Bug 38044 - Postfix: Allow to disable the use of SSLv3 (Poodle-Bug)
Postfix: Allow to disable the use of SSLv3 (Poodle-Bug)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Mail
UCS 4.0
All Linux
: P5 enhancement (vote)
: UCS 4.0-1-errata
Assigned To: Daniel Tröder
Florian Best
:
Depends on:
Blocks: 38468
  Show dependency treegraph
 
Reported: 2015-03-15 19:53 CET by Lutz Willek
Modified: 2015-05-07 17:44 CEST (History)
6 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments
Patch allowing to disable the use of SSLv3 via ucr (1.33 KB, patch)
2015-03-15 22:18 CET, Lutz Willek
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Lutz Willek 2015-03-15 19:53:01 CET
Hey there,

On October 14th, 2014, a vulnerability called POODLE (Padding Oracle On Downgraded Legacy Encryption) in version 3 of the SSL encryption protocol was disclosed. This vulnerability allows an attacker to read information encrypted with this version of the protocol in plain text using a man-in-the-middle attack.

The POODLE vulnerability affects any services or clients that make it possible to communicate using SSLv3. Because this is a flaw with the protocol design, and not an implementation issue, every piece of software that uses SSLv3 is vulnerable.

--> Postfix SMTP

In case of 'opportunistic SSL' (encryption policy not enforced and plain is acceptable too), there is no need to change anything. Even though it's unnecessary, SSLv3 can be disabled for opportunistic encryption as well. This settings are not recommended:

smtpd_tls_protocols=!SSLv2,!SSLv3
smtp_tls_protocols=!SSLv2,!SSLv3


In case of 'mandatory SSL' add the smtpd_tls_mandatory_protocols setting for inbound connections and smtp_tls_mandatory_protocols for outbound connections and restart Postfix:

smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3

--> UCS (4.0-1 errata113) Situation

All settings are "postfix defaults" and not changeable via ucr yet.
# postconf |egrep 'smtp_tls_mandatory_protocols|smtpd_tls_mandatory_protocols|smtp_tls_protocols|smtpd_tls_protocols'

smtp_tls_mandatory_protocols = !SSLv2
smtp_tls_protocols = !SSLv2
smtpd_tls_mandatory_protocols = !SSLv2
smtpd_tls_protocols =
tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols
tlsproxy_tls_protocols = $smtpd_tls_protocols


It would be useful to allow more configuration options. There's already a UCR template: /etc/univention/templates/files/etc/postfix/main.cf.d/60_tls

I am going to write a patch for this issue. I filled this bugreport as an enhancement only, so feel free to rise the severity level ;)

with best regards

Lutz Willek
Comment 1 Lutz Willek 2015-03-15 22:18:22 CET
Created attachment 6762 [details]
Patch allowing to disable the use of SSLv3 via ucr

Patch allowing to configure  the following postfix variables via ucr:

smtpd_tls_mandatory_protocols
smtpd_tls_protocols
smtp_tls_mandatory_protocols
smtp_tls_protocols

The default config will not be altered by using this patch.
Comment 2 Lutz Willek 2015-03-15 22:19:51 CET
apply and test the patch:
 
root@zarafa:~# apt-get install patch

## create a backup
root@zarafa:~# cp /etc/postfix/main.cf /etc/postfix/main.cf.orig
root@zarafa:~# postconf >postconf.orig
root@zarafa:~# mkdir /etc/univention/templates/files/etc/postfix/main.cf.d_orig
root@zarafa:~# cp -a /etc/univention/templates/files/etc/postfix/main.cf.d/60_tls \
                     /etc/univention/templates/files/etc/postfix/main.cf.d_orig/60_tls

## patch and commit
root@zarafa:~# patch -p0 < postfix_tls_protocols.patch /etc/univention/templates/files/etc/postfix/main.cf.d/60_tls
root@zarafa:~# ucr commit /etc/postfix/main.cf
root@zarafa:~# service postfix restart


## diff to original main.cf and postconf after patching
root@zarafa:~# diff /etc/postfix/main.cf.orig /etc/postfix/main.cf
104a105,106
> smtpd_tls_mandatory_protocols = !SSLv2
> smtpd_tls_protocols = 
120a123,124
> smtp_tls_mandatory_protocols = !SSLv2
> smtp_tls_protocols = !SSLv2

root@zarafa:~# postconf >postconf.diff
root@zarafa:~# diff postconf.orig postconf.diff 
root@zarafa:~# 

