Cipher suites: Difference between revisions

No edit summary
(- fixed typos; updated out of date links)
Line 14: Line 14:
As of today it is recommended to test HTTPS/SSL against multiple checks:
As of today it is recommended to test HTTPS/SSL against multiple checks:


[https://www.ssllabs.com/ssltest/index.html SSL Labs (Qualsys)]
* [https://www.ssllabs.com/ssltest/index.html SSL Labs (Qualys)]
* [https://sslcheck.globalsign.com GlobalSign]
[https://sslcheck.globalsign.com GlobalSign]
* [https://ssltools.websecurity.symantec.com/checker/#home Verisign/Symantec]


[https://ssltools.websecurity.symantec.com/checker/#home Verisgin/Symantec]
Once the supported weak ciphers are determined, they can be disabled one by one system wide using the '''zimbraSSLExcludeCipherSuites''' global attribute.
 
Once the supported weak ciphers are determined, they can be disabled one by one system wide using the '''zimbraSSLExcludeCipherSuites''' global directory attribute.


To disable weak ciphers use the ''zmprov'' command.  Be sure to prefix the attribute name with "+" when using mcf to keep existing values.
To disable weak ciphers use the ''zmprov'' command.  Be sure to prefix the attribute name with "+" when using mcf to keep existing values.
Line 27: Line 25:
  zmprov mcf +zimbraSSLExcludeCipherSuites <cipher1>
  zmprov mcf +zimbraSSLExcludeCipherSuites <cipher1>
  zmprov mcf +zimbraSSLExcludeCipherSuites <cipher2>
  zmprov mcf +zimbraSSLExcludeCipherSuites <cipher2>
zmprov mcf +zimbraSSLExcludeCipherSuites <cipher...>
  zmprov mcf +zimbraSSLExcludeCipherSuites <cipherN>
  zmprov mcf +zimbraSSLExcludeCipherSuites <cipherN>
  zmmailboxdctl restart
  zmmailboxdctl restart
Line 52: Line 49:


The current recommended setting is (removes RC4 from the default in 8.6):
The current recommended setting is (removes RC4 from the default in 8.6):


  ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
  ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4


It can be set using the '''zmprov mcf''' command:
It can be set using the '''zmprov mcf''' command:
Line 99: Line 94:
2. OpenSSL can be used to test server availability of SSL protocols and ciphers. Please note, however, that the SSL ciphers are named differently in OpenSSL then they are in Java. You can find a mapping of those cipher names here:
2. OpenSSL can be used to test server availability of SSL protocols and ciphers. Please note, however, that the SSL ciphers are named differently in OpenSSL then they are in Java. You can find a mapping of those cipher names here:


* https://www.openssl.org/docs/apps/ciphers.html#cipher_suite_names
* https://www.openssl.org/docs/apps/ciphers.html#CIPHER-SUITE-NAMES


These cipher names and category definitions (i.e., HIGH, MEDIUM, etc.) can be on that OpenSSL page above, and in turn are used in all Zimbra components that utilize OpenSSL, e.g., nginx, postfix, libcurl and others. Java/Jetty is not linked to OpenSSL, and therefore uses the longer cipher names indicated on this page.
These cipher names and category definitions (i.e., HIGH, MEDIUM, etc.) can be on that OpenSSL page above, and in turn are used in all Zimbra components that utilize OpenSSL, e.g., nginx, postfix, libcurl and others. Java/Jetty is not linked to OpenSSL, and therefore uses the longer cipher names indicated on this page.
Line 112: Line 107:
However, as noted above, some of these may also require SSLv2Hello first. The above ciphers in turn map to these in the JVM/Jetty:
However, as noted above, some of these may also require SSLv2Hello first. The above ciphers in turn map to these in the JVM/Jetty:


  TLS_RSA_WITH_RC4_128_SHA               RC4-SHA
  TLS_RSA_WITH_RC4_128_SHA                         # OpenSSL RC4-SHA
  TLS_RSA_WITH_3DES_EDE_CBC_SHA          DES-CBC3-SHA
  TLS_RSA_WITH_3DES_EDE_CBC_SHA          # OpenSSL DES-CBC3-SHA


= Bugs =
= Bugs =
Line 124: Line 119:
  zmmailboxdctl restart
  zmmailboxdctl restart


Please see [http://bugzilla.zimbra.com/show_bug.cgi?id=30691 bug 30691] for more details.   
Please see [https://bugzilla.zimbra.com/show_bug.cgi?id=30691 bug 30691] for more details.   


