Re: ssl_min_protocol appears to be ignored?
running dovecot 2.3.18 (current) can do connection test # openssl s_client -connect localhost:993 -tls1 CONNECTED(0003) write:errno=0 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 104 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1 Cipher : Session-ID: Session-ID-ctx: Master-Key: PSK identity: None PSK identity hint: None SRP username: None Start Time: 1649941141 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no --- and worked ok currently i hve the min version remmed out? ssl = yes verbose_ssl = yes ssl_dh = Hi, I'm trying to enable TLS1.0 support for an old client. Per dovecot -n # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.7.2 () # OS: Linux 5.4.0-107-generic x86_64 Ubuntu 20.04.4 LTS ext4 # Hostname: In 10-ssl.conf, I have set ssl_min_protocol = TLSv1 (It doesn't show in dovecot -n, I suspect because it's equal to default value?) I restarted dovecot with systemctl. Then, from another machine, openssl s_client -connect zeserver.com:993 -tls1 fails with this output: CONNECTED(0003) 140166917489984:error:141E70BF:SSL routines:tls_construct_client_hello:no protocols available:../ssl/statem/statem_clnt.c:1112: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 7 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- The same command with -tls1_2 works as intended (certificate printing, imap prompt). Am I forgetting something somewhere, or is this an actual bug?
Re: ssl_min_protocol appears to be ignored?
You may need to add to your ssl_cipher_list ssl_cipher_list = ALL:@SECLEVEL=1 I am not 100% certain why but the @SECLEVEL=1 addition unlocks several ciphers that I've found to be required for TLSv1 to work On Tue, 12 Apr 2022 14:32:43 -0500 Myriam Luce wrote: > Hi, I'm trying to enable TLS1.0 support for an old client. Per > dovecot -n > > # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.5.7.2 () > # OS: Linux 5.4.0-107-generic x86_64 Ubuntu 20.04.4 LTS ext4 > # Hostname: > > In 10-ssl.conf, I have set > > ssl_min_protocol = TLSv1 > > (It doesn't show in dovecot -n, I suspect because it's equal to > default value?) I restarted dovecot with systemctl. Then, from > another machine, > > openssl s_client -connect zeserver.com:993 -tls1 > > fails with this output: > > CONNECTED(0003) > 140166917489984:error:141E70BF:SSL > routines:tls_construct_client_hello:no protocols > available:../ssl/statem/statem_clnt.c:1112: > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 0 bytes and written 7 bytes > Verification: OK > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > No ALPN negotiated > Early data was not sent > Verify return code: 0 (ok) > --- > > The same command with -tls1_2 works as intended (certificate > printing, imap prompt). > > Am I forgetting something somewhere, or is this an actual bug? >
ssl_min_protocol appears to be ignored?
Hi, I'm trying to enable TLS1.0 support for an old client. Per dovecot -n # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.7.2 () # OS: Linux 5.4.0-107-generic x86_64 Ubuntu 20.04.4 LTS ext4 # Hostname: In 10-ssl.conf, I have set ssl_min_protocol = TLSv1 (It doesn't show in dovecot -n, I suspect because it's equal to default value?) I restarted dovecot with systemctl. Then, from another machine, openssl s_client -connect zeserver.com:993 -tls1 fails with this output: CONNECTED(0003) 140166917489984:error:141E70BF:SSL routines:tls_construct_client_hello:no protocols available:../ssl/statem/statem_clnt.c:1112: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 7 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- The same command with -tls1_2 works as intended (certificate printing, imap prompt). Am I forgetting something somewhere, or is this an actual bug?
Re: ssl_min_protocol v2.3.15
On 22. Jun 2021, at 14.55, Theo Pannen wrote: > > Hello, > > it seems that the default value for ssl_min_protocol has changed from > TLSv1 to TLSv1.2, right? > > After upgrading to v2.3.15 and with ssl_min_protocol commented out, the > server no longer offers TLSv1 and TLSv1.1. > > This is a good idea, but should be documented. Yeah, looks like we forgot about that. It's a bit too late to change the NEWS anymore, but added it at least to https://doc.dovecot.org/installation_guide/upgrading/from-2.3-to-2.3.x/ <https://doc.dovecot.org/installation_guide/upgrading/from-2.3-to-2.3.x/>
ssl_min_protocol v2.3.15
Hello, it seems that the default value for ssl_min_protocol has changed from TLSv1 to TLSv1.2, right? After upgrading to v2.3.15 and with ssl_min_protocol commented out, the server no longer offers TLSv1 and TLSv1.1. This is a good idea, but should be documented. Theo
Re: Unable to set ssl_min_protocol=TLSv1.3
Any news on setting TLS 1.3 as minimal version? I am using Debian 10 with Dovecot 2.3.4.1-5+deb10u1 and openssl 1.1.1d-0+deb10u3.
