Bug 1153041
| Summary: | RFE: backport method to disable SSLv3 or disable SSv3 permanently | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Jens Kuehnel <bugzilla-redhat> | ||||||||
| Component: | dovecot | Assignee: | Michal Hlavinka <mhlavink> | ||||||||
| Status: | CLOSED ERRATA | QA Contact: | Frantisek Sumsal <fsumsal> | ||||||||
| Severity: | urgent | Docs Contact: | Tomas Capek <tcapek> | ||||||||
| Priority: | urgent | ||||||||||
| Version: | 6.6 | CC: | cfairchild, dominik, fsumsal, jherrman, jkurik, john.haxby, just4nick, kvolny, leonard-rh-bugzilla, manuel.wolfshant, mdshaikh, mhlavink, ovasik, pb, peter, psklenar, qe-baseos-daemons, redhat-bugzilla, riehecky, rik.theys, robert.scheck, salmy, smithj4, tfiebig, tis, tlavigne, vladimir.stys, yoguma | ||||||||
| Target Milestone: | rc | Keywords: | FutureFeature, Security, ZStream | ||||||||
| Target Release: | --- | ||||||||||
| Hardware: | Unspecified | ||||||||||
| OS: | Unspecified | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | dovecot-2.0.9-11.el6 | Doc Type: | Release Note | ||||||||
| Doc Text: |
Allowed SSL protocols configurable in *dovecot*
With this update, it is possible to configure which Secure Sockets Layer (SSL) protocols dovecot allows. For example, users can disable SSLv3 connections and thus mitigate the impact of the POODLE vulnerability. Due to security concerns, SSLv2 and SSLv3 are now also disabled by default, and they have to be allowed manually if the user needs them.
|
Story Points: | --- | ||||||||
| Clone Of: | 1153027 | ||||||||||
| : | 1174158 1182619 (view as bug list) | Environment: | |||||||||
| Last Closed: | 2015-07-22 06:57:37 UTC | Type: | Bug | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Embargoed: | |||||||||||
| Bug Depends On: | 1153027 | ||||||||||
| Bug Blocks: | 1159926, 1174158 | ||||||||||
| Attachments: |
|
||||||||||
|
Description
Jens Kuehnel
2014-10-15 13:18:28 UTC
Patched rpms are available at: https://fh.kuehnel.org/doevcot-ssl3/ Tested with: openssl s_client -ssl3 -connect localhost:imaps returns without connect. (In reply to Jens Kuehnel from comment #3) This is using the Patch from Comment 2 and disables SSL3 permanently. This would be really appreciated. Currently any attempts to use sth. along the lines of: ssl_cipher_list = ... :!SSLv3:... results in no crypto at all, neither on 993 or with start_tls. Ok... to late in the evening. Apparently this was rather related to #1153052. Using the patched version from fedora-testing and ssl_cipher_list = ...:!SSLv2:!SSLv3:... everything is fine now. openssl s_client -connect $host:993 -ssl2 and openssl s_client -connect $host:993 -ssl3 Both result in: openssl s_client -connect $host:993 -ssl3 CONNECTED(00000003) 140380299679616:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1257:SSL alert number 40 140380299679616:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596: and openssl s_client -connect $host:993 -ssl2 CONNECTED(00000003) write:errno=104 Both using an unpatched 2.0.9 One more comment... while the aforementioned effectively kills sslv2/3 even for unpatched dovecots, it does so by just not offering any cyphersuites except those used for TLS1.2, hence TLS1.0-only clients will run into issues. I'd much rather see the ssl_protocols setting backported from dovecot 2.1. I wonder how cleanly this patch will apply to 2.0: http://hg.dovecot.org/dovecot-2.1/rev/406a1d52390b Created attachment 948408 [details]
backported patch
This patch adds ssl_protocols configuration option
Created attachment 948410 [details]
backported patch v2
Thought something looked a bit wrong with that first patch, it might be a better match for RHEL 5.11 dovecot, though. One suggestion would be to change the default on the setting from the current "!SSLv2" to "!SSLv2 !SSLv3" in light of POODLE, but it's just a suggestion, either way this patch gives the user the choice to enable or disable SSLv3 which is the right way to go, imo. *** Bug 1154504 has been marked as a duplicate of this bug. *** I replaced the old patch with the backported patch v2 (948410) and recreated the rpms. I changed the patch to add "!SSLv3" to the default settings. Available again at: https://fh.kuehnel.org/doevcot-ssl3/ (In reply to Peter Ajamian from comment #11) > Thought something looked a bit wrong with that first patch, it might be a > better match for RHEL 5.11 dovecot, though. This