[Dovecot] dovecot and PFS
Hi
Is there known advices on how to favor PFS with dovecot?
In Apache, I use the following directives, with cause all modern browsers to adopt 256 bit PFS ciphers, while keeping backward compatibility with older browsers and avoiding BEAST attack: SSLProtocol all -SSLv2 SSLHonorCipherOrder On SSLCipherSuite ECDHE@STRENGTH:ECDH@STRENGTH:DH@STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10 -SHA1:RC4:!MD5:!DES:!aNULL:!eNULL
dovecot does not care about BEAST, since attacker cannot inject trafic. Therefore the cipher list get simplier in dovecot.conf: ssl_cipher_list = ECDHE@STRENGTH:ECDH@STRENGTH:DH@STRENGTH:HIGH:!MD5:!DES:!aNULL :!eNULL
But that list is good for browsers. I am not aware of documentation about what ciphers are advertised by various mail client. How can I know if that setting has some success pushing PFS? How can I discover which clients fail to negociate PFS ciphers?
-- Emmanuel Dreyfus manu@netbsd.org
Am 10.09.2013 09:54, schrieb Emmanuel Dreyfus:
Hi
Is there known advices on how to favor PFS with dovecot?
In Apache, I use the following directives, with cause all modern browsers to adopt 256 bit PFS ciphers, while keeping backward compatibility with older browsers and avoiding BEAST attack: SSLProtocol all -SSLv2 SSLHonorCipherOrder On SSLCipherSuite ECDHE@STRENGTH:ECDH@STRENGTH:DH@STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10 -SHA1:RC4:!MD5:!DES:!aNULL:!eNULL
dovecot does not care about BEAST, since attacker cannot inject trafic. Therefore the cipher list get simplier in dovecot.conf: ssl_cipher_list = ECDHE@STRENGTH:ECDH@STRENGTH:DH@STRENGTH:HIGH:!MD5:!DES:!aNULL :!eNULL
But that list is good for browsers. I am not aware of documentation about what ciphers are advertised by various mail client. How can I know if that setting has some success pushing PFS? How can I discover which clients fail to negociate PFS ciphers?
to my last tests if you want to stay compatible to most clients use the defaults, if do changes it might fail with old clients, however change might be acceptable with i.e company only mail systems with using only a few known clients.
sorry only german
http://sys4.de/de/blog/2013/08/15/dovecot-tls-perfect-forward-secrecy/
some advice for apple mail
http://www.kuketz-blog.de/perfect-forward-secrecy-mit-apple-mail/
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Hi Emmanuel! Am 10.09.2013 09:54, schrieb Emmanuel Dreyfus:
Hi
Is there known advices on how to favor PFS with dovecot?
In Apache, I use the following directives, with cause all modern browsers to adopt 256 bit PFS ciphers, while keeping backward compatibility with older browsers and avoiding BEAST attack: SSLProtocol all -SSLv2 SSLHonorCipherOrder On
"SSLHonorCipherOrder" is not yet supported in dovecot. I use the following hack/patch: --- src/login-common/ssl-proxy-openssl.c.orig 2013-08-05 18:08:13.000000000 +0200 +++ src/login-common/ssl-proxy-openssl.c 2013-09-09 18:20:05.184890563 +0200 @@ -1276,6 +1276,7 @@ ssl_server_context_init(const struct log ctx->cipher_list, ssl_last_error()); } SSL_CTX_set_options(ssl_ctx, openssl_get_protocol_options(ctx->protocols)); + SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); if (ssl_proxy_ctx_use_certificate_chain(ctx->ctx, ctx->cert) != 1) { i_fatal("Can't load ssl_cert: %s",
SSLCipherSuite ECDHE@STRENGTH:ECDH@STRENGTH:DH@STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10 -SHA1:RC4:!MD5:!DES:!aNULL:!eNULL
dovecot does not care about BEAST, since attacker cannot inject trafic. Therefore the cipher list get simplier in dovecot.conf: ssl_cipher_list = ECDHE@STRENGTH:ECDH@STRENGTH:DH@STRENGTH:HIGH:!MD5:!DES:!aNULL :!eNULL
But that list is good for browsers. I am not aware of documentation about what ciphers are advertised by various mail client. How can I know if that setting has some success pushing PFS? How can I discover which clients fail to negociate PFS ciphers?
I have in my dovecot.conf: login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c %k The "%k" writes the negotiated cipher into the log, see also http://wiki2.dovecot.org/Variables Regards, Frank -- Frank Behrens Osterwieck, Germany
Am 11.09.2013 19:10, schrieb Frank Behrens:
Hi Emmanuel!
Am 10.09.2013 09:54, schrieb Emmanuel Dreyfus:
Hi
Is there known advices on how to favor PFS with dovecot?
In Apache, I use the following directives, with cause all modern browsers to adopt 256 bit PFS ciphers, while keeping backward compatibility with older browsers and avoiding BEAST attack: SSLProtocol all -SSLv2 SSLHonorCipherOrder On
"SSLHonorCipherOrder" is not yet supported in dovecot. I use the following hack/patch:
--- src/login-common/ssl-proxy-openssl.c.orig 2013-08-05 18:08:13.000000000 +0200 +++ src/login-common/ssl-proxy-openssl.c 2013-09-09 18:20:05.184890563 +0200 @@ -1276,6 +1276,7 @@ ssl_server_context_init(const struct log ctx->cipher_list, ssl_last_error()); } SSL_CTX_set_options(ssl_ctx, openssl_get_protocol_options(ctx->protocols)); + SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
if (ssl_proxy_ctx_use_certificate_chain(ctx->ctx, ctx->cert) != 1) { i_fatal("Can't load ssl_cert: %s",
that looks interesting, whats Timos meaning to that patch ?
SSLCipherSuite ECDHE@STRENGTH:ECDH@STRENGTH:DH@STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10 -SHA1:RC4:!MD5:!DES:!aNULL:!eNULL
dovecot does not care about BEAST, since attacker cannot inject trafic. Therefore the cipher list get simplier in dovecot.conf: ssl_cipher_list = ECDHE@STRENGTH:ECDH@STRENGTH:DH@STRENGTH:HIGH:!MD5:!DES:!aNULL :!eNULL
But that list is good for browsers. I am not aware of documentation about what ciphers are advertised by various mail client. How can I know if that setting has some success pushing PFS? How can I discover which clients fail to negociate PFS ciphers?
I have in my dovecot.conf: login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c %k The "%k" writes the negotiated cipher into the log, see also http://wiki2.dovecot.org/Variables
Regards, Frank
Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
On 11.9.2013, at 20.10, Frank Behrens <frank@pinky.sax.de> wrote:
Hi Emmanuel!
Am 10.09.2013 09:54, schrieb Emmanuel Dreyfus:
Hi
Is there known advices on how to favor PFS with dovecot?
In Apache, I use the following directives, with cause all modern browsers to adopt 256 bit PFS ciphers, while keeping backward compatibility with older browsers and avoiding BEAST attack: SSLProtocol all -SSLv2 SSLHonorCipherOrder On
"SSLHonorCipherOrder" is not yet supported in dovecot. I use the following hack/patch:
Added: http://hg.dovecot.org/dovecot-2.2/rev/897484f45a87
(Setting name copied from nginx.)
participants (4)
-
Emmanuel Dreyfus
-
Frank Behrens
-
Robert Schetterer
-
Timo Sirainen