Re: Unable to set ssl_min_protocol=TLSv1.3
> On 13/04/2020 12:35 Thomas Schneider wrote: > > > Good $daytime, > > as per the recommendations of Mozilla’s SSL config generator[0], I > wanted to set ssl_min_protocol=TLSv1.3 in my dovecot config. This > produced the error: > > imap-login: Error: Failed to initialize SSL server context: Unknown > ssl_min_protocol setting 'TLSv1.3' > > After some digging, I found the function that parses this setting in > src/lib-ssl-iostream/iostream-openssl-common.c > (openssl_min_protocol_to_options()), which maps strings such as > SSL_TXT_TLSV1_2 == "TLSv1.2" (from openssl/ssl.h) to the appropriate > version and option defines of OpenSSL. > > Said openssl/ssl.h does not contain a SSL_TXT_TLSV1_3, so it’s no > surprise that dovecot does not know this setting. As a quick fix, I > could probably extend struct {…} protocol_versions[] (in > iostream-openssl-common.c again) with an appropriate "TLSv1.3" entry > (and send a patch), though I would also suggest to OpenSSL to add a > SSL_TXT_TLSV1_3 define. > > Unfortunately, I have not found a config setting in dovecot to set > SSL_OP_NO_TLSv1_2, or in fact any way to enforce TLS >=1.3, except maybe > via the cipher list string. > > I think that dovecot should support setting this, and I’d also gladly > provide a patch. > > Thanks, > Thomas Hi! What version of Dovecot are you using? What OS/distro are you using? I'm guessing you're seeing this, see https://dovecot.org/pipermail/dovecot/2019-December/117799.html Aki
Unable to set ssl_min_protocol=TLSv1.3
Good $daytime, as per the recommendations of Mozilla’s SSL config generator[0], I wanted to set ssl_min_protocol=TLSv1.3 in my dovecot config. This produced the error: imap-login: Error: Failed to initialize SSL server context: Unknown ssl_min_protocol setting 'TLSv1.3' After some digging, I found the function that parses this setting in src/lib-ssl-iostream/iostream-openssl-common.c (openssl_min_protocol_to_options()), which maps strings such as SSL_TXT_TLSV1_2 == "TLSv1.2" (from openssl/ssl.h) to the appropriate version and option defines of OpenSSL. Said openssl/ssl.h does not contain a SSL_TXT_TLSV1_3, so it’s no surprise that dovecot does not know this setting. As a quick fix, I could probably extend struct {…} protocol_versions[] (in iostream-openssl-common.c again) with an appropriate "TLSv1.3" entry (and send a patch), though I would also suggest to OpenSSL to add a SSL_TXT_TLSV1_3 define. Unfortunately, I have not found a config setting in dovecot to set SSL_OP_NO_TLSv1_2, or in fact any way to enforce TLS >=1.3, except maybe via the cipher list string. I think that dovecot should support setting this, and I’d also gladly provide a patch. Thanks, Thomas [0]: https://ssl-config.mozilla.org/#server=dovecot&version=2.3.4.1&config=modern&openssl=1.1.1d&guideline=5.4 signature.asc Description: PGP signature
Re: ssl_min_protocol = TLSv1.3 does not work
On 27/11/2019 08:13, Aki Tuomi via dovecot wrote: On 26.11.2019 19.34, Laurens Post via dovecot wrote: Hi all, I'm trying to set up my server with support for TLS 1.3 only, but that does not seem to be supported. First off, TLS 1.3 itself does work fine, so it's not the config or ssl library, and 1.3-only works fine with Postfix. The problem is only in disabling TLS 1.2 for Dovecot. On connection, I'm getting an error that 1.3 is an "Unknown ssl_min_protocol setting". Reading the source code, it seems that `openssl_min_protocol_to_options` in `src/lib-ssl-iostream/iostream-openssl-common.c` is simply missing an entry like { SSL_TXT_TLSV1_3, TLS1_3_VERSION, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 } Is this a bug, something intentional, or has it simply not been added yet because nobody has been crazy enough to ask for it? Kind regards, Laurens Just haven't gotten round to implement this yet. Will get there. Tracking as DOP-1592. Fix would likely be something like this (not tested): diff --git a/src/lib-ssl-iostream/iostream-openssl-common.c b/src/lib-ssl-iostream/iostream-openssl-common.c index d79c986ed8..e2a4c42ccb 100644 --- a/src/lib-ssl-iostream/iostream-openssl-common.c +++ b/src/lib-ssl-iostream/iostream-openssl-common.c @@ -9,6 +9,14 @@ #include #include +#if OPENSSL_VERSION_NUMBER >= 0x10101000L +/* Weirdly, OpenSSL fails to define this constant, even though TLSv1.3 is + supported. */ +#ifndef SSL_TXT_TLSV1_3 +#define SSL_TXT_TLSV1_3 "TLSv1.3" +#endif +#endif + /* openssl_min_protocol_to_options() scans this array for name and returns version and opt. opt is used with SSL_set_options() and version is used with SSL_set_min_proto_version(). Using either method should enable the same @@ -23,6 +31,10 @@ static const struct { { SSL_TXT_TLSV1_1, TLS1_1_VERSION, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 }, { SSL_TXT_TLSV1_2, TLS1_2_VERSION, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 }, +#if OPENSSL_VERSION_NUMBER >= 0x10101000L + { SSL_TXT_TLSV1_3, TLS1_3_VERSION, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | + SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 }, +#endif }; int openssl_min_protocol_to_options(const char *min_protocol, long *opt_r, int *version_r) Regards, Stephan.