= References =
= References =
''J2SE cipher list'' http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#SunJSSE
* Java "Cipher Suites" table under http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider
 
* OpenSSL "CIPHER SUITE NAMES"  https://www.openssl.org/docs/apps/ciphers.html#CIPHER-SUITE-NAMES
''OpenSSL ciphers list'' http://openssl.org/docs/apps/ciphers.html#SSL_v3_0_cipher_suites_
 


{{Article Footer|Zimbra Collaboration Suite 5.0.9|10/1/2008}}
{{Article Footer|Zimbra Collaboration Suite 5.0.9|10/1/2008}}

Revision as of 04:44, 12 August 2015

Cipher suites

   KB 2661        Last updated on 2015-08-12  




0.00
(0 votes)


Introduction

By default, the Zimbra mailbox server, zmmailboxd, supports both strong and weak SSL/TLS cipher suites for IMAPS, POP3S, and HTTPS. A typical security requirement is to disable weak ciphers which usually includes SSL versions prior to SSLv3 and any cipher not supporting at least 128 bit.

Enable Strong Ciphers

To enable strong ciphers, weak ciphers must be disabled. It is best practise to run a SSL/TLS cipher scan first to see which ciphers your server currently supports.

As of today it is recommended to test HTTPS/SSL against multiple checks:

Once the supported weak ciphers are determined, they can be disabled one by one system wide using the zimbraSSLExcludeCipherSuites global attribute.

To disable weak ciphers use the zmprov command. Be sure to prefix the attribute name with "+" when using mcf to keep existing values.

su - zimbra
zmprov mcf +zimbraSSLExcludeCipherSuites <cipher1>
zmprov mcf +zimbraSSLExcludeCipherSuites <cipher2>
zmprov mcf +zimbraSSLExcludeCipherSuites <cipherN>
zmmailboxdctl restart

The disabled ciphers in Zimbra by default include these:

$ zmprov gcf zimbraSSLExcludeCipherSuites
zimbraSSLExcludeCipherSuites: SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
zimbraSSLExcludeCipherSuites: SSL_DHE_DSS_WITH_DES_CBC_SHA
zimbraSSLExcludeCipherSuites: SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
zimbraSSLExcludeCipherSuites: SSL_DHE_RSA_WITH_DES_CBC_SHA
zimbraSSLExcludeCipherSuites: SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
zimbraSSLExcludeCipherSuites: SSL_RSA_EXPORT_WITH_RC4_40_MD5
zimbraSSLExcludeCipherSuites: SSL_RSA_WITH_DES_CBC_SHA

Please note that curl by default will not connect to RC4 ciphers:

https://bugzilla.redhat.com/show_bug.cgi?id=807749

Nginx Proxy Ciphers

Zimbra recommends that all sites (including single-server sites) use the Zimbra nginx proxy. The proxy provides an additional layer of security, defense in depth, and control. As of ZCS 8.7 or later, the nginx proxy is required in all ZCS installations.

With the proxy, one can provide tight control over ciphers. The single valued zimbraReverseProxySSLCiphers attribute configures what cipher suites the nginx proxy will allow to be negotiated over SSL. This affects HTTPS when the web proxy is enabled, and POP and IMAP when the mail proxy is enabled. It is only possible to set this value in globalconfig.

The current recommended setting is (removes RC4 from the default in 8.6):

ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4

It can be set using the zmprov mcf command:

$ zmprov mcf zimbraReverseProxySSLCiphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4'
$ zmproxyctl restart # on all proxies

SSL Protocols

As of ZCS 8.6, SSLv2 and SSLv3 are disabled by default. Only these SSL Protocols are enabled by default:

  • TLSv1
  • TLSv1.1
  • TLSv1.2

However, it has been found that certain older Microsoft Outlook clients (2011 and previous) require that the server also accept "SSLv2Hello". Enabling this does not mean that the server is actually allowing SSLv2, but it does mean that it allows the SSLv2Hello "introduction", before switching to TLSv1 or greater.