bug is for RHEL6, is there already a related bug filed against RHEL 5 (perhaps #1153027, but access is prohibited for me). And regarding to commont #13, if one can provide also i386 RPMs for RHEL 5, I can run tests. (In reply to Peter Bieringer from comment #14) > This bug is for RHEL6, is there already a related bug filed against RHEL 5 > (perhaps #1153027, but access is prohibited for me). Yes, 1153027 is the same thing for RHEL5. That is opened by some else, therefor I can't give you access. > And regarding to commont #13, if one can provide also i386 RPMs for RHEL 5, > I can run tests. For RHEL5 I only have build using the "permanent disable SSLv3" patch, a rebuild for 32bit is now available. (In reply to Jens Kuehnel from comment #15) > (In reply to Peter Bieringer from comment #14) > > > This bug is for RHEL6, is there already a related bug filed against RHEL 5 > > (perhaps #1153027, but access is prohibited for me). > Yes, 1153027 is the same thing for RHEL5. That is opened by some else, > therefor I can't give you access. Working. > > And regarding to commont #13, if one can provide also i386 RPMs for RHEL 5, > > I can run tests. > For RHEL5 I only have build using the "permanent disable SSLv3" patch, a > rebuild for 32bit is now available. I've installed now https://fh.kuehnel.org/doevcot-ssl3/dovecot-1.0.7-8.el5.centos.1.0.0.0.1.i386.rpm Result: $ openssl s_client -connect localhost:993 -ssl3 CONNECTED(00000003) 18032:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1092:SSL alert number 40 18032:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:536: => good -tls1 results in proper connect Thank you for providing the intermediate RPM, let's see whether for RHEL5 a proper release would be created by Red Hat - for the meantime one with access to the koji build system (e.g. me ...) can create RPMS for all arch after extending the changelog in the spec file - also it can be discussed whether the patch from #1153027 should be used for such a build instead of the permanent SSLv3 disabling patch. The dovecot-2.0.9-ssl_protocols.patch seems to work as intended. Could it be possible to extend it to also make it possible to explicitly disable TLSv1, TSLv1.1 and TLSv1.2? Compare src/lib-ssl-iostream/iostream-openssl-common.c in 2.2.15. Why is this bug flagged NEEDINFO? (In reply to Leonard den Ottolander from comment #18) > The dovecot-2.0.9-ssl_protocols.patch seems to work as intended. > > Could it be possible to extend it to also make it possible to explicitly > disable TLSv1, TSLv1.1 and TLSv1.2? your wish will be granted Thanks for honouring my request. However, there seems to be in a issue with the dovecot-2.0.9-sslprot.patch released with 2.0.9-8.el6_6.4. DOVECOT_SSL_PROTO_ALL is defined as 0x07 which was correct when only SSLv2 (0x01), SSLv3 (0x02) and TLSv1 (0x04) were defined. However after adding TLSv1_1 (0x08) and TLSv1_2 (0x10) DOVECOT_SSL_PROTO_ALL should now be 0x1f not 0x07. Do you want me to open a new bug report or can we handle this issue here? Also the last lines from openssl_get_protocol_options() from 2.2.15's src/lib-ssl-iostream/iostream-openssl-common.c where the options are set based on the excluded protocols ... op |= SSL_OP_NO_TLSv1_1; and ...TLSv1_2 seemed to have not been merged into ssl_proxy_ctx_set_protocols() in this patch which iiuc will make it impossible to disable (exclude) TLSv1_1 and TLSv1_2. Essentially you should more or less backport the entire openssl_get_protocol_options() from 2.2.15 to ssl_proxy_ctx_set_protocols(). Created attachment 976640 [details]
Fixed dovecot-2.0.9-sslprot.patch (UNTESTED)
Set DOVECOT_SSL_PROTO_ALL to 0x1f.
Added exclude logic for TLSv1_1 and TLSv1_2.
Patch is untested but seems in accordance with upstream 2.2.15.
Do you want me to open a new bug report for the issue I report in comment 24? Or is my assumption that the backported patch is flawed incorrect? Leonard: filed as bug #1182619 CCS has determined that this bug should be described in the RHEL 6.7 Release Notes. Please update the Doc Text field with a summary feature description. (In reply to Stephen Gilson from comment #30) > CCS has determined that this bug should be described in the RHEL 6.7 Release > Notes. Please update the Doc Text field with a summary feature description. Doc Text field is filed for months Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1348.html |