Univention Bugzilla – Bug 40810
Disable SSLv2 and SSLv3 in Cyrus IMAPD (3.2)
Last modified: 2016-09-27 12:34:52 CEST
Cyrus still supports SSLv3 and even SSLv2 in our default configuration: > tls_cipher_list: TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH This makes UCS 3.2 (and older) vulnerable to the DROWN attack: https://drownattack.com/ UCS 4.0 and 4.1 don't offer SSLv2 anymore, but still SSLv3, which is also considered "not sufficiently secure" -> https://datatracker.ietf.org/doc/rfc7568/
Created attachment 7508 [details] Untested patch - new defaults are from Debian Jessie
The patch misses cipher suites for TLS 1.2. Those should be added for UCS 4.x. Cyrus 2.4 also knows an option to enable/disable TLS/SSL protocols, not only cipher suites: > tls_versions: tls1_0 tls1_1 tls1_2
Just to clarify: UCS 4.x does not offer SSLv2 anymore because of the newer OpenSSL version. The cipher settings in the cyrus configuration are the same for UCS 3.x and UCS 4.x
See also Bug 40189 Comment #2 and the attached mitigation patch for CVE-2016-0800
SSLv3 cannot be disabled in Cyrus without disabling TLSv1. But from what I have read, there are still no PoC for POODLE with IMAPS, only with HTTPS. So despite the title and the commit message, this patch actually only disables SSLv2. A test 09_imap_ssl_versions was added to ucs-test-mail, which checks for en/disabled ciphers, depending on the UCRV. Test: r67894 Code: r67895 Advisory: r67896
The test 09_imap_ssl_versions fails on my 3.2-8 system. Despite mail/cyrus/ssl/cipher_list='TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH' ssl2 does not work more /etc/imapd/imapd.conf | grep cipher tls_cipher_list: TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH -> echo "A LOGOUT" | openssl s_client -connect master.three.two:993 -CAfile /etc/univention/ssl/ucsCA/CAcert.pem -quiet -ssl2 8426:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:427: -> echo "A LOGOUT" | openssl s_client -connect master.three.two:993 -CAfile /etc/univention/ssl/ucsCA/CAcert.pem -quiet -ssl3 depth=1 /C=DE/ST=DE/L=DE/O=hom/OU=Univention Corporate Server/CN=Univention Corporate Server Root CA (ID=3he3gbCe)/emailAddress=ssl@three.two verify return:1 depth=0 /C=DE/ST=DE/L=DE/O=hom/OU=Univention Corporate Server/CN=master.three.two/emailAddress=ssl@three.two verify return:1 * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=PLAIN SASL-IR] master Cyrus IMAP v2.4.9-Debian-2.4.9-1.27.201308091604 server ready * BYE LOGOUT received A OK Completed read:errno=0
09_imap_ssl_versions was adapted to the disabling of SSLv2 in errata410. ucs-test 4.0.215-14 was build in ucs_3.2-0-errata3.2-8
PS: r68841 (also not testing for tls3 anymore :D
OK - default changed to TLSv1+HIGH:!aNULL:@STRENGTH OK - mail/cyrus/ssl/cipher_list OK - 09_imap_ssl_versions OK - univention-mail-cyrus.yaml
<http://errata.software-univention.de/ucs/3.2/423.html>