Bug 1153041 - RFE: backport method to disable SSLv3 or disable SSv3 permanently
Summary: RFE: backport method to disable SSLv3 or disable SSv3 permanently
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: dovecot
Version: 6.6
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: rc
: ---
Assignee: Michal Hlavinka
QA Contact: Frantisek Sumsal
Tomas Capek
URL:
Whiteboard:
: 1154504 (view as bug list)
Depends On: 1153027
Blocks: 1159926 1174158
TreeView+ depends on / blocked
 
Reported: 2014-10-15 13:18 UTC by Jens Kuehnel
Modified: 2019-07-11 08:16 UTC (History)
28 users (show)

Fixed In Version: dovecot-2.0.9-11.el6
Doc Type: Release Note
Doc Text:
Allowed SSL protocols configurable in *dovecot* With this update, it is possible to configure which Secure Sockets Layer (SSL) protocols dovecot allows. For example, users can disable SSLv3 connections and thus mitigate the impact of the POODLE vulnerability. Due to security concerns, SSLv2 and SSLv3 are now also disabled by default, and they have to be allowed manually if the user needs them.
Clone Of: 1153027
: 1174158 1182619 (view as bug list)
Environment:
Last Closed: 2015-07-22 06:57:37 UTC


Attachments (Terms of Use)
backported patch (5.20 KB, patch)
2014-10-20 06:24 UTC, Michal Hlavinka
no flags Details | Diff
backported patch v2 (5.65 KB, patch)
2014-10-20 06:45 UTC, Michal Hlavinka
no flags Details | Diff
Fixed dovecot-2.0.9-sslprot.patch (UNTESTED) (6.27 KB, patch)
2015-01-05 23:12 UTC, Leonard den Ottolander
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:1348 normal SHIPPED_LIVE dovecot bug fix and enhancement update 2015-07-20 17:59:48 UTC

Description Jens Kuehnel 2014-10-15 13:18:28 UTC
+++ This bug was initially created as a clone of Bug #1153027 +++

Description of problem:

Dovecot 2.0.9 does not seem to have a way to configure which SSL protocols are allowed and allows the SSLv3 protocol. Newer versions seem to have a configuration parameter to configure this.

Please backport the features to configure the SSL protocols and ciphers that the server allows. This will allow sysadmins to mitigate CVE-2014-3566.
Or disable SSL3 permanent and completely.

Version-Release number of selected component (if applicable):
dovecot 2.0.9 as shipped with RHEL6.6

How reproducible:
Always

Steps to Reproduce:
1. Enable SSL on dovecot
2. Try to connect using SSLv3
3.

Actual results:
SSLv3 is allowed

Expected results:
Method to disable SSLv3 connections and only allow TLSv1+ connections.

Additional info:

Comment 2 Robert Scheck 2014-10-15 22:17:19 UTC
Patch: http://www.mail-archive.com/dovecot@dovecot.org/msg59945.html

Comment 3 Jens Kuehnel 2014-10-17 07:49:05 UTC
Patched rpms are available at:
https://fh.kuehnel.org/doevcot-ssl3/

Tested with:
openssl s_client -ssl3 -connect localhost:imaps

returns without connect.

Comment 4 Jens Kuehnel 2014-10-17 08:03:35 UTC
(In reply to Jens Kuehnel from comment #3)
This is using the Patch from Comment 2 and disables SSL3 permanently.

Comment 5 Tobias Fiebig 2014-10-18 22:49:17 UTC
This would be really appreciated.
Currently any attempts to use sth. along the lines of:

ssl_cipher_list = ... :!SSLv3:... results in no crypto at all, neither on 993 or with start_tls.

