Disable SSLv3 protocol and weak ciphers

[DavidePrincipi]

Almost three years have passed since POODLE vulnerability and modern clients do not user SSLv3 protocol any more. We can remove support for SSLv3, providing an option to turn it on again for legacy environments.

The default must be backward compatible, at least until the release of NethServer 7.5 ISO.

• https://community.nethserver.org/t/gdpr-and-ssl-hardening/9006
• See also https://github.com/NethServer/dev/issues/5438

[stephdl]

list of services to concentrate effort (now), once the prop name will be found, and possible settings httpd see https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29

SSLProtocol all -SSLv2 -SSLv3
#SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!SEED:!IDEA
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
SSLCompression Off

postfix see https://github.com/NethServer/dev/issues/5420 and http://www.postfix.org/TLS_README.html#server_cipher & http://www.postfix.org/TLS_README.html#client_cipher

smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_protocols=!SSLv2,!SSLv3
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5

smtp_tls_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_exclude_ciphers = RC4, MD5

dovecot see https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-hardening_tls_configuration#sec-Configuring_Specific_Applications

ssl_cipher_list = HIGH:!LOW:!SSLv2:!SSLv3:!EXP!aNULL:!MD5   
ssl_prefer_server_ciphers = yes

ssh see https://infosec.mozilla.org/guidelines/openssh.html KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256

Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com

[DavidePrincipi]

Let's discuss the service list on community!

https://community.nethserver.org/t/gdpr-and-ssl-hardening/9006/17

Could you also provide any reference for the configurations above? Just a list of URLs to add to READMEs for future reference and to discuss on community...

[stephdl]

some reading https://bettercrypto.org/static/applied-crypto-hardening.pdf, website at https://bettercrypto.org

[nethbot]

in 7.4.1708/testing:

• nethserver-base-3.1.2-1.2.g644c75f.ns7.noarch.rpm

[nethbot]

in 7.4.1708/testing:

• nethserver-base-3.1.2-1.3.gfbbe880.ns7.noarch.rpm

[DavidePrincipi]

https://github.com/NethServer/dev/issues/5438

[nethbot]

in 7.4.1708/testing:

• nethserver-base-3.1.2-1.5.g14a234d.ns7.noarch.rpm

[nethbot]

in 7.4.1708/testing:

• nethserver-base-3.1.2-1.7.g6bce291.ns7.noarch.rpm

[nethbot]

in 7.4.1708/testing:

• nethserver-base-3.1.2-1.9.g8b4ae2b.ns7.noarch.rpm

[DavidePrincipi]

For QA, loved this tool

https://github.com/drwetter/testssl.sh

[stephdl]

to test if the ssl is hardened, install testssl and check with it IF the policy 2018-03-30 is well applied by comparing the cipher value wanted in configuration files and the ciphers found.

yum install git git clone --depth 1 https://github.com/drwetter/testssl.sh.git cd testssl.sh/

• https (tls 1.0,tls1.1,tls1.2) check for cipher selection 2018-03-30 in /etc/httpd/conf.d/nethserver.conf and compare ./testssl.sh 127.0.0.1:443

• httpd-admin (must be only tls1.2) check for cipher selection 2018-03-30 in /etc/httpd/admin-conf/httpd.conf and compare ./testssl.sh 127.0.0.1:980

• ports for smtp check for cipher selection 2018-03-30 in /etc/postfix/main.cf and compare

  ./testssl.sh   -t smtp 127.0.0.1:25
  ./testssl.sh   -t smtp 127.0.0.1:587

• imap and pop3 check for cipher selection 2018-03-30 in /etc/dovecot/dovecot.conf and compare

  ./testssl.sh   -t imap 127.0.0.1:143
  ./testssl.sh   -t pop3 127.0.0.1:110

• sshd check for cipher selection 2018-03-30 in /etc/ssh/sshd_config and compare sshd -T or more precise

  ssh -Q cipher
  ssh -Q cipher-auth
  ssh -Q mac
  ssh -Q kex
  ssh -Q key

[gsanchietti]

Dovecot OK, tested using nmap (https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html)

