Unable to disable TLSv1.3 or fallback to TLSv1.2 when 1 cipher is disabled
@lbutlr
kremels at kreme.com
Sat May 9 10:48:29 EEST 2020
On 08 May 2020, at 09:43, Steve Egbert <s.egbert at sbcglobal.net> wrote:
> I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers.
There is no need to disable TLSv1.3 and attempts to do so will be flagged as “downgrade attacks”.
> Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`.
>
> Now, there is no way to exclude a specific group of one or more TLS versions.
There is no way to disable a more secure protocol, that is correct. This is how it should be and I am sure this decision was intentional to prevent many many different attack vectors.
> I'm still being hammered with the following error with Thunderbird 76.0b3, Dovecot 2.3.4.1-5+deb10u1, Debian 11:
>
> May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization
> May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
> May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
> May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
> May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL alert: where=0x4008, ret=582: fatal protocol version
> May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error
> May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
> May 8 11:15:47 ns1 dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=XX.XX.XX.XX, lip=XX.XX.XX.XX, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol, session=<GN/GeCSlYuhEhl2U>
> May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept() syscall failed: Invalid argument
Thunderbird 76 works fine with dovecot 2.3.10 (I just checked). Not sure what you did to your config or if this was something fixed since 2.3.4
> This occurred when specifying one TLSv1.3 cipher to be excluded in ssl_cipher via an exclamation mark.
If you disable a cipher that causes Tbird to drop from TLSv1.3 to TLSv1.2 this will probably be seen as a downgrade attack. What cipher are you disabling and why?
> On a side note of IMAP client, Latest Mozilla Thunderbird had its pref setting security.tls.version.fallback-limit to 4 (TLSv1.3), of which I have adjusted it to 3 (TLSv1.2) and it .... works when Dovecot is set to TLSv1.2.
AFAIK you cannot force TLSv1.2 when you have TLSv1.3 available.
--
I WILL NOT EXPOSE THE IGNORANCE OF THE FACULTY Bart chalkboard Ep.
8F15
More information about the dovecot
mailing list