SSL POODLE / SSLv3 bug

[a_l_e_1972]

Thank you cmaxwell for your suggestion, my fault!
Now the service started but TLS_CIPHER_LIST appear incompatible with clients
"courier-pop3s: couriertls: connect: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher"

 

[cmaxwell]

Thank you cmaxwell for your suggestion, my fault!
Now the service started but TLS_CIPHER_LIST appear incompatible with clients
"courier-pop3s: couriertls: connect: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher"

Yes, that's the situation we face too - please see my previous comments with the suggested TLS_CIPHER_LIST setting which works.

 

[JCV]

We have been in touch with Parallels via ticket and they have confirmed that the suggested ciphers do not work for Courier IMAP. They say that they will be updating the KB article with the correct ciphers.

Hi cmaxwell. Me too have in my plesk 11.09 debian wheezy CIPHER error with force TLS like KB123160

Oct 20 16:05:53 pop3d-ssl: couriertls: connect: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

I had to come back pop3s and imaps to SSL because with TLS mail clients can not connect.

I openned support parallels ticket about this but any solution yet.

I hope they update KB article with the correct CIPHER like you have say.

I will write for news.

Thanks for your help.

 

[cmaxwell]

@JCV Seems like enabling more ciphers in imapd-ssl/pop3d-ssl is the only solution at present. We also have a ticket open with Parallels and awaiting a solution (they said the KB article only fixes POP/IMAP for Plesk 12, but that's not much help as most users will be using < Plesk 12 as it's so new).

 

[LarsenD]

Same problem with "no shared cipher" here, too.
Multiple servers running Debian Squeeze, Wheezy and Ubuntu Lucid, Precise.

 

[UFHH01]

I know it seems useless for some users, but the thread contains a whole bunch of suggestions, which you could try out, to fit your needs ( or custom modifications ).


If you still experience issues/problems, it really might help, if you:

• post your operating system
• post the current Ples version used ( inlc. MU# )

... and describe what you did to solve the issue/problem.

• A further investigation of your logs => Parallels Plesk Panel for Linux services logs and configuration files ( KB: 111283 )
• and connect ouput from "openssl s_client -connect localhost:993 -quiet"

... will help people willing to help to provide you with further suggestions. A single post like "This doesn't work" is not pointing to your potential issue/problem, I'm afraid.

 

[LarsenD]

My post was only ment to provide infos on which OS are affected. Plesk version is 12 on all of them. I think that Parallels will provide a solution as others mentioned they are working on it.

 

[IgorG]

I openned support parallels ticket about this but any solution yet.

Could you please give me ticket ID? I would like to check it.

 

[cmaxwell]

We received a ticket response from Parallels saying that it's only possible to disable SSLv3 for Courier POP/IMAP in Plesk 12, and that for earlier versions the updated OpenSSL package should be installed.

My understanding is that simply updating OpenSSL is not sufficient to protect against POODLE and that applications still need to be reconfigured - can anyone clarify this? If so, I still don't see how we can patch Courier POP/IMAP in Plesk 11.5.30 since Parallels say that SSLv3 can't be disabled.

 

[JCV]

Could you please give me ticket ID? I would like to check it.

Hi IgorG.

My ticket is: Parallels #1967874

And this is their solution:
------------------------------------------------------------------------------------------------------------------------------------------------------------------
Hello,

I believe you have followed all the steps mentioned in KB article: http://kb.odin.com/en/123160 including postfix which will ensure server security. I understood that you have already disabled SSLv3 in SMTPS, POP and IMPA. In order to ensure complete security disable in postfix and courier imap too.
------------------------------------------------------------------------------------------------------------------------------------------------------------------

I tell them that KB123160 CHIPER not work in my plesk 11.09 debian 6 wheezy but they answer to do KB[URL='http://kb.odin.com/en/123160']123160[/URL]. They do no understand me that force TLS in courier imap-pop and postfix smtp not work.


I hope a solution like cmaxwell hope too.

Thanks IgorG.

 

[UFHH01]

Hi JCV,

I wrote another post yesterday on that issue which you might be interested in: http://talk.plesk.com/threads/cant-send-mail-from-horde-since-poodle-patch.324511/#post-762689

 

[JCV]

Hi UHHH01 !

In my plesk linux 11.09 debian wheezy 32 bits, Apache+Nginx+Postfix smtps with SSLv2 y SSLv3 disabled and forced TLS, works ok doing the steps on KB123160.