^^^patch works like expected, default config is not changed


## set new default variables, commit and test:

ucr set mail/postfix/smtpd/tls/mandatory_protocols='!SSLv2'
ucr set mail/postfix/smtpd/tls/protocols=''
ucr set mail/postfix/tls/client/mandatory_protocols='!SSLv2'
ucr set mail/postfix/tls/client/protocols='!SSLv2'
ucr commit /etc/postfix/main.cf
service postfix restart

root@zarafa:~# diff /etc/postfix/main.cf.orig /etc/postfix/main.cf
104a105,106
> smtpd_tls_mandatory_protocols = !SSLv2
> smtpd_tls_protocols = 
120a123,124
> smtp_tls_mandatory_protocols = !SSLv2
> smtp_tls_protocols = !SSLv2

root@zarafa:~# postconf >postconf.diff
root@zarafa:~# diff postconf.orig postconf.diff 
root@zarafa:~# 

^^^patch works like expected, default config is not changed after variables are set


## precheck if SSLv3 is aviable

root@zarafa:~# openssl s_client -starttls smtp -crlf -ssl3 -connect 127.0.0.1:25
CONNECTED(00000003)
[...snip...]
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 4048 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
    Protocol  : SSLv3
    Cipher    : ECDHE-RSA-AES256-SHA
[...snip...]

^^^ssl3 is aviable

## Disable the use of SSLv3 (testing variables)

ucr set mail/postfix/smtpd/tls/mandatory_protocols='!SSLv2,!SSLv3'
ucr set mail/postfix/smtpd/tls/protocols='!SSLv2,!SSLv3'
ucr set mail/postfix/tls/client/mandatory_protocols='!SSLv2,!SSLv3'
ucr set mail/postfix/tls/client/protocols='!SSLv2,!SSLv3'
ucr commit /etc/postfix/main.cf
service postfix restart

root@zarafa:~# diff /etc/postfix/main.cf.orig /etc/postfix/main.cf
104a105,106
> smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
> smtpd_tls_protocols = !SSLv2,!SSLv3
120a123,124
> smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
> smtp_tls_protocols = !SSLv2,!SSLv3

root@zarafa:~# postconf >postconf.diff
root@zarafa:~# diff postconf.orig postconf.diff 
593c593
< smtp_tls_mandatory_protocols = !SSLv2
---
> smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
597c597
< smtp_tls_protocols = !SSLv2
---
> smtp_tls_protocols = !SSLv2,!SSLv3
689,690c689,690
< smtpd_tls_mandatory_protocols = !SSLv2
< smtpd_tls_protocols =
---
> smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
> smtpd_tls_protocols = !SSLv2,!SSLv3

^^^patch works like expected


## check if patch is working like expected (ie. SSLv3 is disabled now)

root@zarafa:~# openssl s_client -starttls smtp -crlf -ssl3 -connect 127.0.0.1:25
CONNECTED(00000003)
140006034015912:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1260:SSL alert number 40
140006034015912:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598:
...

^^^ssl3 is not aviable (sslv3 alert handshake failure...)
Comment 3 Lutz Willek 2015-03-15 22:44:43 CET
description of the variables


mail/univention-mail-postfix/debian/univention-mail-postfix.univention-config-registry-variables:

[mail/postfix/smtpd/tls/mandatory_protocols]
Description[de]=Liste der TLS-Protokolle, die der Postfix SMTP-Server mit zwingenden TLS-Verschlüsselung verwendet. (Standard ist: !SSLv2) http://www.postfix.org/postconf.5.html#smtpd_tls_mandatory_protocols
Description[en]=The SSL/TLS protocols accepted by the Postfix SMTP server with mandatory TLS encryption. (default: !SSLv2) http://www.postfix.org/postconf.5.html#smtpd_tls_mandatory_protocols
Type=str
Categories=service-mail

[mail/postfix/smtpd/tls/protocols]
Description[de]=Liste der TLS-Protokolle, die der Postfix SMTP-Server mit opportunistischer TLS-Verschlüsselung verwendet. (Standard ist: nicht gesetzt) http://www.postfix.org/postconf.5.html#smtpd_tls_protocols
Description[en]=List of TLS protocols that the Postfix SMTP server will exclude or include with opportunistic TLS encryption. (default: empty) http://www.postfix.org/postconf.5.html#smtpd_tls_protocols
Type=str
Categories=service-mail

[mail/postfix/tls/client/mandatory_protocols]
Description[de]=Liste der TLS-Protokolle, die der Postfix SMTP-Client mit zwingenden TLS-Verschlüsselung verwendet. (Standard ist: !SSLv2) http://www.postfix.org/postconf.5.html#smtp_tls_mandatory_protocols
Description[en]=List of SSL/TLS protocols that the Postfix SMTP client will use with mandatory TLS encryption. (default: !SSLv2) http://www.postfix.org/postconf.5.html#smtp_tls_mandatory_protocols
Type=str
Categories=service-mail