Comment 6 Tobias Fiebig 2014-10-18 23:40:53 UTC
Ok... to late in the evening. Apparently this was rather related to #1153052.
Using the patched version from fedora-testing and ssl_cipher_list = ...:!SSLv2:!SSLv3:... everything is fine now.

openssl s_client -connect $host:993 -ssl2 and
openssl s_client -connect $host:993 -ssl3

Both result in:
openssl s_client -connect $host:993 -ssl3
CONNECTED(00000003)
140380299679616:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1257:SSL alert number 40
140380299679616:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:

and

openssl s_client -connect $host:993 -ssl2
CONNECTED(00000003)
write:errno=104

Both using an unpatched 2.0.9

Comment 7 Tobias Fiebig 2014-10-19 00:45:30 UTC
One more comment... while the aforementioned effectively kills sslv2/3 even for unpatched dovecots, it does so by just not offering any cyphersuites except those used for TLS1.2, hence TLS1.0-only clients will run into issues.

Comment 8 Peter Ajamian 2014-10-20 05:00:05 UTC
I'd much rather see the ssl_protocols setting backported from dovecot 2.1.  I wonder how cleanly this patch will apply to 2.0:
http://hg.dovecot.org/dovecot-2.1/rev/406a1d52390b

Comment 9 Michal Hlavinka 2014-10-20 06:24:26 UTC
Created attachment 948408 [details]
backported patch

This patch adds ssl_protocols configuration option

Comment 10 Michal Hlavinka 2014-10-20 06:45:39 UTC
Created attachment 948410 [details]
backported patch v2

Comment 11 Peter Ajamian 2014-10-20 06:57:45 UTC
Thought something looked a bit wrong with that first patch, it might be a better match for RHEL 5.11 dovecot, though.

One suggestion would be to change the default on the setting from the current "!SSLv2" to "!SSLv2 !SSLv3" in light of POODLE, but it's just a suggestion, either way this patch gives the user the choice to enable or disable SSLv3 which is the right way to go, imo.

Comment 12 Michal Hlavinka 2014-10-20 07:05:14 UTC
*** Bug 1154504 has been marked as a duplicate of this bug. ***

Comment 13 Jens Kuehnel 2014-10-20 12:35:49 UTC
I replaced the old patch with the backported patch v2 (948410) and recreated the rpms. I changed the patch to add "!SSLv3" to the default settings.

Available again at: https://fh.kuehnel.org/doevcot-ssl3/

Comment 14 Peter Bieringer 2014-10-21 20:21:47 UTC
(In reply to Peter Ajamian from comment #11)
> Thought something looked a bit wrong with that first patch, it might be a
> better match for RHEL 5.11 dovecot, though.

This bug is for RHEL6, is there already a related bug filed against RHEL 5 (perhaps #1153027, but access is prohibited for me).

And regarding to commont #13, if one can provide also i386 RPMs for RHEL 5, I can run tests.

Comment 15 Jens Kuehnel 2014-10-22 06:46:58 UTC
(In reply to Peter Bieringer from comment #14)

> This bug is for RHEL6, is there already a related bug filed against RHEL 5
> (perhaps #1153027, but access is prohibited for me).
Yes, 1153027 is the same thing for RHEL5. That is opened by some else, therefor I can't give you access.

> And regarding to commont #13, if one can provide also i386 RPMs for RHEL 5,
> I can run tests.
For RHEL5 I only have build using the "permanent disable SSLv3" patch, a rebuild for 32bit is now available.

Comment 16 Peter Bieringer 2014-10-22 19:59:58 UTC
(In reply to Jens Kuehnel from comment #15)
> (In reply to Peter Bieringer from comment #14)
> 
> > This bug is for RHEL6, is there already a related bug filed against RHEL 5
> > (perhaps #1153027, but access is prohibited for me).
> Yes, 1153027 is the same thing for RHEL5. That is opened by some else,
> therefor I can't give you access.

Working.

> > And regarding to commont #13, if one can provide also i386 RPMs for RHEL 5,
> > I can run tests.
> For RHEL5 I only have build using the "permanent disable SSLv3" patch, a
> rebuild for 32bit is now available.

