Unable to disable TLSv1.3 or fallback to TLSv1.2 when 1 cipher is disabled
I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers.
Much to my dismay, the ssl_protocols had been renamed and
re-functionalized into ssl_min_protocol.
Now, there is no way to exclude a specific group of one or more TLS versions.
For a new bug report, I think we need two new settings:
ssl_tls13_ciphersuiteandssl_tls10_cipher
settings introduced into Dovecot for better granularity.
ALong with support for fallback to TLSv1.2 as outlined in https://bugzilla.mozilla.org/show_bug.cgi?id=1250568
I'm still being hammered with the following error with Thunderbird 76.0b3, Dovecot 2.3.4.1-5+deb10u1, Debian 11:
May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x10, ret=1:
before SSL initialization
May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001,
ret=1: before SSL initialization
May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002,
ret=-1: before SSL initialization
May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001,
ret=1: before SSL initialization
May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL alert: where=0x4008,
ret=582: fatal protocol version
May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002,
ret=-1: error
May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept()
failed: error:14209102:SSL
routines:tls_early_post_process_client_hello:unsupported protocol
May 8 11:15:47 ns1 dovecot: imap-login: Disconnected (disconnected
before auth was ready, waited 0 secs): user=<>, rip=XX.XX.XX.XX,
lip=XX.XX.XX.XX, TLS handshaking: SSL_accept() failed:
error:14209102:SSL
routines:tls_early_post_process_client_hello:unsupported protocol,
session=
This occurred when specifying one TLSv1.3 cipher to be excluded in ssl_cipher via an exclamation mark.
On a side note of IMAP client, Latest Mozilla Thunderbird had its pref setting security.tls.version.fallback-limit to 4 (TLSv1.3), of which I have adjusted it to 3 (TLSv1.2) and it .... works when Dovecot is set to TLSv1.2.
(Details of Thunderbird security.tls.version.fallback-limit is given in http://kb.mozillazine.org/Security.tls.version.* )
Steve
Also, more testimony to the same problem (by others) is posted over at ServerFault (StackOverflow):
https://serverfault.com/questions/975871/forcing-dovecot-2-3-4-1-to-use-tlsv...
On 5/8/20 11:50 AM, Steve Egbert wrote:
I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers.
Much to my dismay, the
ssl_protocolshad been renamed and re-functionalized intossl_min_protocol.Now, there is no way to exclude a specific group of one or more TLS versions.
For a new bug report, I think we need two new settings:
ssl_tls13_ciphersuiteandssl_tls10_ciphersettings introduced into Dovecot for better granularity.
ALong with support for fallback to TLSv1.2 as outlined in https://bugzilla.mozilla.org/show_bug.cgi?id=1250568
I'm still being hammered with the following error with Thunderbird 76.0b3, Dovecot 2.3.4.1-5+deb10u1, Debian 11:
May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL alert: where=0x4008, ret=582: fatal protocol version May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol May 8 11:15:47 ns1 dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=XX.XX.XX.XX, lip=XX.XX.XX.XX, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol, session=
May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept() syscall failed: Invalid argument This occurred when specifying one TLSv1.3 cipher to be excluded in ssl_cipher via an exclamation mark.
On a side note of IMAP client, Latest Mozilla Thunderbird had its pref setting security.tls.version.fallback-limit to 4 (TLSv1.3), of which I have adjusted it to 3 (TLSv1.2) and it .... works when Dovecot is set to TLSv1.2.
(Details of Thunderbird security.tls.version.fallback-limit is given in http://kb.mozillazine.org/Security.tls.version.* )
Steve
I cannot even reorder the server-side TLSv1.3 such that CHACHA20 has first-order before AES.
On 09/05/2020 01:10 Steve Egbert s.egbert@sbcglobal.net wrote:
I cannot even reorder the server-side TLSv1.3 such that CHACHA20 has first-order before AES.
Hi!
TLSv1.3 has cipher suites, which is different from cipher list. This problem is known to us and we are looking to solve this, but I cannot promise any particular date for it.
Aki
participants (2)
-
Aki Tuomi
-
Steve Egbert