Port 110:

nmap -sV --script ssl-enum-ciphers -p 110 nethservice.nethesis.it Starting Nmap 7.60 ( https://nmap.org ) at 2018-03-30 10:26 CEST Nmap scan report for nethservice.nethesis.it (192.168.5.252) Host is up (0.00024s latency). rDNS record for 192.168.5.252: imap.nethesis.it

PORT STATE SERVICE VERSION 110/tcp open pop3 Dovecot pop3d | ssl-enum-ciphers: | TLSv1.0: | ciphers: | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp384r1) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: server | TLSv1.1: | ciphers: | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp384r1) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: server | TLSv1.2: | ciphers: | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp384r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp384r1) - A | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp384r1) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp384r1) - A | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp384r1) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBCSHA (rsa 2048) - A | compressors: | NULL | cipher preference: server | least strength: A

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 1.00 seconds

Port 143:

nmap -sV --script ssl-enum-ciphers -p 143 nethservice.nethesis.it

Starting Nmap 7.60 ( https://nmap.org ) at 2018-03-30 10:09 CEST Nmap scan report for nethservice.nethesis.it (192.168.5.252) Host is up (0.00017s latency). rDNS record for 192.168.5.252: imap.nethesis.it

PORT STATE SERVICE VERSION 143/tcp open imap Dovecot imapd | ssl-enum-ciphers: | TLSv1.0: | ciphers: | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp384r1) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: server | TLSv1.1: | ciphers: | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp384r1) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: server | TLSv1.2: | ciphers: | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp384r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp384r1) - A | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp384r1) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp384r1) - A | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp384r1) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBCSHA (rsa 2048) - A | compressors: | NULL | cipher preference: server | least strength: A

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 1.12 seconds

[gsanchietti]

Postfix is OK, but still we have many vulnerable ciphers in place. Such ciphers can't be removed because we need to support old clients.

[stephdl]

NULL should not be there IIRC can you test with testssl please @gsanchietti

[gsanchietti]

Daemons configuration is good, the UI has still a cosmetic (but misleading) issue: after changing the policy, the modification is not reflected in the page until a refresh (F5). @DavidePrincipi is already investigating, it's probably a bug inside the NethGUI framework.

[gsanchietti]

Let's stay with a safer cipher list for postfix, restricting more the list of available cipher should be well tested.

See also: https://community.nethserver.org/t/tls-policy-page/9500/2?u=giacomo

[nethbot]

in 7.4.1708/testing:

• nethserver-base-3.1.2-1.10.gceff542.ns7.noarch.rpm

[DavidePrincipi]

Packager note Add to RPM changelog

"certificate: add chain file to configuration backup" from commit https://github.com/NethServer/nethserver-base/commit/60c5d0ffbd3b11c40fb56389acf99f2714356723 by @gsanchietti

[nethbot]

in 7.4.1708/testing:

• nethserver-mail2-getmail-2.0.0-1.7.gb146064.ns7.noarch.rpm
• nethserver-mail2-server-2.0.0-1.7.gb146064.ns7.noarch.rpm
• nethserver-mail2-ipaccess-2.0.0-1.7.gb146064.ns7.noarch.rpm
• nethserver-mail2-common-2.0.0-1.7.gb146064.ns7.noarch.rpm
• nethserver-mail2-filter-2.0.0-1.7.gb146064.ns7.noarch.rpm
• nethserver-mail2-p3scan-2.0.0-1.7.gb146064.ns7.noarch.rpm

[nethbot]

in 7.4.1708/testing:

• nethserver-mail-server-ipaccess-1.11.0-1.5.g7eb0ebf.ns7.noarch.rpm
• nethserver-mail-server-1.11.0-1.5.g7eb0ebf.ns7.noarch.rpm

[gsanchietti]

Verified.

[nethbot]

in 7.4.1708/updates:

• nethserver-base-3.1.3-1.ns7.noarch.rpm

[nethbot]

in 7.4.1708/updates:

• nethserver-mail-server-1.12.0-1.ns7.noarch.rpm
• nethserver-mail-server-ipaccess-1.12.0-1.ns7.noarch.rpm

[gsanchietti]

Release of mail2 beta packages is blocked by #5437.