New FREAK SSL Attack CVE-2015-0204
Hello, about the CVE-2015-0204, in apache the following config seems to disable this vulnerability: SSLProtocol All -SSLv2 -SSLv3 SSLCipherSuite HIGH:MEDIUM:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
Is something similar possible with dovecot ? If yes, what are the implications with old mail clients ?
-- Best regards, Adrian Minta
On Wed, Mar 04, 2015 at 06:13:31PM +0200, Adrian Minta wrote:
Hello, about the CVE-2015-0204, in apache the following config seems to disable this vulnerability: SSLProtocol All -SSLv2 -SSLv3 SSLCipherSuite HIGH:MEDIUM:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
Is something similar possible with dovecot ?
I use this with some succes:
# dovecot has built-in protection against BEAST, therefore no need # to remove -SSLv2-SHA1:-TLSv10-SHA1 ssl_protocols = !SSLv2 !SSLv3 ssl_cipher_list = ECDH@STRENGTH:DH@STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNULL
I only had a single report of an old client being locked out. Oddly it was a recent Windows Phone that was perfectly capable of using latest protocol and ciphers.
While there, I will self advertise my own paper on TLS hardening: http://arxiv.org/abs/1407.2168
-- Emmanuel Dreyfus manu@netbsd.org
On 04.03.2015 18:19, Emmanuel Dreyfus wrote:
On Wed, Mar 04, 2015 at 06:13:31PM +0200, Adrian Minta wrote:
Hello, about the CVE-2015-0204, in apache the following config seems to disable this vulnerability: SSLProtocol All -SSLv2 -SSLv3 SSLCipherSuite HIGH:MEDIUM:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
Is something similar possible with dovecot ? I use this with some succes:
# dovecot has built-in protection against BEAST, therefore no need # to remove -SSLv2-SHA1:-TLSv10-SHA1 ssl_protocols = !SSLv2 !SSLv3 ssl_cipher_list = ECDH@STRENGTH:DH@STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNULL
I only had a single report of an old client being locked out. Oddly it was a recent Windows Phone that was perfectly capable of using latest protocol and ciphers.
While there, I will self advertise my own paper on TLS hardening: http://arxiv.org/abs/1407.2168
Thank you for the answer. The "!EXPORT" part is included in "ECDH@STRENGTH:DH@STRENGTH:HIGH", or it must be added as well ?
-- Best regards, Adrian Minta
On Wed, Mar 04, 2015 at 06:36:07PM +0200, Adrian Minta wrote:
Thank you for the answer. The "!EXPORT" part is included in "ECDH@STRENGTH:DH@STRENGTH:HIGH", or it must be added as well ?
This is not the cipher list I sent. It was: ECDH@STRENGTH:DH@STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNUL
Mine does not contain any export cipher, yours does. You can use openssl ciphers to compare cipher lists:
$ openssl ciphers EXPORT|tr ':' '\n' |sort > export
$ openssl ciphers ECDH@STRENGTH:DH@STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNULL
|tr ':' '\n' |sort> manu
$ openssl ciphers ECDH@STRENGTH:DH@STRENGTH:HIGH |tr ':' '\n' |sort > adrian
$ join export manu
(nothing)
$ join export adrian
EXP-ADH-DES-CBC-SHA
EXP-ADH-RC4-MD5
EXP-EDH-DSS-DES-CBC-SHA
EXP-EDH-RSA-DES-CBC-SHA
-- Emmanuel Dreyfus manu@netbsd.org
On 04.03.2015 18:53, Emmanuel Dreyfus wrote:
On Wed, Mar 04, 2015 at 06:36:07PM +0200, Adrian Minta wrote:
Thank you for the answer. The "!EXPORT" part is included in "ECDH@STRENGTH:DH@STRENGTH:HIGH", or it must be added as well ? This is not the cipher list I sent. It was: ECDH@STRENGTH:DH@STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNUL
Mine does not contain any export cipher, yours does. You can use openssl ciphers to compare cipher lists:
$ openssl ciphers EXPORT|tr ':' '\n' |sort > export $ openssl ciphers ECDH@STRENGTH:DH@STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNULL
|tr ':' '\n' |sort> manu $ openssl ciphers ECDH@STRENGTH:DH@STRENGTH:HIGH |tr ':' '\n' |sort > adrian $ join export manu (nothing) $ join export adrian EXP-ADH-DES-CBC-SHA EXP-ADH-RC4-MD5 EXP-EDH-DSS-DES-CBC-SHA EXP-EDH-RSA-DES-CBC-SHA
I was using HIGH:MEDIUM:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4 in apache. You are using ECDH@STRENGTH:DH@STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNULL for dovecot.
I didn't know how to compare both settings. Now I know, and I see that my "!EXPORT" part is covered by your "ECDH@STRENGTH:DH@STRENGTH:HIGH" part.
$openssl ciphers HIGH:MEDIUM:\!aNULL:\!eNULL:\!EXPORT:\!CAMELLIA:\!DES:\!MD5:\!PSK:\!RC4 | tr ':' '\n' |sort > /tmp/adrian $openssl ciphers ECDH@STRENGTH:DH@STRENGTH:HIGH:\!RC4:\!MD5:\!DES:\!aNULL:\!eNULL | tr ':' '\n' |sort > /tmp/manu $diff adrian manu 6a7,8
CAMELLIA128-SHA CAMELLIA256-SHA 13a16,17 DHE-DSS-CAMELLIA128-SHA DHE-DSS-CAMELLIA256-SHA 20a25,26 DHE-RSA-CAMELLIA128-SHA DHE-RSA-CAMELLIA256-SHA 52c58,60 < SEED-SHA
PSK-3DES-EDE-CBC-SHA PSK-AES128-CBC-SHA PSK-AES256-CBC-SHA
The main difference is the support for CAMELLIA and PSK. Unfortunately I don't now enough to say if is good or bad to support any of those two.
Thank you !
-- Best regards, Adrian Minta
participants (2)
-
Adrian Minta
-
Emmanuel Dreyfus