How to disable SSLv3: Difference between revisions
(→Testing: - show an example of openssl output when SSLv3 is disabled on Jetty) |
No edit summary |
||
Line 1: | Line 1: | ||
{{ZC}}{{Article Infobox|{{admin}}|{{ZCS 8.0}}|{{ZCS 8.5}}|}}==How to disable SSLv3== | {{ZC}}{{Article Infobox|{{admin}}|{{ZCS 8.0}}|{{ZCS 8.5}}|}}==How to disable SSLv3== | ||
Due to the recent discovery of a new SSL vulnerability ([http://googleonlinesecurity.blogspot.co.uk/2014/10/this-poodle-bites-exploiting-ssl-30.html CVE-2014-3566: Poodle SSLv3]), this protocol has been considered unsafe. This is a protocol flaw and Zimbra might include patches or configuration changes in future releases. Please check existing Bug https://bugzilla.zimbra.com/show_bug.cgi?id=95976 for more information. | Due to the recent discovery of a new SSL vulnerability ([http://googleonlinesecurity.blogspot.co.uk/2014/10/this-poodle-bites-exploiting-ssl-30.html CVE-2014-3566: Poodle SSLv3]), this protocol has been considered unsafe with https. This is a protocol flaw and Zimbra might include patches or configuration changes in future releases. Please check existing Bug https://bugzilla.zimbra.com/show_bug.cgi?id=95976 for more information. | ||
As a workaround, this guide will help you on how to disable SSLv3 with Zimbra. This has been tested on both ZCS 8.0.8 and 8.5.0 releases. | As a workaround, this guide will help you on how to disable SSLv3 with Zimbra. This has been tested on both ZCS 8.0.8 and 8.5.0 releases. | ||
'''Warnings:''' | '''Warnings:''' | ||
* Disabling SSLv3 might prevent older browsers to connect to Zimbra using SSL as they don't support TLS 1.0. | * '''The current attack vector as shown by the researchers works with controlling the plaintext sent to the server using Javascript being run on the victim's machine. This vector does not apply to non-HTTPS scenarios without using a browser. So right now the risk of exploiting this vulnerability with non-HTTPS protocols is very low. Due to the nature of the POP3 and IMAP protocols, performing the POODLE attack is a very remote possibility. The Zimbra Security Team believes that you are currently not at risk using SSLv3/STARTTLS with e-mail protocols (POP3, IMAP and SMTP). We are including here information on how to disable SSLv3 for Postfix (MTA), nginx (POP3-SSL and IMAP-SSL) for customers who still want to do this. At the moment, it's not possible to disable SSLv3 with mailboxd (Jetty) for POP3-SSL and IMAP-SSL'''. | ||
* Disabling SSLv3 might prevent older browsers to connect to Zimbra using SSL as they don't support TLS 1.0. Microsoft Internet Explorer 6 on Windows XP or earlier is known to to require SSLv3 (it does not support TLS1.0, TLS1.1 or TLS1.2): https://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsers | |||
'''Recommendation:''' | '''Recommendation:''' | ||
* For multi-server installations where only your proxy/MTAs will be exposed do the Internet, it should be enough to only disable SSLv3 at these hosts. | * For multi-server installations where only your proxy/MTAs will be exposed do the Internet, it should be enough to only disable SSLv3 at these hosts. | ||
=== Nginx (Proxy) === | === Nginx (Proxy) === | ||
Line 184: | Line 115: | ||
==== ZCS 8.0.x ==== | ==== ZCS 8.0.x ==== | ||
* Note: at the moment, it's not possible to disable SSLv3 with mailboxd (Jetty) for POP3-SSL and IMAP-SSL. | |||
We have provided downloadable '''/opt/zimbra/jetty/etc/jetty.xml.in''' file locations for IRONMAIDEN. Make sure you backup the original jetty.xml.in first. | We have provided downloadable '''/opt/zimbra/jetty/etc/jetty.xml.in''' file locations for IRONMAIDEN. Make sure you backup the original jetty.xml.in first. | ||
Line 224: | Line 157: | ||
==== ZCS 8.5.x ==== | ==== ZCS 8.5.x ==== | ||
* Note: at the moment, it's not possible to disable SSLv3 with mailboxd (Jetty) for POP3-SSL and IMAP-SSL. | |||
Find the '''SslContextFactory''' in '''/opt/zimbra/jetty/etc/jetty.xml.in''' and add this XML: | Find the '''SslContextFactory''' in '''/opt/zimbra/jetty/etc/jetty.xml.in''' and add this XML: | ||
Line 295: | Line 230: | ||