Re: ssl_min_protocol = TLSv1.3 does not work
On 26.11.2019 19.34, Laurens Post via dovecot wrote: > Hi all, > > I'm trying to set up my server with support for TLS 1.3 only, but that > does not seem to be supported. > First off, TLS 1.3 itself does work fine, so it's not the config or > ssl library, and 1.3-only works fine with Postfix. The problem is only > in disabling TLS 1.2 for Dovecot. > On connection, I'm getting an error that 1.3 is an "Unknown > ssl_min_protocol setting". > Reading the source code, it seems that > `openssl_min_protocol_to_options` in > `src/lib-ssl-iostream/iostream-openssl-common.c` is simply missing an > entry like > > { SSL_TXT_TLSV1_3, TLS1_3_VERSION, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | > SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 } > > Is this a bug, something intentional, or has it simply not been added > yet because nobody has been crazy enough to ask for it? > > Kind regards, > > Laurens Hi! Just haven't gotten round to implement this yet. Will get there. Aki
ssl_min_protocol = TLSv1.3 does not work
Hi all, I'm trying to set up my server with support for TLS 1.3 only, but that does not seem to be supported. First off, TLS 1.3 itself does work fine, so it's not the config or ssl library, and 1.3-only works fine with Postfix. The problem is only in disabling TLS 1.2 for Dovecot. On connection, I'm getting an error that 1.3 is an "Unknown ssl_min_protocol setting". Reading the source code, it seems that `openssl_min_protocol_to_options` in `src/lib-ssl-iostream/iostream-openssl-common.c` is simply missing an entry like { SSL_TXT_TLSV1_3, TLS1_3_VERSION, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 } Is this a bug, something intentional, or has it simply not been added yet because nobody has been crazy enough to ask for it? Kind regards, Laurens
Re: ssl_min_protocol
On 2.4.2019 12.37, @lbutlr via dovecot wrote: > What are the possible settings for ssl_min_protocol? I only see it on the > upgrade page where it mentions the default is TLSv1. > > Searching on the dovecot page gives me "Your search query "ssl_min_protocol" > didn't return any results." > > > Hi! Valid values are 'SSLv3' (when supported by openssl), 'TLSv1', 'TLSv1.1', 'TLSv1.2'. Aki
ssl_min_protocol
What are the possible settings for ssl_min_protocol? I only see it on the upgrade page where it mentions the default is TLSv1. Searching on the dovecot page gives me "Your search query "ssl_min_protocol" didn't return any results." -- Up the airy mountains, down the rushy glen... From ghosties and bogles and long-leggity beasties... My mother said I never should... We dare not go a-hunting for fear... And things that go bump... Play with the fairies in the wood... --Lords and Ladies
Re: upgrade 2.2 to 2.3, diffie-hellman, ssl_min_protocol
ssl_dh=: > On Fri, 22 Jun 2018, Joseph Tam wrote: > >> However, recent advances make this condition obsolete [*] and not >> really safer, so a much faster way to generate a DH key is >> >> openssl dhparam -dsaparam -out dh.pem 4096 >> >> DH generation is a one time operation, so if you're paranoid and you've >> got time to burn, go ahead and generate the "safe" DH key. >> >> [*] https://security.stackexchange.com/questions/42415/openvpn-dhparam) > > Oh, I might have to backtrack on this claim > > https://www.openssl.org/news/secadv/20160128.txt > > although it's beyond my understanding whether it's applicable to Dovecot. > > Joseph Tam - ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options!
