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Disable SSLv3 in hMailServer >5.6.8

Post by RvdH » 2019-08-04 12:24

Yup, i am running 5.6.8-B2450.21 (*.21 are a few fixes and changes i made myself)

my ISP (external download of POP3 messages) doesn't seem to support TLS 1.3 (yet)
Still have to try with gmail, hotmail...


EDIT:

hotmail fails to make a valid TLS handshake using:

Code: Select all

HIGH:MEDIUM:!SHA1:!SHA256:!SHA384:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;
but works with:

Code: Select all

HIGH:!TLSv1:!SSLv3;
gmail uses TLS cipher 1.3 as you mentioned
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Disable SSLv3 in hMailServer >5.6.8

Post by mattg » 2019-08-04 14:04

RvdH wrote:
2019-08-04 12:24
Yup, i am running 5.6.8-B2450.21 (*.21 are a few fixes and changes i made myself)
Me too now.
RvdH wrote:
2019-08-04 12:24
but works with:

Code: Select all

HIGH:!TLSv1:!SSLv3;
gmail uses TLS cipher 1.3 as you mentioned
Doing this now too thanks - we will see how it goes.

Gmail is TLSv1.3 both directions
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Disable SSLv3 in hMailServer >5.6.8

Post by RvdH » 2019-08-04 14:06

mattg wrote:
2019-08-04 14:04
RvdH wrote:
2019-08-04 12:24
Yup, i am running 5.6.8-B2450.21 (*.21 are a few fixes and changes i made myself)
Me too now.
RvdH wrote:
2019-08-04 12:24
but works with:

Code: Select all

HIGH:!TLSv1:!SSLv3;
gmail uses TLS cipher 1.3 as you mentioned
Doing this now too thanks - we see how it goes.
NOTE: This only is suitable if you only allow TLS 1.2 + 1.3
i know mattg does, but for others, if you need lower TLS version this cipher string is not suitable for you
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Disable SSLv3 in hMailServer >5.6.8

Post by martin » 2019-08-04 15:21

If you're using "STARTTLS (Optional)", I'm not sure tweaking this has so much value since doing a downgrade-MITM-attack would be trivial in those cases anyway. If you have configured hMailServer to enforce TLS then it makes more sense.
Martin Knafve

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Disable SSLv3 in hMailServer >5.6.8

Post by mattg » 2019-08-04 16:50

I only have StartTLS Optional for port 25

I get so many unencrypted connections on port 25, don't see how I could force StartTLS on port 25.
However, I also don't allow AUTH on port 25 (using the ini setting), so there are no usernames / passwords accessible
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Disable SSLv3 in hMailServer >5.6.8

Post by mattg » 2019-08-04 17:34

Don't know why, but I had to turn off 'verify remote server SSL/TLS certificates' for gmail pop3 external download to work

viewtopic.php?f=21&t=32158&p=200990&hil ... og#p200990
I checked that installed all of these.

Stopped working (with verify checked) when I upgraded to RvdH's 5.6.8-B2450.21 build

It is downloading via TLSv1.3

Edit:- just found this https://ssl-tools.net/mailservers/pop.gmail.com
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Disable SSLv3 in hMailServer >5.6.8

Post by martin » 2019-08-04 19:11

Nice find. I'm seeing that as well. Only happens for TLS 1.3 - if I disable TLS 1.3 it works fine.

Will debug and see what's causing it.
Martin Knafve

User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Disable SSLv3 in hMailServer >5.6.8

Post by martin » 2019-08-04 19:18

Found the issue, it's related to SNI. I'll see if I can fix it.
Martin Knafve

User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Disable SSLv3 in hMailServer >5.6.8

Post by martin » 2019-08-04 20:14

I've pushed a fix (still testing it though)

In TLS 1.3, SNI is required and I hadn't implemented that in hMailServer. If hMailServer connects to pop.gmail.com:995 without including SNI, then pop.gmail.com will complete the TLS-handshake but return an incorrect SSL-certificate. This incorrect SSL-certificate has a Subject/Issuer/etc all containing something like "client did not send SNI; fix your client", so it's basically Google's way of finding bugs in clients, which appears to have worked this time. :)
Martin Knafve

User avatar
Dravion
Senior user
Senior user
Posts: 2071
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Disable SSLv3 in hMailServer >5.6.8

Post by Dravion » 2019-08-05 08:10

How did you solve certain build Errors

#For OpenSSL_1.1.x

Error C3861: 'EVP_MD_CTX_cleanup': identifier not found \hmailserver\hmailserver\source\Server\Common\AntiSpam\DKIM\DKIM.cpp 227

#BOOST 1.70.0
Error 24 error C2039: 'get_io_service' : is not a member of 'boost::asio::basic_socket_acceptor<boost::asio::ip::tcp,boost::asio::executor>' .\hmailserver\hmailserver\source\Server\Common\TCPIP\TCPServer.cpp 137 1 hMailServer

The BOOST 1.70.0 hMailServer build errors doesn't go away if you for example fall back to openssl-1.0.2s
but BOOST 1.63.0 and openssl-1.0.2s works ok.

User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Disable SSLv3 in hMailServer >5.6.8

Post by martin » 2019-08-05 11:16

Are you trying to use the master branch or 5.7-branch with the new OpenSSL/Boost? I have not merged the fixes to the master branch/5.7-branch yet - I will do that later this week. You can check the 5.6.8 branch to see what changes I had to do. The short version is that a few of the OpenSSL/Boost API:s hMailServer was using has been removed (like 2-3 of them) so I had to make a few small changes to no longer use them.
Martin Knafve

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Disable SSLv3 in hMailServer >5.6.8

Post by mattg » 2019-08-05 11:17

The ONLY servers that I am connecting with via TLSv1.3 is the gmail servers, for incoming, outgoing and external pop3 download.

