Unable to disable TLSv1.3 or fallback to TLSv1.2 when 1 cipher is disabled
I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers.
Much to my dismay, the ssl_protocols had been renamed and
re-functionalized into ssl_min_protocol.
Now, there is no way to exclude a specific group of one or more TLS versions.
For a new bug report, I think we need two new settings:
ssl_tls13_ciphersuiteandssl_tls10_cipher
settings introduced into Dovecot for better granularity.
ALong with support for fallback to TLSv1.2 as outlined in https://bugzilla.mozilla.org/show_bug.cgi?id=1250568
I'm still being hammered with the following error with Thunderbird 76.0b3, Dovecot 2.3.4.1-5+deb10u1, Debian 11:
May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x10, ret=1:
before SSL initialization
May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001,
ret=1: before SSL initialization
May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002,
ret=-1: before SSL initialization
May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001,
ret=1: before SSL initialization
May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL alert: where=0x4008,
ret=582: fatal protocol version
May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002,
ret=-1: error
May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept()
failed: error:14209102:SSL
routines:tls_early_post_process_client_hello:unsupported protocol
May 8 11:15:47 ns1 dovecot: imap-login: Disconnected (disconnected
before auth was ready, waited 0 secs): user=<>, rip=XX.XX.XX.XX,
lip=XX.XX.XX.XX, TLS handshaking: SSL_accept() failed:
error:14209102:SSL
routines:tls_early_post_process_client_hello:unsupported protocol,
session=
This occurred when specifying one TLSv1.3 cipher to be excluded in ssl_cipher via an exclamation mark.
On a side note of IMAP client, Latest Mozilla Thunderbird had its pref setting security.tls.version.fallback-limit to 4 (TLSv1.3), of which I have adjusted it to 3 (TLSv1.2) and it .... works when Dovecot is set to TLSv1.2.
(Details of Thunderbird security.tls.version.fallback-limit is given in http://kb.mozillazine.org/Security.tls.version.* )
Steve
On 08 May 2020, at 09:43, Steve Egbert s.egbert@sbcglobal.net wrote:
I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers.
There is no need to disable TLSv1.3 and attempts to do so will be flagged as “downgrade attacks”.
Much to my dismay, the
ssl_protocolshad been renamed and re-functionalized intossl_min_protocol.Now, there is no way to exclude a specific group of one or more TLS versions.
There is no way to disable a more secure protocol, that is correct. This is how it should be and I am sure this decision was intentional to prevent many many different attack vectors.
I'm still being hammered with the following error with Thunderbird 76.0b3, Dovecot 2.3.4.1-5+deb10u1, Debian 11:
May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL alert: where=0x4008, ret=582: fatal protocol version May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol May 8 11:15:47 ns1 dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=XX.XX.XX.XX, lip=XX.XX.XX.XX, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol, session=
May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept() syscall failed: Invalid argument
Thunderbird 76 works fine with dovecot 2.3.10 (I just checked). Not sure what you did to your config or if this was something fixed since 2.3.4
This occurred when specifying one TLSv1.3 cipher to be excluded in ssl_cipher via an exclamation mark.
If you disable a cipher that causes Tbird to drop from TLSv1.3 to TLSv1.2 this will probably be seen as a downgrade attack. What cipher are you disabling and why?
On a side note of IMAP client, Latest Mozilla Thunderbird had its pref setting security.tls.version.fallback-limit to 4 (TLSv1.3), of which I have adjusted it to 3 (TLSv1.2) and it .... works when Dovecot is set to TLSv1.2.
AFAIK you cannot force TLSv1.2 when you have TLSv1.3 available.
-- I WILL NOT EXPOSE THE IGNORANCE OF THE FACULTY Bart chalkboard Ep. 8F15
I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers.
There is no need to disable TLSv1.3 and attempts to do so will be flagged as “downgrade attacks”.
Let us ignore TLSv1.2 as a downgrade option. And focus on TLSv1.3 for its entirety of this thread.
If the ciphersuite (not cipher for that's a TLSv1.2 term), but a ciphersuite for TLSv1.3.... needs to have its set of ciphers:
- Reordered, or
- disabled
We cannot do it at the moment given this snapshot of Dovecot.
participants (3)
-
@lbutlr
-
Aki Tuomi
-
Steve Egbert