However courier-imap pop3s imaps not work with
TLS_CIPHER_LIST="ALL:!SSLv2:!SSLv3:!ADH:!NULL:!EXPORT:!DES:!LOWSTRENGTH"

You say me that uses:

TLS_CIPHER_LIST="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384HE-RSA-AES128-GCM-SHA256HE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHAHE-RSA-AES128-SHA256HE-RSA-AES128-SHAHE-DSS-AES128-SHA256HE-RSA-AES256-SHA256HE-DSS-AES256-SHAHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIAES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:"


But above works because use all ciphers avalaible but not disable SSLv2 and SSLv3. So it works because is over SSL no over TLS.

I did this (view last line with "!SSLv2:!SSLv3" ):

TLS_CIPHER_LIST="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384HE-RSA-AES128-GCM-SHA256HE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHAHE-RSA-AES128-SHA256HE-RSA-AES128-SHAHE-DSS-AES128-SHA256HE-RSA-AES256-SHA256HE-DSS-AES256-SHAHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIAES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SSLv2:!SSLv3"

And then not works because force TLS.

Moreover, cipher list above is same that use "ALL" -> TLS_CIPHER_LIST="ALL:!SSLv2:!SSLv3:!ADH:!NULL:!EXPORT:!DES:!LOWSTRENGTH"

I hope KB update a solution.

By the moment myplesk is vulnerable only for 993 and 995 because I have to use SSL and not TLS:

myplesk:21 - Not vulnerable. Failed to establish SSLv3 connection.
myplesk:587 - Not vulnerable. Failed to establish SSLv3 connection.
myplesk:443 - Not vulnerable. Failed to establish SSLv3 connection.
myplesk:465 - Not vulnerable. Failed to establish SSLv3 connection.
myplesk:8443 - Not vulnerable. Failed to establish SSLv3 connection.
myplesk:993 - Vulnerable! SSLv3 connection established using SSLv3/AES256-SHA
myplesk:995 - Vulnerable! SSLv3 connection established using SSLv3/AES256-SHA


Thanks for your help.

 

[a_l_e_1972]

Hi UHHH01 !

In my plesk linux 11.09 debian wheezy 32 bits, Apache+Nginx+Postfix smtps with SSLv2 y SSLv3 disabled and forced TLS, works ok doing the steps on KB123160.

However courier-imap pop3s imaps not work with
TLS_CIPHER_LIST="ALL:!SSLv2:!SSLv3:!ADH:!NULL:!EXPORT:!DES:!LOWSTRENGTH"

You say me that uses:

TLS_CIPHER_LIST="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384HE-RSA-AES128-GCM-SHA256HE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHAHE-RSA-AES128-SHA256HE-RSA-AES128-SHAHE-DSS-AES128-SHA256HE-RSA-AES256-SHA256HE-DSS-AES256-SHAHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIAES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:"


But above works because use all ciphers avalaible but not disable SSLv2 and SSLv3. So it works because is over SSL no over TLS.

I did this (view last line with "!SSLv2:!SSLv3" ):

TLS_CIPHER_LIST="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384HE-RSA-AES128-GCM-SHA256HE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHAHE-RSA-AES128-SHA256HE-RSA-AES128-SHAHE-DSS-AES128-SHA256HE-RSA-AES256-SHA256HE-DSS-AES256-SHAHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIAES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SSLv2:!SSLv3"

And then not works because force TLS.

Moreover, cipher list above is same that use "ALL" -> TLS_CIPHER_LIST="ALL:!SSLv2:!SSLv3:!ADH:!NULL:!EXPORT:!DES:!LOWSTRENGTH"

I hope KB update a solution.

By the moment myplesk is vulnerable only for 993 and 995 because I have to use SSL and not TLS:

myplesk:21 - Not vulnerable. Failed to establish SSLv3 connection.
myplesk:587 - Not vulnerable. Failed to establish SSLv3 connection.
myplesk:443 - Not vulnerable. Failed to establish SSLv3 connection.
myplesk:465 - Not vulnerable. Failed to establish SSLv3 connection.
myplesk:8443 - Not vulnerable. Failed to establish SSLv3 connection.
myplesk:993 - Vulnerable! SSLv3 connection established using SSLv3/AES256-SHA
myplesk:995 - Vulnerable! SSLv3 connection established using SSLv3/AES256-SHA


Thanks for your help.

Idem with plesk 12.0.8

 

[UFHH01]

Hi JCV,

the suggestion is based on the mozilla.org "Intermediate compatibility" from https://wiki.mozilla.org/Security/Server_Side_TLS :

Copied from mozilla.org - updated last 21.10.2014


Intermediate compatibility (default)
For services that don't need compatibility with legacy clients (mostly WinXP), but still need to support a wide range of clients, this configuration is recommended. It is is compatible with Firefox 1, Chrome 1, IE 7, Opera 5 and Safari 1.