[mail/postfix/tls/client/protocols]
Description[de]=Liste der TLS-Protokolle, die der Postfix SMTP-Client mit opportunistischer TLS-Verschlüsselung verwendet. (Standard ist: !SSLv2) http://www.postfix.org/postconf.5.html#smtp_tls_protocols
Description[en]=List of TLS protocols that the Postfix SMTP client will exclude or include with opportunistic TLS encryption. (default: !SSLv2) http://www.postfix.org/postconf.5.html#smtp_tls_protocols
Type=str
Categories=service-mail



/mail/univention-mail-postfix/debian/univention-mail-postfix.univention-config-registry
...
Type: subfile
Multifile: etc/postfix/main.cf
Subfile: etc/postfix/main.cf.d/60_tls
...
Variables: mail/postfix/smtpd/tls/mandatory_protocols
Variables: mail/postfix/smtpd/tls/protocols
Variables: mail/postfix/tls/client/mandatory_protocols
Variables: mail/postfix/tls/client/protocols
Comment 4 Lutz Willek 2015-03-15 23:08:57 CET
Just as a note: 

To disable SSLv2 and SSLv3 with Postfix, run the following commands:

ucr set mail/postfix/smtpd/tls/mandatory_protocols='!SSLv2,!SSLv3'
ucr set mail/postfix/smtpd/tls/protocols=''
ucr set mail/postfix/tls/client/mandatory_protocols='!SSLv2,!SSLv3'
ucr set mail/postfix/tls/client/protocols='!SSLv2,!SSLv3'

I can not recommend restricting "mail/postfix/smtpd/tls/protocols", ie the Postfix parameter "smtpd_tls_protocols".
Doing so increasing the chance not to be able to agree with other mail servers to any suitable protocol or cipher suite. (In this case data is passed without encryption)


Please review the patch, and, if possible, apply to UCS 4.0-1-errata.

Best regards
Lutz Willek
Comment 5 Florian Best univentionstaff 2015-04-14 17:02:51 CEST
@Daniel, can you review and apply the patch please. If everything is fine you can commit it and build for UCS 4.0-1-errata.
Comment 6 Daniel Tröder univentionstaff 2015-04-16 10:14:45 CEST
Thank you for a perfect patch Lutz Willek.

Adds UCR variables:
* mail/postfix/smtpd/tls/protocols to set smtpd_tls_protocols
* mail/postfix/smtpd/tls/mandatory_protocols to set smtpd_tls_mandatory_protocols
* mail/postfix/tls/client/protocols to set smtp_tls_protocols
* mail/postfix/tls/client/mandatory_protocols to set smtp_tls_mandatory_protocols

SSLv3 will be disabled for fresh Postfix installs (except for receiving mails).

Commit: r59834
Package: mail/univention-mail-postfix
YAML: 2015-04-16-univention-mail-postfix.yaml
Comment 7 Sönke Schwardt-Krummrich univentionstaff 2015-05-06 17:40:35 CEST
(In reply to Daniel Tröder from comment #6)
> Thank you for a perfect patch Lutz Willek.
> 
> Adds UCR variables:
> * mail/postfix/smtpd/tls/protocols to set smtpd_tls_protocols
> * mail/postfix/smtpd/tls/mandatory_protocols to set
> smtpd_tls_mandatory_protocols
> * mail/postfix/tls/client/protocols to set smtp_tls_protocols
> * mail/postfix/tls/client/mandatory_protocols to set
> smtp_tls_mandatory_protocols
> 
> SSLv3 will be disabled for fresh Postfix installs (except for receiving
> mails).
> 
> Commit: r59834
> Package: mail/univention-mail-postfix
> YAML: 2015-04-16-univention-mail-postfix.yaml

During update, the default values will be kept.
Fresh installations will disable SSLv2 and SSLv3 (except for incoming mails in opportunistic TLS mode).

Please do not abbreviate the UCR variables within the YAML file; add all 4 variable names
→ REOPEN

Please add <..> arround the hyperlinks <http://...> within UCR variable description.

OK: code change
OK: functional test (update / fresh install)
REOPEN: UCR variable description
REOPEN: YAML
Comment 8 Daniel Tröder univentionstaff 2015-05-07 11:41:54 CEST
fixed UCR variable description in r60508
fixed YAML in r60512
Comment 9 Florian Best univentionstaff 2015-05-07 12:28:15 CEST
(In reply to Daniel Tröder from comment #8)
> fixed UCR variable description in r60508
OK
> fixed YAML in r60512
OK

REOPEN: please fix the bug number in debian/changelog.
Comment 10 Daniel Tröder univentionstaff 2015-05-07 12:40:13 CEST
Done in 60519.
Comment 11 Florian Best univentionstaff 2015-05-07 12:40:48 CEST
(In reply to Daniel Tröder from comment #10)
> Done in 60519.
OK
Comment 12 Janek Walkenhorst univentionstaff 2015-05-07 17:44:34 CEST
<http://errata.univention.de/ucs/4.0/183.html>