dovecot TSL 1.3 config option 'ssl_ciphersuites' causes fatal error on launch. not supported, bad config, or bug?

PGNet Dev pgnet.dev at gmail.com
Thu Sep 24 05:24:37 EEST 2020 

I've installed

	grep PRETTY /etc/os-release
		PRETTY_NAME="Fedora 32 (Server Edition)"
	dovecot --version
		2.3.10.1 (a3d0e1171)
	openssl version
		OpenSSL 1.1.1g FIPS  21 Apr 2020

iiuc, Dovecot has apparently had support for setting TLS 1.3 ciphersuites since v2.3.9, per this commit

	lib-ssl-iostream: Support TLSv1.3 ciphersuites
	 https://github.com/dovecot/core/commit/8f6f04eb21276f28b81695dd0d3df57c7b8f43e4

checking openssl

	rpm -ql openssl-devel-1.1.1g-1.fc32.x86_64 | grep -i ciphersuites
		/usr/share/man/man3/SSL_CTX_set_ciphersuites.3ssl.gz
		/usr/share/man/man3/SSL_set_ciphersuites.3ssl.gz

	man SSL_set_ciphersuites
		...
		SSL_set_cipher_list() sets the list of ciphers (TLSv1.2 and below) only for ssl.

		SSL_CTX_set_ciphersuites() is used to configure the available TLSv1.3 ciphersuites for ctx. This is a simple colon
		(":") separated list of TLSv1.3 ciphersuite names in order of preference. Valid TLSv1.3 ciphersuite names are:

		TLS_AES_128_GCM_SHA256
		TLS_AES_256_GCM_SHA384
		TLS_CHACHA20_POLY1305_SHA256
		TLS_AES_128_CCM_SHA256
		TLS_AES_128_CCM_8_SHA256

		An empty list is permissible. The default value for the this setting is:

		"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"

		SSL_set_ciphersuites() is the same as SSL_CTX_set_ciphersuites() except it configures the ciphersuites for ssl.
		...

checkin in dovecot tag 2.3.10.1's src,

	m4/ssl.m4 (m4)
		...
		AC_CHECK_LIB(ssl, SSL_CTX_set_ciphersuites, [
		AC_DEFINE(HAVE_SSL_CTX_SET_CIPHERSUITES,, [Build with SSL_CTX_set_ciphersuites() support])
		],, $SSL_LIBS)
		...

and,

	src/lib-ssl-iostream/iostream-openssl.c

		...
		#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
				if (set->ciphersuites != NULL &&
				strcmp(ctx_set->ciphersuites, set->ciphersuites) != 0) {
				if (SSL_set_ciphersuitesl(ssl_io->ssl, set->ciphersuites) == 0) {
					*error_r = t_strdup_printf(
						"Can't set ciphersuites to '%s': %s",
						set->ciphersuites, openssl_iostream_error());
					return -1;
				}
			}
		#endif
		...

suggests that ciphersuite support exists.

bug, checking in

	./src/lib-master/master-service-ssl.c

		...
		void master_service_ssl_ctx_init(struct master_service *service)
		{
			const struct master_service_ssl_settings *set;
			struct ssl_iostream_settings ssl_set;
			const char *error;

			if (service->ssl_ctx_initialized)
				return;
			service->ssl_ctx_initialized = TRUE;

			/* must be called after master_service_init_finish() so that if
			initialization fails we can close the SSL listeners */
			i_assert(service->listeners != NULL || service->socket_count == 0);

			set = master_service_ssl_settings_get(service);
			if (strcmp(set->ssl, "no") == 0) {
				/* SSL disabled, don't use it */
				return;
			}

			i_zero(&ssl_set);
			ssl_set.min_protocol = set->ssl_min_protocol;
			ssl_set.cipher_list = set->ssl_cipher_list;
			ssl_set.curve_list = set->ssl_curve_list;
			ssl_set.ca = set->ssl_ca;
		...

there's only mention of

	set->ssl_cipher_list

, not

	set->ssl_ciphersuites

or equivalent, afaict.


if in dovecot's 10-ssl.conf I set

	ssl_cipher_list = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256
+	ssl_ciphersuites = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256


on restart

	journalctl -f -u dovecot
		-- Logs begin at Sun 2020-09-20 14:30:30 PDT. --
		Sep 23 18:28:42 mx.example.com dovecot[4269]: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 92: Unknown setting: ssl_ciphersuites

_is_ setting TLS 1.3

	ssl_ciphersuites =

in fact currently supported, and usage is wrong here^?

More information about the dovecot mailing list