Ciphersuite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
Versions: TLSv1, TLSv1.1, TLSv1.2
RSA key size: 2048
DH Parameter size: 2048 (1024 tolerable)
Elliptic curves: secp256r1, secp384r1, secp521r1 (at a minimum)
Certificate signature: SHA-256

As well, my suggestion will not point to actual vulnerabilities, especially not to Poodle, as you can as well check with the site https://www.ssllabs.com/ssltest/ . All domains on my servers get at least an "A", depending on the used certificates an "A+".

Be sure to use "SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2" so that it doesn't include ALL, but still the other suggested TLS protocols.

 

[JCV]

Hi UFHH01.
TLS_CIPHER_LIST="-ALL:+TLSv1:+TLSv1.1:+TLSv1.2" not work.


I tried too:

nano /etc/courier/pop3d-ssl
POP3DSSLSTART=YES
POP3_STARTTLS=YES
POP3_TLS_REQUIRED=1
TLS_PROTOCOL=TLS1
TLS_STARTTLS_PROTOCOL=TLS1
TLS_CIPHER_LIST="ALL:!SSLv2:!SSLv3:!ADH:!NULL:!EXPORT:!DES:!LOWSTRENGTH"

But same error. Clients can not connect to pop3s. In plesk same error:

Oct 23 09:48:27
pop3d: couriertls: accept: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

Thanks.

 

[UFHH01]

Hi JCV,

if you use the provided poodle check from Parallels, you will notice, that the "poodle.sh" - script only checks, if you use SSL3 ciphers. This is not really a decent check - it's a short work-around, but the check doesn't really point out, that there are SSL3 ciphers which are NOT vulnerable. The provided cipher - list in my post IS save.

Again from my post ( http://talk.plesk.com/threads/cant-send-mail-from-horde-since-poodle-patch.324511/#post-762689 ) :

The definition "SSLProtocol All -SSLv2 -SSLv3" will indead cause failures with some mail - clients, untill they will finally update their software. Another reason why this won't work properly as intended, is the fact that "-SSLv3" as well removes some TLSv1 ciphers and after removing "SSLv2", you are now only supporting TLSv1.2 - conclusing: bad idea , because TLSv1.2 is not supported with all clients.

That's why you have to define the rather long cipher-list, instead of the short one, provided by Parallels.
Yes, this does include some TLSv1 and TLSv1.1 ciphers as well, but you will use ciphers, which are NOT vulnerable, as you may check at https://www.ssllabs.com/ssltest/ with a decent and complete test.

 

[JCV]

Solved!

Hi guys!

Finally solved courier-imap issues with:

****************************************
TLS_PROTOCOL=TLS1
TLS_CIPHER_LIST="ECDH+AESGCMH+AESGCM:ECDH+AES256H+AES256:ECDH+AES128H+AES:ECDH+3DESH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
****************************************

It has been update on KB123160

Now my plesk is OK about poodle for POP3S and IMAPS too:

myplesk:993 - Not vulnerable. Failed to establish SSLv3 connection.
myplesk:995 - Not vulnerable. Failed to establish SSLv3 connection.

Tested with Thunderbird client.

Thanks all!

 

[vincenzo.t]

Hello,

the link http://kb.odin.com/it/123160 for linux not works, please for admin to check.

Regards

 

[StewartGC]

Hello all,

We are running Plesk v12.0.18 update 5 and we have followed the same Plesk KB article http://kb.odin.com/en/123160 and have also applied the new cipher lists for the courier-imap as below:

************************************
TLS_PROTOCOL=TLS1
TLS_CIPHER_LIST="ECDH+AESGCMH+AESGCM:ECDH+AES256H+AES256:ECDH+AES128H+AES:ECDH+3DESH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
************************************

When we run the poodle.sh script we are still showing that port 993 and port 995 are vulnerable. If we put :!SSLv2:!SSLv3 at the end of the cipher list and run the poodle.sh script again it says the ports are Not vulnerable but then our Apple devices cannot connect to their plesk mailbox as they use 993 and 995 on ssl and cannot use TLS.

Has anyone else experienced this issue or can offer advice please?

 

[UFHH01]

Hi StewartGC,

you might want to try this suggestions and configurations:

Hi JCV,

if you use the provided poodle check from Parallels, you will notice, that the "poodle.sh" - script only checks, if you use SSL3 ciphers. This is not really a decent check - it's a short work-around, but the check doesn't really point out, that there are SSL3 ciphers which are NOT vulnerable. The provided cipher - list in my post IS save.

Again from my post ( http://talk.plesk.com/threads/cant-send-mail-from-horde-since-poodle-patch.324511/#post-762689 ) :

That's why you have to define the rather long cipher-list, instead of the short one, provided by Parallels.
Yes, this does include some TLSv1 and TLSv1.1 ciphers as well, but you will use ciphers, which are NOT vulnerable, as you may check at https://www.ssllabs.com/ssltest/ with a decent and complete test.