View Issue Details

IDProjectCategoryView StatusLast Update
0001352Main CAcert Websitemiscpublic2015-01-25 20:15
ReporterMathiasAssigned Tojandd 
PriorityurgentSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version2014 Q4 
Target Version2014 Q4Fixed in Version 
Summary0001352: list.cacert.org SSL/TLS configuration for SMTP is completely insecure
DescriptionHi!

SSL/TLS issues on lists.cacert.org (SMTP via STARTTLS):

- SSLv2 enabled
- SSLv3 enabled (POODLE attack)
- anonymous cipher suites enabled
- no TLS v1.1
- no TLS v1.2
- 0 bit ciphers accepted

For short: very extremely bad :-(

This host announces itself as

  220 lists.cacert.org ESMPT Postfix (Debian/GNU)

so the sections about the Postfix MTA on the BetterCrypto.org website https://bettercrypto.org/ may serve as a first step to improve the current situation.

Thanks for looking into this issue.

Mathias
TagsNo tags attached.
Reviewed by
Test Instructions

Relationships

child of 0001241 needs feedbackjandd cacert.org SSL/TLS configuration is bad on many levels 

Activities

Mathias

2014-12-14 13:07

reporter  

jandd

2014-12-27 11:31

administrator   ~0005208

diff --git a/postfix/main.cf b/postfix/main.cf
index 3072684..279b79f 100644
--- a/postfix/main.cf
+++ b/postfix/main.cf
@@ -21,11 +21,18 @@ smtpd_tls_key_file=/etc/ssl/private/ssl-cert-lists-cacert-multialtname.pem
 smtpd_use_tls=yes
 smtpd_tls_security_level = may
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtpd_tls_exclude_ciphers = aNULL, MD5, DES, RC4, ADH, 3DES
+smtpd_tls_protocols = !SSLv2
 
 smtp_tls_cert_file=$smtpd_tls_cert_file
 smtp_tls_key_file=$smtpd_tls_key_file
 smtp_tls_security_level = may
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+smtp_tls_ciphers = high
+smtp_tls_mandatory_ciphers = high
+smtp_tls_exclude_ciphers = aNULL, MD5, DES, RC4
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+smtp_tls_protocols = !SSLv2
 
 # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
 # information on enabling SSL in the smtp client.

makes sslize happy:

 CHECKING HOST(S) AVAILABILITY
 -----------------------------

   lists.cacert.org:25 => 213.154.225.231:25



 SCAN RESULTS FOR LISTS.CACERT.ORG:25 - 213.154.225.231:25
 ---------------------------------------------------------

  * Deflate Compression:
      VULNERABLE - Server supports Deflate compression

  * Session Renegotiation:
      Client-initiated Renegotiations: VULNERABLE - Server honors client-initiated renegotiations
      Secure Renegotiation: OK - Supported

  * OpenSSL Heartbleed:
      OK - Not vulnerable to Heartbleed

  * Certificate - Content:
      SHA1 Fingerprint: 6aae1690a21fcc1bb79371c01bbd2e14686945ea
      Common Name: lists.cacert.org
      Issuer: CA Cert Signing Authority
      Serial Number: 0ECAB8
      Not Before: Apr 8 21:53:18 2014 GMT
      Not After: Apr 7 21:53:18 2016 GMT
      Signature Algorithm: sha512WithRSAEncryption
      Key Size: 4096 bit
      Exponent: 65537 (0x10001)
      X509v3 Subject Alternative Name: {'othername': ['<unsupported>', '<unsupported>', '<unsupported>'], 'DNS': ['lists.cacert.org', 'cert.lists.cacert.org', 'nocert.lists.cacert.org']}

  * Certificate - Trust:
      Hostname Validation: OK - Subject Alternative Name matches
      "Mozilla NSS - 08/2014" CA Store: FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
      "Microsoft - 08/2014" CA Store: FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
      "Apple - OS X 10.9.4" CA Store: FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
      "Java 6 - Update 65" CA Store: FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
      Certificate Chain Received: ['lists.cacert.org']

  * Certificate - OCSP Stapling:
      NOT SUPPORTED - Server did not send back an OCSP response.

  * SSLV2 Cipher Suites:
      Server rejected all cipher suites.

  * Session Resumption:
      With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
      With TLS Session Tickets: NOT SUPPORTED - TLS ticket assigned but not accepted.

