Cipher suites: Difference between revisions

(- fixed typos; updated out of date links)
No edit summary
Line 1: Line 1:
{{BC|Certified}}
__FORCETOC__
__FORCETOC__
<div class="col-md-12 ibox-content">
<div class="col-md-12 ibox-content">
= Cipher suites =
= Cipher suites =
{{KB|{{ZC}}|{{ZCS 8.0}}|{{ZCS 7.0}}|}}
{{KB||{{ZCS 9.0}}|{{ZCS 8.8}}|}}
{{WIP}}
{{WIP}}


= Introduction =
= Introduction =
By default, the Zimbra mailbox server, ''zmmailboxd'', supports both strong and weak SSL/TLS cipher suites for '''IMAPS''', '''POP3S''', and '''HTTPS'''.  A typical security requirement is to disable weak ciphers which usually includes SSL versions prior to SSLv3 and any cipher not supporting at least 128 bit.
By default, the Zimbra mailbox server, ''zmmailboxd'', supports both strong and weak SSL/TLS cipher suites for '''IMAPS''', '''POP3S''', and '''HTTPS'''.  A typical security requirement is to disable weak ciphers.


= Enable Strong Ciphers =
= Enable Strong Ciphers =
To enable strong ciphers, weak ciphers must be disabled. It is best practise to run a SSL/TLS cipher scan first to see which ciphers your server currently supports.
Transport Layer Security (TLS) encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit which is particularly useful for private and sensitive information such as passwords, credit card numbers, and personal correspondence. (further reading: https://www.internetsociety.org/deploy360/tls/basics)


As of today it is recommended to test HTTPS/SSL against multiple checks:
In this article you will learn how to configure Zimbra to use only strong encryption ciphers for TLS.


* [https://www.ssllabs.com/ssltest/index.html SSL Labs (Qualys)]
= Generate ssl_ciphers for use with zimbraReverseProxySSLCiphers =
* [https://sslcheck.globalsign.com GlobalSign]
* [https://ssltools.websecurity.symantec.com/checker/#home Verisign/Symantec]


Once the supported weak ciphers are determined, they can be disabled one by one system wide using the '''zimbraSSLExcludeCipherSuites''' global attribute.
Since encryption is always evolving it is recommended to use Mozilla SSL Config generator that you can find at https://ssl-config.mozilla.org/


To disable weak ciphers use the ''zmprov'' command. Be sure to prefix the attribute name with "+" when using mcf to keep existing values.
Select <code>Intermediate</code> and <code>Nginx</code> (Zimbra proxy is based on Nginx) at the time of writing this article this will select nginx 1.17.7 and OpenSSL 1.1.1d. The tool also reports the oldest supported clients that work with this configuration: Firefox 27, Android 4.4.2, Chrome 31, Edge, IE 11 on Windows 7, Java 8u31, OpenSSL 1.0.1, Opera 20, and Safari 9.


su - zimbra
From the generated config file copy the value from <code>ssl_ciphers</code>:
zmprov mcf +zimbraSSLExcludeCipherSuites <cipher1>
zmprov mcf +zimbraSSLExcludeCipherSuites <cipher2>
zmprov mcf +zimbraSSLExcludeCipherSuites <cipherN>
zmmailboxdctl restart


The disabled ciphers in Zimbra by default include these:
<pre>ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;</pre>
= Configuring Zimbra =


$ zmprov gcf zimbraSSLExcludeCipherSuites
Configure Zimbra to use the above ciphers, and enable TLSv1.2 and TLSv1.3 like this:
zimbraSSLExcludeCipherSuites: SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
zimbraSSLExcludeCipherSuites: SSL_DHE_DSS_WITH_DES_CBC_SHA
zimbraSSLExcludeCipherSuites: SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
zimbraSSLExcludeCipherSuites: SSL_DHE_RSA_WITH_DES_CBC_SHA
zimbraSSLExcludeCipherSuites: SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
zimbraSSLExcludeCipherSuites: SSL_RSA_EXPORT_WITH_RC4_40_MD5
zimbraSSLExcludeCipherSuites: SSL_RSA_WITH_DES_CBC_SHA


Please note that curl by default will not connect to RC4 ciphers:
<pre>zmprov mcf zimbraReverseProxySSLProtocols TLSv1.2
https://bugzilla.redhat.com/show_bug.cgi?id=807749
zmprov mcf +zimbraReverseProxySSLProtocols TLSv1.3