995 - POP3-SSL | 995 - POP3-SSL | ||
7071 - AdminUI SSL | 7071 - AdminUI SSL | ||
</pre> | |||
=== Postfix (MTA)=== | |||
'''Warnings:''' | |||
* Disabling SSLv3 might prevent [http://en.wikipedia.org/wiki/Comparison_of_email_clients#SSL_and_TLS_support older mail clients] to connect to Zimbra since they might not support TLS. This is important when using the 465 port (SMTP-SSL), where encryption is mandatory (smtpd_tls_mandatory_protocols). | |||
==== ZCS 8.5.x ==== | |||
At the MTA server, run (as zimbra): | |||
<pre>zmprov mcf zimbraMtaSmtpdTlsProtocols '!SSLv2,!SSLv3'</pre> | |||
<pre>postconf -e smtpd_tls_mandatory_protocols='!SSLv2,!SSLv3'</pre> | |||
'''Run "zmmtactl stop ; zmmtactl start" to force the changes''' on ''zimbraMtaSmtpdTlsProtocols'' or wait for mailboxd to rewrite Postfix config from LDAP after 2 minutes. | |||
Note that smtpd_tls_mandatory_protocols will need to be set after every upgrade as there is no way to preserve them for now in 8.5.x versions. | |||
==== ZCS 8.0.x ==== | |||
At the MTA server, run (as zimbra): | |||
<pre>postconf -e smtpd_tls_protocols='!SSLv2,!SSLv3'</pre> | |||
<pre>postconf -e smtpd_tls_mandatory_protocols='!SSLv2,!SSLv3'</pre> | |||
Note that smtpd_tls_protocols and smtpd_tls_mandatory_protocols will need to be set after every upgrade for 8.0.x versions. | |||
==== Testing STARTTLS on port 25 ==== | |||
Run openssl, forcing SSLv3: | |||
openssl s_client -connect mail.example.com:25 -ssl3 -starttls smtp | |||
Confirm that connection is refused with an "ssl handshake failure": | |||
CONNECTED(00000003) | |||
140701008086856:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1257:SSL alert number 40 | |||
140701008086856:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:'''ssl handshake failure''':s3_pkt.c:596: | |||
--- | |||
SSL handshake has read 220 bytes and written 0 bytes | |||
--- | |||
New, (NONE), Cipher is (NONE) | |||
Secure Renegotiation IS NOT supported | |||
Compression: NONE | |||
Expansion: NONE | |||
SSL-Session: | |||
Protocol : SSLv3 | |||
Cipher : 0000 | |||
Session-ID: | |||
Session-ID-ctx: | |||
Master-Key: | |||
Key-Arg : None | |||
Krb5 Principal: None | |||
PSK identity: None | |||
PSK identity hint: None | |||
Start Time: 1413400965 | |||
Timeout : 7200 (sec) | |||
Verify return code: 0 (ok) | |||
==== Testing SMTP-SSL ==== | |||
<pre>timeout 3 openssl s_client -connect mail.example.com:465 -ssl3</pre> | |||
If it shows a failure, it's good and we don't support SSLv3: | |||
<pre> | |||
140532971947680:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1275:SSL alert number 40 | |||
140532971947680:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598: | |||
</pre> | </pre> |
Revision as of 22:18, 17 October 2014
Article Information |
---|
This article applies to the following ZCS versions. |
How to disable SSLv3
Due to the recent discovery of a new SSL vulnerability (CVE-2014-3566: Poodle SSLv3), this protocol has been considered unsafe with https. This is a protocol flaw and Zimbra might include patches or configuration changes in future releases. Please check existing Bug https://bugzilla.zimbra.com/show_bug.cgi?id=95976 for more information.
As a workaround, this guide will help you on how to disable SSLv3 with Zimbra. This has been tested on both ZCS 8.0.8 and 8.5.0 releases.
Warnings:
- The current attack vector as shown by the researchers works with controlling the plaintext sent to the server using Javascript being run on the victim's machine. This vector does not apply to non-HTTPS scenarios without using a browser. So right now the risk of exploiting this vulnerability with non-HTTPS protocols is very low. Due to the nature of the POP3 and IMAP protocols, performing the POODLE attack is a very remote possibility. The Zimbra Security Team believes that you are currently not at risk using SSLv3/STARTTLS with e-mail protocols (POP3, IMAP and SMTP). We are including here information on how to disable SSLv3 for Postfix (MTA), nginx (POP3-SSL and IMAP-SSL) for customers who still want to do this. At the moment, it's not possible to disable SSLv3 with mailboxd (Jetty) for POP3-SSL and IMAP-SSL.