Re: upgrade 2.2 to 2.3, diffie-hellman, ssl_min_protocol
Thanks Joseph, Aki, but something missing from upgrade document, where does the dh param file go? I located ssl-parameters.dat so I will put it there. Quoting Joseph Tam : On Fri, 22 Jun 2018, Joseph Tam wrote: However, recent advances make this condition obsolete [*] and not really safer, so a much faster way to generate a DH key is openssl dhparam -dsaparam -out dh.pem 4096 DH generation is a one time operation, so if you're paranoid and you've got time to burn, go ahead and generate the "safe" DH key. [*] https://security.stackexchange.com/questions/42415/openvpn-dhparam) Oh, I might have to backtrack on this claim https://www.openssl.org/news/secadv/20160128.txt although it's beyond my understanding whether it's applicable to Dovecot. Joseph Tam - ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options!
Re: upgrade 2.2 to 2.3, diffie-hellman, ssl_min_protocol
On Fri, 22 Jun 2018, Joseph Tam wrote: However, recent advances make this condition obsolete [*] and not really safer, so a much faster way to generate a DH key is openssl dhparam -dsaparam -out dh.pem 4096 DH generation is a one time operation, so if you're paranoid and you've got time to burn, go ahead and generate the "safe" DH key. [*] https://security.stackexchange.com/questions/42415/openvpn-dhparam) Oh, I might have to backtrack on this claim https://www.openssl.org/news/secadv/20160128.txt although it's beyond my understanding whether it's applicable to Dovecot. Joseph Tam
Re: upgrade 2.2 to 2.3, diffie-hellman, ssl_min_protocol
On Fri, 22 Jun 2018, Aki Tuomi wrote: Do I need to make a fresh dh.pem? The upgrade doc tells how to convert ssl-parameters.dat but how to make a new one? ... or you can make a fresh one using openssl gendh 4096 > dh.pem This also works openssl dhparam -out dh.pem 4096 Note that this will require quite a lot of entropy, so you should probably ensure that you run it on a laptop or with virtual machine that has some entropy source/helper. It can take an extraordinary amount of time for long keys. Most of the time/entropy is taken up to produce a "safe" prime (p) such that (p-1)/2 is also prime to resist some factoring algorithms. However, recent advances make this condition obsolete [*] and not really safer, so a much faster way to generate a DH key is openssl dhparam -dsaparam -out dh.pem 4096 DH generation is a one time operation, so if you're paranoid and you've got time to burn, go ahead and generate the "safe" DH key. [*] https://security.stackexchange.com/questions/42415/openvpn-dhparam) Joseph Tam
Re: upgrade 2.2 to 2.3, diffie-hellman, ssl_min_protocol
> On 22 June 2018 at 10:18 ta...@vfemail.net wrote: > > > > hi sorry if question was asked already. Was reading > https://wiki2.dovecot.org/Upgrading/2.3 > > first I'm confused on diffie hellman parameters file. I never set up > ssl-parameters.dat before (should i have? do I have one that was > automatically made for me by dovecot?) > > Do I need to make a fresh dh.pem? The upgrade doc tells how to convert > ssl-parameters.dat but how to make a new one? > 2.2 makes the ssl-parameters.dat automatically. You can choose to either use that with the instructions given, or you can make a fresh one using openssl gendh 4096 > dh.pem Note that this will require quite a lot of entropy, so you should probably ensure that you run it on a laptop or with virtual machine that has some entropy source/helper. > other question is if I copy ssl_min_protocol from example config into > my existing config is that enough? do experts on this list recommend > any tweaks that increase client requirements more than dovecot > developers are comfortable with but will ensure more secure protocol > usage? > ssl_min_protocols defines the minimum TLS protocol the server supports. We recommend TLSv1, but if you want, you can experiment with TLSv1.2, which will decrease client compability a bit. Aki > > - > > ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the > NSA's hands! > $24.95 ONETIME Lifetime accounts with Privacy Features! > 15GB disk! No bandwidth quotas! > Commercial and Bulk Mail Options!
upgrade 2.2 to 2.3, diffie-hellman, ssl_min_protocol
hi sorry if question was asked already. Was reading https://wiki2.dovecot.org/Upgrading/2.3 first I'm confused on diffie hellman parameters file. I never set up ssl-parameters.dat before (should i have? do I have one that was automatically made for me by dovecot?) Do I need to make a fresh dh.pem? The upgrade doc tells how to convert ssl-parameters.dat but how to make a new one? other question is if I copy ssl_min_protocol from example config into my existing config is that enough? do experts on this list recommend any tweaks that increase client requirements more than dovecot developers are comfortable with but will ensure more secure protocol usage? - ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options!