= Nginx Proxy Ciphers =
zmprov -l mcf zimbraReverseProxySSLCiphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'


Zimbra recommends that all sites (including single-server sites) use the Zimbra nginx proxy. The proxy provides an additional layer of security, defense in depth, and control. As of ZCS 8.7 or later, the nginx proxy is required in all ZCS installations.
zmproxyctl restart</pre>
Also configure Zimbra mailbox to allow the use of TLSv1.3. Open in a text editor <code>/opt/zimbra/conf/localconfig.xml</code> find the line <code>mailboxd_java_options</code> and set <code>TLSv1.2,TLSv1.3</code> in <code>https.protocols</code> and <code>jdk.tls.client.protocols</code>. Example result:


With the proxy, one can provide tight control over ciphers. The single valued '''zimbraReverseProxySSLCiphers''' attribute configures what cipher suites the nginx proxy will allow to be negotiated over SSL. This affects HTTPS when the web proxy is enabled, and POP and IMAP when the mail proxy is enabled. It is only possible to set this value in globalconfig.
<pre>&lt;key name=&quot;mailboxd_java_options&quot;&gt;
  &lt;value&gt;-server -Dhttps.protocols=TLSv1.2,TLSv1.3 -Djdk.tls.client.protocols=TLSv1.2,TLSv1.3 -Djava.awt.headless=true -Dsun.net.inetaddr.ttl=${networkaddress_cache_ttl} -Dorg.apache.jasper.compiler.disablejsr199=true -XX:+UseG1GC -XX:SoftRefLRUPolicyMSPerMB=1 -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=15 -XX:G1MaxNewSizePercent=45 -XX:-OmitStackTraceInFastThrow -verbose:gc -Xlog:gc*=info,safepoint=info:file=/opt/zimbra/log/gc.log:time:filecount=20,filesize=10m -Djava.net.preferIPv4Stack=true&lt;/value&gt;
&lt;/key&gt;</pre>
Then restart mailbox, or reboot your server:


The current recommended setting is (removes RC4 from the default in 8.6):
<pre>zmmailboxdctl restart</pre>
= Generate DH parameters =


ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
Generating DH parameter improves key exchange and mitigates against Logjam attack. Run as Zimbra user. Further reading: https://weakdh.org/


It can be set using the '''zmprov mcf''' command:
<pre>su - zimbra
/opt/zimbra/common/bin/openssl dhparam -out /opt/zimbra/conf/dhparam.pem.zcs 3072
zmprov mcf zimbraSSLDHParam /opt/zimbra/conf/dhparam.pem.zcs</pre>
Reboot the server.


$ zmprov mcf zimbraReverseProxySSLCiphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4'
= Configure additional HTTP headers =
$ zmproxyctl restart # on all proxies


= SSL Protocols =
The following headers will:


As of ZCS 8.6, SSLv2 and SSLv3 are disabled by default. Only these SSL Protocols are enabled by default:
* Enable HTTP Strict Transport Security (HSTS)
* Disable search indexing of your server by Google et al.


* TLSv1
<pre>zmprov mcf +zimbraResponseHeader &quot;Strict-Transport-Security: max-age=31536000; includeSubDomains&quot;
* TLSv1.1
zmprov mcf +zimbraResponseHeader &quot;X-XSS-Protection: 1; mode=block&quot;
* TLSv1.2
zmprov mcf +zimbraResponseHeader &quot;X-Content-Type-Options: nosniff&quot;
zmprov mcf +zimbraResponseHeader &quot;X-Robots-Tag: noindex&quot;
zmprov mcf zimbraMailKeepOutWebCrawlers TRUE
zmmailboxdctl restart</pre>
= Validate your settings online using SSL Labs =


However, it has been found that certain older Microsoft Outlook clients (2011 and previous) require that the server also accept "SSLv2Hello". Enabling this does not mean that the server is actually allowing SSLv2, but it does mean that it allows the SSLv2Hello "introduction", before switching to TLSv1 or greater.
Go to https://www.ssllabs.com/ssltest/analyze.html and enter the the domain name of your Zimbra server. If you followed the steps in this article you should receive an A+ score and there should be no mention of weak ciphers in the report. This article was written in September 2021. In the report take a look at the client devices listed under <code>Handshake Simulation</code> these will give you an idea of the devices your users can use to connect to your Zimbra server. Also validate there are no weak ciphers listed under <code>Cipher Suites</code>.
 