- Disabling SSLv3 might prevent older browsers to connect to Zimbra using SSL as they don't support TLS 1.0. Microsoft Internet Explorer 6 on Windows XP or earlier is known to to require SSLv3 (it does not support TLS1.0, TLS1.1 or TLS1.2): https://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsers
Recommendation:
- For multi-server installations where only your proxy/MTAs will be exposed do the Internet, it should be enough to only disable SSLv3 at these hosts.
Nginx (Proxy)
ZCS 8.0.x / 8.5.x
Tarballs of the SSL specific Nginx configuration template files have been provided which disables SSLv3 for HTTPS/IMAPS/POP3S. Please make a backup of /opt/zimbra/conf/nginx/templates prior to proceeding.
ZCS 8.0.x http://files.zimbra.com/downloads/support/bug95976/nginx/nginx-ssl-templates-80x.tgz
ZCS 8.5.0 http://files.zimbra.com/downloads/support/bug95976/nginx/nginx-ssl-templates-850.tgz
Installation is the same for both ZCS 8.0.x and 8.5.0, just be sure to download the correct tarball for your ZCS version. To install as root
cd /opt/zimbra/conf/nginx/templates curl http://files.zimbra.com/downloads/support/bug95976/nginx/nginx-ssl-templates-80x.tgz | tar zxvf - su - zimbra zmproxyctl restart
Alternatively, you can edit each nginx template file separately. For all nginx templates in /opt/zimbra/conf/nginx/templates/ that use SSL, set the ssl_protocols option:
/opt/zimbra/conf/nginx/templates/:
nginx.conf.mail.imaps.default.template nginx.conf.mail.imaps.template nginx.conf.mail.pop3s.default.template nginx.conf.mail.pop3s.template nginx.conf.mail.template nginx.conf.web.admin.default.template nginx.conf.web.admin.template nginx.conf.web.https.default.template nginx.conf.web.https.template nginx.conf.web.sso.default.template nginx.conf.web.sso.template
For example, you will see an "ssl" block in each of these within the server { } section:
ssl on; ssl_prefer_server_ciphers ${web.ssl.preferserverciphers}; ssl_ciphers ${web.ssl.ciphers}; ssl_certificate ${ssl.crt.default}; ssl_certificate_key ${ssl.key.default};
Add the following to the end of the ssl section:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
The result will look something like this (may vary per file):
server { ${core.ipboth.enabled}listen [::]:${web.https.port} default; ${core.ipv4only.enabled}listen ${web.https.port} default; ${core.ipv6only.enabled}listen [::]:${web.https.port} default ipv6only=on; server_name ${web.server_name.default}.default; client_max_body_size 0; ssl on; ssl_prefer_server_ciphers ${web.ssl.preferserverciphers}; ssl_ciphers ${web.ssl.ciphers}; ssl_certificate ${ssl.crt.default}; ssl_certificate_key ${ssl.key.default}; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ...
Restart the proxy servers with the following:
zmproxyctl restart
Testing
You can run the following command to verify common ports when using the Zimbra proxy (run this at the proxy):
for p in 993 995 443 ; do echo Port $p ; timeout 3 openssl s_client -connect `zmhostname`:$p -ssl3 |grep failure ; done
If it shows a failure, it's good and we don't support SSLv3:
140532971947680:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1275:SSL alert number 40 140532971947680:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598:
If you are seeing:
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-SHA Server public key is 2048 bit Secure Renegotiation IS supported
SSLv3 is still enabled and you need to verify the changes.
If you are proxying adminUI, please add port 9071, 7071 or the port you have configured. If you are proxying SSO requests, please add port 3443.
In alternative, you can test the following ports individually:
443 - HTTPS 993 - IMAP-SSL 995 - POP3-SSL 9071 or 7071 - AdminUI SSL
with
openssl s_client -connect host.zimbra.com:<port> -ssl3
Jetty (mailboxd)
ZCS 8.0.x
- Note: at the moment, it's not possible to disable SSLv3 with mailboxd (Jetty) for POP3-SSL and IMAP-SSL.