  * TLSV1_2 Cipher Suites:
      Preferred:
                 ECDHE-RSA-AES256-GCM-SHA384 ECDH-256 bits 256 bits 250 2.0.0 Ok
      Accepted:
                 ECDHE-RSA-AES256-SHA384 ECDH-256 bits 256 bits 250 2.0.0 Ok
                 ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok
                 ECDHE-RSA-AES256-GCM-SHA384 ECDH-256 bits 256 bits 250 2.0.0 Ok
                 DHE-RSA-CAMELLIA256-SHA DH-1024 bits 256 bits 250 2.0.0 Ok
                 DHE-RSA-AES256-SHA256 DH-1024 bits 256 bits 250 2.0.0 Ok
                 DHE-RSA-AES256-SHA DH-1024 bits 256 bits 250 2.0.0 Ok
                 DHE-RSA-AES256-GCM-SHA384 DH-1024 bits 256 bits 250 2.0.0 Ok
                 CAMELLIA256-SHA - 256 bits 250 2.0.0 Ok
                 AES256-SHA256 - 256 bits 250 2.0.0 Ok
                 AES256-SHA - 256 bits 250 2.0.0 Ok
                 AES256-GCM-SHA384 - 256 bits 250 2.0.0 Ok
                 ECDHE-RSA-AES128-SHA256 ECDH-256 bits 128 bits 250 2.0.0 Ok
                 ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits 250 2.0.0 Ok
                 ECDHE-RSA-AES128-GCM-SHA256 ECDH-256 bits 128 bits 250 2.0.0 Ok
                 DHE-RSA-SEED-SHA DH-1024 bits 128 bits 250 2.0.0 Ok
                 DHE-RSA-CAMELLIA128-SHA DH-1024 bits 128 bits 250 2.0.0 Ok
                 DHE-RSA-AES128-SHA256 DH-1024 bits 128 bits 250 2.0.0 Ok
                 DHE-RSA-AES128-SHA DH-1024 bits 128 bits 250 2.0.0 Ok
                 DHE-RSA-AES128-GCM-SHA256 DH-1024 bits 128 bits 250 2.0.0 Ok
                 SEED-SHA - 128 bits 250 2.0.0 Ok
                 CAMELLIA128-SHA - 128 bits 250 2.0.0 Ok
                 AES128-SHA256 - 128 bits 250 2.0.0 Ok
                 AES128-SHA - 128 bits 250 2.0.0 Ok
                 AES128-GCM-SHA256 - 128 bits 250 2.0.0 Ok

  * TLSV1_1 Cipher Suites:
      Preferred:
                 ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok
      Accepted:
                 ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok
                 DHE-RSA-CAMELLIA256-SHA DH-1024 bits 256 bits 250 2.0.0 Ok
                 DHE-RSA-AES256-SHA DH-1024 bits 256 bits 250 2.0.0 Ok
                 CAMELLIA256-SHA - 256 bits 250 2.0.0 Ok
                 AES256-SHA - 256 bits 250 2.0.0 Ok
                 ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits 250 2.0.0 Ok
                 DHE-RSA-SEED-SHA DH-1024 bits 128 bits 250 2.0.0 Ok
                 DHE-RSA-CAMELLIA128-SHA DH-1024 bits 128 bits 250 2.0.0 Ok
                 DHE-RSA-AES128-SHA DH-1024 bits 128 bits 250 2.0.0 Ok
                 SEED-SHA - 128 bits 250 2.0.0 Ok
                 CAMELLIA128-SHA - 128 bits 250 2.0.0 Ok
                 AES128-SHA - 128 bits 250 2.0.0 Ok

  * TLSV1 Cipher Suites:
      Preferred:
                 ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok
      Accepted:
                 ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok
                 DHE-RSA-CAMELLIA256-SHA DH-1024 bits 256 bits 250 2.0.0 Ok
                 DHE-RSA-AES256-SHA DH-1024 bits 256 bits 250 2.0.0 Ok
                 CAMELLIA256-SHA - 256 bits 250 2.0.0 Ok
                 AES256-SHA - 256 bits 250 2.0.0 Ok
                 ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits 250 2.0.0 Ok
                 DHE-RSA-SEED-SHA DH-1024 bits 128 bits 250 2.0.0 Ok
                 DHE-RSA-CAMELLIA128-SHA DH-1024 bits 128 bits 250 2.0.0 Ok
                 DHE-RSA-AES128-SHA DH-1024 bits 128 bits 250 2.0.0 Ok
                 SEED-SHA - 128 bits 250 2.0.0 Ok
                 CAMELLIA128-SHA - 128 bits 250 2.0.0 Ok
                 AES128-SHA - 128 bits 250 2.0.0 Ok

  * SSLV3 Cipher Suites:
      Preferred:
                 ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok
      Accepted:
                 ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok
                 DHE-RSA-CAMELLIA256-SHA DH-1024 bits 256 bits 250 2.0.0 Ok
                 DHE-RSA-AES256-SHA DH-1024 bits 256 bits 250 2.0.0 Ok
                 CAMELLIA256-SHA - 256 bits 250 2.0.0 Ok
                 AES256-SHA - 256 bits 250 2.0.0 Ok
                 ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits 250 2.0.0 Ok
                 DHE-RSA-SEED-SHA DH-1024 bits 128 bits 250 2.0.0 Ok
                 DHE-RSA-CAMELLIA128-SHA DH-1024 bits 128 bits 250 2.0.0 Ok
                 DHE-RSA-AES128-SHA DH-1024 bits 128 bits 250 2.0.0 Ok
                 SEED-SHA - 128 bits 250 2.0.0 Ok
                 CAMELLIA128-SHA - 128 bits 250 2.0.0 Ok
                 AES128-SHA - 128 bits 250 2.0.0 Ok



 SCAN COMPLETED IN 10.47 S
 -------------------------

unfortunatelly SSL compression cannot be disabled for postfix 2.9.x

Mathias

2015-01-25 20:15

reporter   ~0005273

Closed, thanks.

Issue History

Date Modified Username Field Change
2014-12-14 13:07 Mathias New Issue
2014-12-14 13:07 Mathias File Added: STARTTLS-lists.cacert.org-20141214.png
2014-12-14 13:07 Mathias Relationship added child of 0001241
2014-12-23 20:25 BenBE Assigned To => jandd
2014-12-23 20:25 BenBE Status new => needs work
2014-12-23 20:25 BenBE Product Version => 2014 Q4
2014-12-23 20:25 BenBE Target Version => 2014 Q4
2014-12-27 11:31 jandd Note Added: 0005208
2014-12-27 11:31 jandd Status needs work => solved?
2014-12-27 11:31 jandd Resolution open => fixed
2015-01-25 20:15 Mathias Note Added: 0005273
2015-01-25 20:15 Mathias Status solved? => closed