All others are still TLSv1.2 (or nude)
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Disable SSLv3 in hMailServer >5.6.8

Post by martin » 2019-08-05 11:21

mattg wrote:
2019-08-05 11:17
The ONLY servers that I am connecting with via TLSv1.3 is the gmail servers, for incoming, outgoing and external pop3 download. All others are still TLSv1.2 (or nude)
Not sure if you're saying that there's a problem or just sharing what you're seeing? Roughly ~15% of web sites supports TLS1.3, and I would guess that the same number for email is ~5% or so.
Martin Knafve

User avatar
Dravion
Senior user
Senior user
Posts: 2071
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Disable SSLv3 in hMailServer >5.6.8

Post by Dravion » 2019-08-05 12:08

martin wrote:
2019-08-05 11:16
The short version is that a few of the OpenSSL/Boost API:s hMailServer was using has been removed (like 2-3 of them) so I had to make a few small changes to no longer use them.
Ok, i am curious to find out how it works now :)

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Disable SSLv3 in hMailServer >5.6.8

Post by mattg » 2019-08-05 12:44

martin wrote:
2019-08-05 11:21
mattg wrote:
2019-08-05 11:17
The ONLY servers that I am connecting with via TLSv1.3 is the gmail servers, for incoming, outgoing and external pop3 download. All others are still TLSv1.2 (or nude)
Not sure if you're saying that there's a problem or just sharing what you're seeing?
Just sharing what I'm seeing

No problem at all (other than the aforementioned External POP3 'verify' issue that you say you have fixed...) - thanks for implementing TLSv1.3
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
martin
Developer
Developer
Posts: 6846
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Disable SSLv3 in hMailServer >5.6.8

Post by martin » 2019-08-05 12:47

Alright, cool :)

The latest 'official' beta-build on the download page resolves the "verify"-issue. But I understand you're using a fork.
Martin Knafve

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Disable SSLv3 in hMailServer >5.6.8

Post by mattg » 2019-08-05 12:57

Yep, But just checked an RvhD has updated the fork, so I've just installed it and tested.

Verify certs is turned on, and gmail external POP3 download works fine-

Thanks to you both
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Disable SSLv3 in hMailServer >5.6.8

Post by mattg » 2019-08-07 09:39

RvdH wrote:
2019-08-04 14:06
mattg wrote:
2019-08-04 14:04
RvdH wrote:
2019-08-04 12:24
Yup, i am running 5.6.8-B2450.21 (*.21 are a few fixes and changes i made myself)
Me too now.
RvdH wrote:
2019-08-04 12:24
but works with:

Code: Select all

HIGH:!TLSv1:!SSLv3;
gmail uses TLS cipher 1.3 as you mentioned
Doing this now too thanks - we see how it goes.
NOTE: This only is suitable if you only allow TLS 1.2 + 1.3
i know mattg does, but for others, if you need lower TLS version this cipher string is not suitable for you
My QNAPNas now won't negotiate a secure connection
Last month (before I updated and changed my cipher) the cipher used by my QNAP for notifications was

"TCPIP" 141948 "2019-07-26 13:42:22.826" "TCPConnection - TLS/SSL handshake completed. Session Id: 664, Remote IP: 192.168.0.250, Version: TLSv1.2, Cipher: DHE-RSA-AES256-SHA, Bits: 256"

Not that big a deal - just though that I'd mention it
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Disable SSLv3 in hMailServer >5.6.8

Post by mattg » 2019-08-14 03:54

Just remembered too that I have one (ex) client with DVR attached to some IP cameras that will only use SSLv3.0 to connect to mail servers to email footage, or snapshots

Doesn't change my view. SSL3.0 should remain removed from hMailserver
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

janvdweyer
New user
New user
Posts: 1
Joined: 2019-08-21 21:45

Re: Disable SSLv3 in hMailServer >5.6.8

Post by janvdweyer » 2019-08-21 21:50

martin wrote:
2019-08-04 11:06
I was probably a bit unclear.

Forget the API part. The important part is:

The cipher list you specify in the UI is the cipher list used. There's no other internal cipher list which will be used.

The format of the cipher list is described under the section "CIPHER STRINGS" here:
https://www.openssl.org/docs/man1.1.0/man1/ciphers.html

The short version is that the cipher string is a semicolon-separated string containing rules on what ciphers to enable.
Here is a tool I use: https://www.nartac.com/Products/IISCrypto/

User avatar
Dravion
Senior user
Senior user
Posts: 2071
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Disable SSLv3 in hMailServer >5.6.8

Post by Dravion » 2019-08-21 22:25

janvdweyer wrote:
2019-08-21 21:50
Here is a tool I use: https://www.nartac.com/Products/IISCrypto/
Thats for Windows SChannel Cyphers.

hMailServer uses OpenSSL and not MS-SChannel for SSL/TLS.

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Disable SSLv3 in hMailServer >5.6.8

Post by mattg » 2019-10-24 01:54

Just noticed that the latest iOS mail app now uses TLSv1.3 for mail server connections

Microsoft is still not committing
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

sprint
Normal user
Normal user
Posts: 31
Joined: 2018-01-31 01:36

Re: Disable SSLv3 in hMailServer >5.6.8

Post by sprint » 2019-12-09 04:44

I have a client using Entourage 2008 that couldn't connect using the OpenSSL 1.1 builds.
Turns out it needs TLS 1.0/RC4-SHA/128bit. RC4 is disabled by default in OpenSSL 1.1

Rebuilding OpenSSL with enable-weak-ssl-ciphers got things working.

Post Reply