I've installed now
https://fh.kuehnel.org/doevcot-ssl3/dovecot-1.0.7-8.el5.centos.1.0.0.0.1.i386.rpm

Result:

$ openssl s_client -connect localhost:993 -ssl3
CONNECTED(00000003)
18032:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1092:SSL alert number 40
18032:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:536:

=> good

-tls1 results in proper connect

Thank you for providing the intermediate RPM, let's see whether for RHEL5 a proper release would be created by Red Hat - for the meantime one with access to the koji build system (e.g. me ...) can create RPMS for all arch after extending the changelog in the spec file - also it can be discussed whether the patch from #1153027 should be used for such a build instead of the permanent SSLv3 disabling patch.

Comment 18 Leonard den Ottolander 2014-12-10 00:24:48 UTC
The dovecot-2.0.9-ssl_protocols.patch seems to work as intended.

Could it be possible to extend it to also make it possible to explicitly disable TLSv1, TSLv1.1 and TLSv1.2? Compare src/lib-ssl-iostream/iostream-openssl-common.c in 2.2.15.

Why is this bug flagged NEEDINFO?

Comment 21 Michal Hlavinka 2014-12-12 10:51:54 UTC
(In reply to Leonard den Ottolander from comment #18)
> The dovecot-2.0.9-ssl_protocols.patch seems to work as intended.
> 
> Could it be possible to extend it to also make it possible to explicitly
> disable TLSv1, TSLv1.1 and TLSv1.2? 

your wish will be granted

Comment 24 Leonard den Ottolander 2015-01-05 22:15:16 UTC
Thanks for honouring my request.

However, there seems to be in a issue with the dovecot-2.0.9-sslprot.patch released with 2.0.9-8.el6_6.4.

DOVECOT_SSL_PROTO_ALL is defined as 0x07 which was correct when only SSLv2 (0x01), SSLv3 (0x02) and TLSv1 (0x04) were defined. However after adding TLSv1_1 (0x08) and TLSv1_2 (0x10) DOVECOT_SSL_PROTO_ALL should now be 0x1f not 0x07.

Do you want me to open a new bug report or can we handle this issue here?

Comment 25 Leonard den Ottolander 2015-01-05 22:45:35 UTC
Also the last lines from openssl_get_protocol_options() from 2.2.15's src/lib-ssl-iostream/iostream-openssl-common.c where the options are set based on the excluded protocols
... op |= SSL_OP_NO_TLSv1_1;
and 
...TLSv1_2 
seemed to have not been merged into ssl_proxy_ctx_set_protocols() in this patch which iiuc will make it impossible to disable (exclude) TLSv1_1 and TLSv1_2.

Essentially you should more or less backport the entire openssl_get_protocol_options() from 2.2.15 to ssl_proxy_ctx_set_protocols().

Comment 26 Leonard den Ottolander 2015-01-05 23:12:43 UTC
Created attachment 976640 [details]
Fixed dovecot-2.0.9-sslprot.patch (UNTESTED)

Set DOVECOT_SSL_PROTO_ALL to 0x1f.
Added exclude logic for TLSv1_1 and TLSv1_2.

Patch is untested but seems in accordance with upstream 2.2.15.

Comment 27 Leonard den Ottolander 2015-01-15 13:15:07 UTC
Do you want me to open a new bug report for the issue I report in comment 24?

Or is my assumption that the backported patch is flawed incorrect?

Comment 28 Michal Hlavinka 2015-01-15 15:38:29 UTC
Leonard:
filed as bug #1182619

Comment 30 Stephen Gilson 2015-04-02 16:55:04 UTC
CCS has determined that this bug should be described in the RHEL 6.7 Release Notes. Please update the Doc Text field with a summary feature description.

Comment 32 Michal Hlavinka 2015-04-13 11:15:21 UTC
(In reply to Stephen Gilson from comment #30)
> CCS has determined that this bug should be described in the RHEL 6.7 Release
> Notes. Please update the Doc Text field with a summary feature description.

Doc Text field is filed for months

Comment 33 errata-xmlrpc 2015-07-22 06:57:37 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1348.html


Note You need to log in before you can comment on or make changes to this bug.