If using the Zimbra nginx proxy, it is not necessary to add SSLv2Hello to the mailstore configuration. However, if not using the Zimbra nginx proxy and only using the mailstore for SSL handling (i.e., mailboxd), then you must enable SSLv2Hello protocol to allow older Outlook clients to work:

zmprov mcf +zimbraMailboxdSSLProtocols SSLv2Hello
zmmailboxdctl restart

In ZCS 8.7, SSLv2Hello will be enabled by default: https://bugzilla.zimbra.com/show_bug.cgi?id=97332

Debugging Cipher issues

1. Jetty can use a Java startup option to log SSL and cipher debug data to /opt/zimbra/log/zmmailboxd.out:

-Djavax.net.debug=ssl,handshake,data

This can be added to the end of your mailboxd_java_options:

a. Get your current mailboxd_java_options:

$ zmlocalconfig mailboxd_java_options

b. Add the above to it:

 $ zmlocalconfig -e mailboxd_java_options="-server -Djava.awt.headless=true -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:NewRatio=2 -XX:PermSize=196m -XX:MaxPermSize=350m -XX:SoftRefLRUPolicyMSPerMB=1 -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCApplicationStoppedTime -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/opt/zimbra/log -XX:ErrorFile=/opt/zimbra/log/hs_err_pid%p.log -Dorg.apache.jasper.compiler.disablejsr199=true -Djava.net.preferIPv4Stack=true -XX:+PrintGCDateStamps -Xloggc:/opt/zimbra/log/gc.log -XX:-UseGCLogFileRotation -XX:NumberOfGCLogFiles=20 -XX:GCLogFileSize=4096K -Djavax.net.debug=ssl,handshake,data"

c. SSL and cipher logging will now be written to /opt/zimbra/log/zmmailboxd.out

2. OpenSSL can be used to test server availability of SSL protocols and ciphers. Please note, however, that the SSL ciphers are named differently in OpenSSL then they are in Java. You can find a mapping of those cipher names here:

These cipher names and category definitions (i.e., HIGH, MEDIUM, etc.) can be on that OpenSSL page above, and in turn are used in all Zimbra components that utilize OpenSSL, e.g., nginx, postfix, libcurl and others. Java/Jetty is not linked to OpenSSL, and therefore uses the longer cipher names indicated on this page.

a. OpenSSL testing:

These OpenSSL commands largely replicate what many older clients (such as Outlook 2011) use:

openssl s_client -tls1 -cipher RC4-SHA -connect mail.example.com:443
openssl s_client -tls1 -cipher DES-CBC3-SHA -connect mail.example.com:443

However, as noted above, some of these may also require SSLv2Hello first. The above ciphers in turn map to these in the JVM/Jetty:

TLS_RSA_WITH_RC4_128_SHA                          # OpenSSL RC4-SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA           # OpenSSL DES-CBC3-SHA

Bugs

Prior to ZCS 5.0.10, the zimbraSSLExcludeCipherSuites attribute values are not picked up by the Jetty configuration for HTTPS. To fix, replace all occurrences of zimbraSSLExcludeCipherSuites with zimbraSSLExcludeCipherSuitesXML in /opt/zimbra/jetty/etc/jetty.xml.in.

cd /opt/zimbra/jetty/etc
sed 's/%%zimbraSSLExcludeCipherSuites%%/%%zimbraSSLExcludeCipherSuitesXML%%/g' jetty.xml.in > /tmp/jetty.xml.in.new
cp jetty.xml.in /tmp/jetty.xml.in.old
mv /tmp/jetty.xml.in.new jetty.xml.in
zmmailboxdctl restart

Please see bug 30691 for more details.

References

Verified Against: Zimbra Collaboration Suite 5.0.9 Date Created: 10/1/2008
Article ID: https://wiki.zimbra.com/index.php?title=Cipher_suites Date Modified: 2015-08-12



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search