If using the Zimbra nginx proxy, it is not necessary to add SSLv2Hello to the mailstore configuration. However, if not using the Zimbra nginx proxy and only using the mailstore for SSL handling (i.e., mailboxd), then you must enable SSLv2Hello protocol to allow older Outlook clients to work:
 
zmprov mcf +zimbraMailboxdSSLProtocols SSLv2Hello
zmmailboxdctl restart
 
In ZCS 8.7, SSLv2Hello will be enabled by default: https://bugzilla.zimbra.com/show_bug.cgi?id=97332
 
= Debugging Cipher issues =
 
1. Jetty can use a Java startup option to log SSL and cipher debug data to /opt/zimbra/log/zmmailboxd.out:
 
-Djavax.net.debug=ssl,handshake,data
 
This can be added to the end of your mailboxd_java_options:
 
a. Get your current mailboxd_java_options:
 
$ zmlocalconfig mailboxd_java_options
 
b. Add the above to it:
 
  $ zmlocalconfig -e mailboxd_java_options="-server -Djava.awt.headless=true -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:NewRatio=2 -XX:PermSize=196m -XX:MaxPermSize=350m -XX:SoftRefLRUPolicyMSPerMB=1 -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCApplicationStoppedTime -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/opt/zimbra/log -XX:ErrorFile=/opt/zimbra/log/hs_err_pid%p.log -Dorg.apache.jasper.compiler.disablejsr199=true -Djava.net.preferIPv4Stack=true -XX:+PrintGCDateStamps -Xloggc:/opt/zimbra/log/gc.log -XX:-UseGCLogFileRotation -XX:NumberOfGCLogFiles=20 -XX:GCLogFileSize=4096K -Djavax.net.debug=ssl,handshake,data"
 
c. SSL and cipher logging will now be written to /opt/zimbra/log/zmmailboxd.out
 
2. OpenSSL can be used to test server availability of SSL protocols and ciphers. Please note, however, that the SSL ciphers are named differently in OpenSSL then they are in Java. You can find a mapping of those cipher names here:
 
* https://www.openssl.org/docs/apps/ciphers.html#CIPHER-SUITE-NAMES
 
These cipher names and category definitions (i.e., HIGH, MEDIUM, etc.) can be on that OpenSSL page above, and in turn are used in all Zimbra components that utilize OpenSSL, e.g., nginx, postfix, libcurl and others. Java/Jetty is not linked to OpenSSL, and therefore uses the longer cipher names indicated on this page.
 
a. OpenSSL testing:
 
These OpenSSL commands largely replicate what many older clients (such as Outlook 2011) use:
 
openssl s_client -tls1 -cipher RC4-SHA -connect mail.example.com:443
openssl s_client -tls1 -cipher DES-CBC3-SHA -connect mail.example.com:443
 
However, as noted above, some of these may also require SSLv2Hello first. The above ciphers in turn map to these in the JVM/Jetty:
 
TLS_RSA_WITH_RC4_128_SHA                          # OpenSSL RC4-SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA          # OpenSSL DES-CBC3-SHA
 
= Bugs =
Prior to ZCS 5.0.10, the zimbraSSLExcludeCipherSuites attribute values are not picked up by the Jetty configuration for HTTPS.  To fix, replace all occurrences of ''zimbraSSLExcludeCipherSuites'' with ''zimbraSSLExcludeCipherSuitesXML'' in ''/opt/zimbra/jetty/etc/jetty.xml.in''. 
 
cd /opt/zimbra/jetty/etc
sed 's/%%zimbraSSLExcludeCipherSuites%%/%%zimbraSSLExcludeCipherSuitesXML%%/g' jetty.xml.in > /tmp/jetty.xml.in.new
cp jetty.xml.in /tmp/jetty.xml.in.old
mv /tmp/jetty.xml.in.new jetty.xml.in
zmmailboxdctl restart
 
Please see [https://bugzilla.zimbra.com/show_bug.cgi?id=30691 bug 30691] for more details. 
 
= References =
* Java "Cipher Suites" table under http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider
* OpenSSL "CIPHER SUITE NAMES"  https://www.openssl.org/docs/apps/ciphers.html#CIPHER-SUITE-NAMES
 
{{Article Footer|Zimbra Collaboration Suite 5.0.9|10/1/2008}}
 
[[Category: SSL/TLS]]
[[Category: Mailbox]]

Revision as of 07:15, 4 September 2021

Cipher suites

   KB 2661        Last updated on 2021-09-4  




0.00
(0 votes)


Introduction

By default, the Zimbra mailbox server, zmmailboxd, supports both strong and weak SSL/TLS cipher suites for IMAPS, POP3S, and HTTPS. A typical security requirement is to disable weak ciphers.

Enable Strong Ciphers

Transport Layer Security (TLS) encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit which is particularly useful for private and sensitive information such as passwords, credit card numbers, and personal correspondence. (further reading: https://www.internetsociety.org/deploy360/tls/basics)

In this article you will learn how to configure Zimbra to use only strong encryption ciphers for TLS.

Generate ssl_ciphers for use with zimbraReverseProxySSLCiphers

Since encryption is always evolving it is recommended to use Mozilla SSL Config generator that you can find at https://ssl-config.mozilla.org/

Select Intermediate and Nginx (Zimbra proxy is based on Nginx) at the time of writing this article this will select nginx 1.17.7 and OpenSSL 1.1.1d. The tool also reports the oldest supported clients that work with this configuration: Firefox 27, Android 4.4.2, Chrome 31, Edge, IE 11 on Windows 7, Java 8u31, OpenSSL 1.0.1, Opera 20, and Safari 9.

From the generated config file copy the value from ssl_ciphers:

ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

Configuring Zimbra

Configure Zimbra to use the above ciphers, and enable TLSv1.2 and TLSv1.3 like this:

zmprov mcf zimbraReverseProxySSLProtocols TLSv1.2
zmprov mcf +zimbraReverseProxySSLProtocols TLSv1.3

zmprov -l mcf zimbraReverseProxySSLCiphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'

zmproxyctl restart

Also configure Zimbra mailbox to allow the use of TLSv1.3. Open in a text editor /opt/zimbra/conf/localconfig.xml find the line mailboxd_java_options and set TLSv1.2,TLSv1.3 in https.protocols and jdk.tls.client.protocols. Example result:

<key name="mailboxd_java_options">
  <value>-server -Dhttps.protocols=TLSv1.2,TLSv1.3 -Djdk.tls.client.protocols=TLSv1.2,TLSv1.3 -Djava.awt.headless=true -Dsun.net.inetaddr.ttl=${networkaddress_cache_ttl} -Dorg.apache.jasper.compiler.disablejsr199=true -XX:+UseG1GC -XX:SoftRefLRUPolicyMSPerMB=1 -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=15 -XX:G1MaxNewSizePercent=45 -XX:-OmitStackTraceInFastThrow -verbose:gc -Xlog:gc*=info,safepoint=info:file=/opt/zimbra/log/gc.log:time:filecount=20,filesize=10m -Djava.net.preferIPv4Stack=true</value>
</key>

Then restart mailbox, or reboot your server:

zmmailboxdctl restart

Generate DH parameters

Generating DH parameter improves key exchange and mitigates against Logjam attack. Run as Zimbra user. Further reading: https://weakdh.org/

su - zimbra
/opt/zimbra/common/bin/openssl dhparam -out /opt/zimbra/conf/dhparam.pem.zcs 3072
zmprov mcf zimbraSSLDHParam /opt/zimbra/conf/dhparam.pem.zcs

Reboot the server.

Configure additional HTTP headers

The following headers will:

  • Enable HTTP Strict Transport Security (HSTS)
  • Disable search indexing of your server by Google et al.
zmprov mcf +zimbraResponseHeader "Strict-Transport-Security: max-age=31536000; includeSubDomains"
zmprov mcf +zimbraResponseHeader "X-XSS-Protection: 1; mode=block"
zmprov mcf +zimbraResponseHeader "X-Content-Type-Options: nosniff"
zmprov mcf +zimbraResponseHeader "X-Robots-Tag: noindex"
zmprov mcf zimbraMailKeepOutWebCrawlers TRUE
zmmailboxdctl restart

Validate your settings online using SSL Labs

Go to https://www.ssllabs.com/ssltest/analyze.html and enter the the domain name of your Zimbra server. If you followed the steps in this article you should receive an A+ score and there should be no mention of weak ciphers in the report. This article was written in September 2021. In the report take a look at the client devices listed under Handshake Simulation these will give you an idea of the devices your users can use to connect to your Zimbra server. Also validate there are no weak ciphers listed under Cipher Suites.

Jump to: navigation, search