We have provided downloadable /opt/zimbra/jetty/etc/jetty.xml.in file locations for IRONMAIDEN. Make sure you backup the original jetty.xml.in first.
ZCS 8.0.0-8.0.2 http://files.zimbra.com/downloads/support/bug95976/jetty/800-802/jetty.xml.in
ZCS 8.0.3 http://files.zimbra.com/downloads/support/bug95976/jetty/803/jetty.xml.in
ZCS 8.0.4-8.0.6 http://files.zimbra.com/downloads/support/bug95976/jetty/804-806/jetty.xml.in
ZCS 8.0.7-8.0.8 http://files.zimbra.com/downloads/support/bug95976/jetty/807-808/jetty.xml.in
In alternative you can edit the file and find the SslSelectChannelConnector instances in /opt/zimbra/jetty/etc/jetty.xml.in:
$ grep SslSelectChannel jetty.xml.in <New id="ssl" class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> <New id="ssl-clientcert" class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> <New id="admin" class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> <New id="admin_local" class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
Under each, add the following XML
<Get name="SslContextFactory"> <Set name="ExcludeProtocols"> <Array type="java.lang.String"> <Item>SSLv3</Item> </Array> </Set> </Get>
Don't forget to do a "zmmailboxdctl restart' to apply the changes.
ZCS 8.5.x
- Note: at the moment, it's not possible to disable SSLv3 with mailboxd (Jetty) for POP3-SSL and IMAP-SSL.
Find the SslContextFactory in /opt/zimbra/jetty/etc/jetty.xml.in and add this XML:
<Set name="ExcludeProtocols"> <Array type="java.lang.String"> <Item>SSLv3</Item> </Array> </Set>
Do a "zmmailboxdctl restart' to apply the changes.
Testing
We should run the following command (as zimbra) for every port using SSL:
openssl s_client -connect `zmhostname`:<port> -ssl3
Example, for port 443:
openssl s_client -connect `zmhostname`:443 -ssl3
If it shows a failure, it's good and we don't support SSLv3:
140532971947680:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1275:SSL alert number 40 140532971947680:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598:
or below (an example with ZCS 8.0.x and Jetty 7.6 w/SSLv3 successfully disabled):
CONNECTED(00000003) write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1413506064 Timeout : 7200 (sec) Verify return code: 0 (ok) ---
If you are seeing:
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-SHA Server public key is 2048 bit Secure Renegotiation IS supported
SSLv3 is still enabled and you need to verify the changes.
List of common ports:
443 - HTTPS 993 - IMAP-SSL 995 - POP3-SSL 7071 - AdminUI SSL
Postfix (MTA)
Warnings:
- Disabling SSLv3 might prevent older mail clients to connect to Zimbra since they might not support TLS. This is important when using the 465 port (SMTP-SSL), where encryption is mandatory (smtpd_tls_mandatory_protocols).
ZCS 8.5.x
At the MTA server, run (as zimbra):
zmprov mcf zimbraMtaSmtpdTlsProtocols '!SSLv2,!SSLv3'
postconf -e smtpd_tls_mandatory_protocols='!SSLv2,!SSLv3'
Run "zmmtactl stop ; zmmtactl start" to force the changes on zimbraMtaSmtpdTlsProtocols or wait for mailboxd to rewrite Postfix config from LDAP after 2 minutes. Note that smtpd_tls_mandatory_protocols will need to be set after every upgrade as there is no way to preserve them for now in 8.5.x versions.
ZCS 8.0.x
At the MTA server, run (as zimbra):
postconf -e smtpd_tls_protocols='!SSLv2,!SSLv3'
postconf -e smtpd_tls_mandatory_protocols='!SSLv2,!SSLv3'
Note that smtpd_tls_protocols and smtpd_tls_mandatory_protocols will need to be set after every upgrade for 8.0.x versions.
Testing STARTTLS on port 25
Run openssl, forcing SSLv3:
openssl s_client -connect mail.example.com:25 -ssl3 -starttls smtp
Confirm that connection is refused with an "ssl handshake failure":
CONNECTED(00000003) 140701008086856:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1257:SSL alert number 40 140701008086856:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596: --- SSL handshake has read 220 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1413400965 Timeout : 7200 (sec) Verify return code: 0 (ok)
Testing SMTP-SSL
timeout 3 openssl s_client -connect mail.example.com:465 -ssl3
If it shows a failure, it's good and we don't support SSLv3:
140532971947680:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1275:SSL alert number 40 140532971947680:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598: