Insecure mail server configuration

Need help? Ask here.

Moderator: Moderators

Post Reply
candrews
Posts: 40
Joined: Thu Jul 24, 2008 11:50 am
Contact:

Insecure mail server configuration

Post by candrews »

I came across EFF's Encrypt the Web scorecard, and wondered how Rollernet is doing. https://www.eff.org/deeplinks/2013/11/e ... doing-what

I ran starttls.info against my domain (which uses rollernet's mail servers): https://starttls.info/check/integralblue.com

The results aren't perfect... these are the problems reported:
Anonymous Diffie-Hellman is accepted. This is suspectible to Man-in-the-Middle attacks.
Weakest accepted cipher: 0.

It seems those should be simple fixes would be awesome to have. Thanks!
Seth
Site Admin
Posts: 309
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: Insecure mail server configuration

Post by Seth »

Hmm, I don't know if that test should be taken at face value since it fails to consider at least a few things of the top of my head:

* If certificate verification occurs anonymous ciphers are automatically disabled anyway. But you can't force a remote SMTP client to check the server certificate.
* Not all SMTP servers have root-CA issued certs, there's a lot of self-signed certs out there.
* The sending server (client) can be configured to enforce higher levels of encryption itself, or mandatory TLS encryption.
* What does it mean by "Weakest accepted cipher: 0"? That we accept unencrypted connections? Forcing mandatory TLS is a non-starter of an idea on a public facing MX. If the sender requires encryption then they can configure their server for mandatory TLS encryption.

This is actually a much more complicated subject than just fixing some config lines. As a receiving server we need to be liberal in what we accept, from plain text to super-high mandatory TLS and everything in between to be compatible with the client.

I threw a quick "tail -f | grep TLS" on our mail logs and picked a few recognizable senders.

Code: Select all

Apr  4 14:38:26 mail2 postfix/smtpd[5580]: setting up TLS connection from ec2-23-21-244-60.compute-1.amazonaws.com[23.21.244.60]
Apr  4 14:38:27 mail2 postfix/smtpd[5580]: Anonymous TLS connection established from ec2-23-21-244-60.compute-1.amazonaws.com[23.21.244.60]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Here's an "anonymous" TLS connection from Amazon. But then it says "Anonymous". Well, that just means there wasn't a certificate presented to "prove" its identity. Maybe their server is not configured to ask us for our cert. But do not confuse this with an anonymous cipher ("ADH" or "AECDH") where neither the server nor the client use certificates. The client doesn't need to be configured with certs, many are not and that's OK. Our servers are, of course, configured with certificates.

Code: Select all

Apr  4 14:56:11 mail2 postfix/smtpd[542]: setting up TLS connection from mail-la0-f49.google.com[209.85.215.49]
Apr  4 14:56:11 mail2 postfix/smtpd[542]: Trusted TLS connection established from mail-la0-f49.google.com[209.85.215.49]: TLSv1 with cipher RC4-SHA (128/128 bits)
Google sent a client certificate and their cert is signed by a trusted root CA. So this TLS connection is "Trusted". But they're only negotiating RC4-SHA 128-bit. We can't force them to go higher because then it'll probably fail completely, plus Google is intentionally doing this for performance reasons. We're just following their request in negotiating encryption.

Code: Select all

Apr  4 15:01:13 mail2 postfix/smtpd[4897]: setting up TLS connection from sjc01rel03.ringcentral.com[199.255.122.43]
Apr  4 15:01:14 mail2 postfix/smtpd[4897]: Untrusted TLS connection established from sjc01rel03.ringcentral.com[199.255.122.43]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Ringcentral is could be using a self-signed or internally signed certificate (not signed by a trusted root CA). "Untrusted" also could mean expired, or needed intermediate certificates that weren't sent by the remote SMTP server, or some something else that made it unverifiable. Untrusted becomes Anonymous if they didn't present any cert.

But ultimately they're all legitimate modes and transport encrypted. So I'm kind of not really putting much faith in that test site without seeing how it works behind the scenes, especially when the sender has ultimate control over TLS negotiation (and many, like Postfix, default to negotiating higher, not lower). I could probably modify our servers to get an "A" rating, but then I suspect we would have trouble with a non-trivial amount of incoming connections or forcing them to go no encryption at all.
Seth Mattinen, Roller Network LLC
candrews
Posts: 40
Joined: Thu Jul 24, 2008 11:50 am
Contact:

Re: Insecure mail server configuration

Post by candrews »

While I definitely see your point about not understanding completely what the tests test, I think some of the guesses as to what the tests test must be incorrect. If you were correct, then major providers like gmail definitely wouldn't get A grades - but they do https://starttls.info/check/gmail.com So while I don't understand exactly what the tests says is wrong, I do thing there is something less than ideal about rollernet's security setup. (BTW I'm super impressed, as usual, with how quickly and thoroughly you responded!) Perhaps contacting the EFF is in order.
victormart
Posts: 1
Joined: Tue Apr 08, 2014 5:04 am

Re: Insecure mail server configuration

Post by victormart »

I do agree with you...They thoroughly respond and correct the actions between the providers...They are giant and graciously cope the features as well as the services... Check out their finest creation... "

EDIT: removed spamvertisement
Last edited by Seth on Tue Apr 08, 2014 11:31 pm, edited 2 times in total.
Reason: removed spamvertisement
Seth
Site Admin
Posts: 309
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: Insecure mail server configuration

Post by Seth »

I'm sure it's well within my skill to game it for a high score for the sake of test-passing, I just don't know if that's a good idea or not without further research.
Seth Mattinen, Roller Network LLC
Seth
Site Admin
Posts: 309
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: Insecure mail server configuration

Post by Seth »

Assuming it's just putting a pretty face on something like the "sslscan" tool here's a raw comparison using sslscan. But according to this we're already rejecting 0 bit stuff. Test claims otherwise. What is the test looking for then?

Code: Select all

Testing SSL server mail on port 25

  Supported Server Cipher(s):
    Failed    TLSv1  256 bits  ECDHE-RSA-AES256-GCM-SHA384
    Failed    TLSv1  256 bits  ECDHE-ECDSA-AES256-GCM-SHA384
    Failed    TLSv1  256 bits  ECDHE-RSA-AES256-SHA384
    Failed    TLSv1  256 bits  ECDHE-ECDSA-AES256-SHA384
    Rejected  TLSv1  256 bits  ECDHE-RSA-AES256-SHA
    Rejected  TLSv1  256 bits  ECDHE-ECDSA-AES256-SHA
    Rejected  TLSv1  256 bits  SRP-DSS-AES-256-CBC-SHA
    Rejected  TLSv1  256 bits  SRP-RSA-AES-256-CBC-SHA
    Failed    TLSv1  256 bits  DHE-DSS-AES256-GCM-SHA384
    Failed    TLSv1  256 bits  DHE-RSA-AES256-GCM-SHA384
    Failed    TLSv1  256 bits  DHE-RSA-AES256-SHA256
    Failed    TLSv1  256 bits  DHE-DSS-AES256-SHA256
    Accepted  TLSv1  256 bits  DHE-RSA-AES256-SHA
    Rejected  TLSv1  256 bits  DHE-DSS-AES256-SHA
    Rejected  TLSv1  256 bits  DHE-RSA-CAMELLIA256-SHA
    Rejected  TLSv1  256 bits  DHE-DSS-CAMELLIA256-SHA
    Rejected  TLSv1  256 bits  AECDH-AES256-SHA
    Rejected  TLSv1  256 bits  SRP-AES-256-CBC-SHA
    Failed    TLSv1  256 bits  ADH-AES256-GCM-SHA384
    Failed    TLSv1  256 bits  ADH-AES256-SHA256
    Rejected  TLSv1  256 bits  ADH-AES256-SHA
    Rejected  TLSv1  256 bits  ADH-CAMELLIA256-SHA
    Failed    TLSv1  256 bits  ECDH-RSA-AES256-GCM-SHA384
    Failed    TLSv1  256 bits  ECDH-ECDSA-AES256-GCM-SHA384
    Failed    TLSv1  256 bits  ECDH-RSA-AES256-SHA384
    Failed    TLSv1  256 bits  ECDH-ECDSA-AES256-SHA384
    Rejected  TLSv1  256 bits  ECDH-RSA-AES256-SHA
    Rejected  TLSv1  256 bits  ECDH-ECDSA-AES256-SHA
    Failed    TLSv1  256 bits  AES256-GCM-SHA384
    Failed    TLSv1  256 bits  AES256-SHA256
    Accepted  TLSv1  256 bits  AES256-SHA
    Rejected  TLSv1  256 bits  CAMELLIA256-SHA
    Failed    TLSv1  256 bits  PSK-AES256-CBC-SHA
    Rejected  TLSv1  168 bits  ECDHE-RSA-DES-CBC3-SHA
    Rejected  TLSv1  168 bits  ECDHE-ECDSA-DES-CBC3-SHA
    Rejected  TLSv1  168 bits  SRP-DSS-3DES-EDE-CBC-SHA
    Rejected  TLSv1  168 bits  SRP-RSA-3DES-EDE-CBC-SHA
    Accepted  TLSv1  168 bits  EDH-RSA-DES-CBC3-SHA
    Rejected  TLSv1  168 bits  EDH-DSS-DES-CBC3-SHA
    Rejected  TLSv1  168 bits  AECDH-DES-CBC3-SHA
    Rejected  TLSv1  168 bits  SRP-3DES-EDE-CBC-SHA
    Rejected  TLSv1  168 bits  ADH-DES-CBC3-SHA
    Rejected  TLSv1  168 bits  ECDH-RSA-DES-CBC3-SHA
    Rejected  TLSv1  168 bits  ECDH-ECDSA-DES-CBC3-SHA
    Accepted  TLSv1  168 bits  DES-CBC3-SHA
    Failed    TLSv1  168 bits  PSK-3DES-EDE-CBC-SHA
    Failed    TLSv1  128 bits  ECDHE-RSA-AES128-GCM-SHA256
    Failed    TLSv1  128 bits  ECDHE-ECDSA-AES128-GCM-SHA256
    Failed    TLSv1  128 bits  ECDHE-RSA-AES128-SHA256
    Failed    TLSv1  128 bits  ECDHE-ECDSA-AES128-SHA256
    Rejected  TLSv1  128 bits  ECDHE-RSA-AES128-SHA
    Rejected  TLSv1  128 bits  ECDHE-ECDSA-AES128-SHA
    Rejected  TLSv1  128 bits  SRP-DSS-AES-128-CBC-SHA
    Rejected  TLSv1  128 bits  SRP-RSA-AES-128-CBC-SHA
    Failed    TLSv1  128 bits  DHE-DSS-AES128-GCM-SHA256
    Failed    TLSv1  128 bits  DHE-RSA-AES128-GCM-SHA256
    Failed    TLSv1  128 bits  DHE-RSA-AES128-SHA256
    Failed    TLSv1  128 bits  DHE-DSS-AES128-SHA256
    Accepted  TLSv1  128 bits  DHE-RSA-AES128-SHA
    Rejected  TLSv1  128 bits  DHE-DSS-AES128-SHA
    Rejected  TLSv1  128 bits  DHE-RSA-SEED-SHA
    Rejected  TLSv1  128 bits  DHE-DSS-SEED-SHA
    Rejected  TLSv1  128 bits  DHE-RSA-CAMELLIA128-SHA
    Rejected  TLSv1  128 bits  DHE-DSS-CAMELLIA128-SHA
    Rejected  TLSv1  128 bits  AECDH-AES128-SHA
    Rejected  TLSv1  128 bits  SRP-AES-128-CBC-SHA
    Failed    TLSv1  128 bits  ADH-AES128-GCM-SHA256
    Failed    TLSv1  128 bits  ADH-AES128-SHA256
    Rejected  TLSv1  128 bits  ADH-AES128-SHA
    Rejected  TLSv1  128 bits  ADH-SEED-SHA
    Rejected  TLSv1  128 bits  ADH-CAMELLIA128-SHA
    Failed    TLSv1  128 bits  ECDH-RSA-AES128-GCM-SHA256
    Failed    TLSv1  128 bits  ECDH-ECDSA-AES128-GCM-SHA256
    Failed    TLSv1  128 bits  ECDH-RSA-AES128-SHA256
    Failed    TLSv1  128 bits  ECDH-ECDSA-AES128-SHA256
    Rejected  TLSv1  128 bits  ECDH-RSA-AES128-SHA
    Rejected  TLSv1  128 bits  ECDH-ECDSA-AES128-SHA
    Failed    TLSv1  128 bits  AES128-GCM-SHA256
    Failed    TLSv1  128 bits  AES128-SHA256
    Accepted  TLSv1  128 bits  AES128-SHA
    Rejected  TLSv1  128 bits  SEED-SHA
    Rejected  TLSv1  128 bits  CAMELLIA128-SHA
    Failed    TLSv1  128 bits  PSK-AES128-CBC-SHA
    Rejected  TLSv1  128 bits  ECDHE-RSA-RC4-SHA
    Rejected  TLSv1  128 bits  ECDHE-ECDSA-RC4-SHA
    Rejected  TLSv1  128 bits  AECDH-RC4-SHA
    Rejected  TLSv1  128 bits  ADH-RC4-MD5
    Rejected  TLSv1  128 bits  ECDH-RSA-RC4-SHA
    Rejected  TLSv1  128 bits  ECDH-ECDSA-RC4-SHA
    Accepted  TLSv1  128 bits  RC4-SHA
    Accepted  TLSv1  128 bits  RC4-MD5
    Failed    TLSv1  128 bits  PSK-RC4-SHA
    Accepted  TLSv1  56 bits   EDH-RSA-DES-CBC-SHA
    Rejected  TLSv1  56 bits   EDH-DSS-DES-CBC-SHA
    Rejected  TLSv1  56 bits   ADH-DES-CBC-SHA
    Accepted  TLSv1  56 bits   DES-CBC-SHA
    Accepted  TLSv1  40 bits   EXP-EDH-RSA-DES-CBC-SHA
    Rejected  TLSv1  40 bits   EXP-EDH-DSS-DES-CBC-SHA
    Rejected  TLSv1  40 bits   EXP-ADH-DES-CBC-SHA
    Accepted  TLSv1  40 bits   EXP-DES-CBC-SHA
    Accepted  TLSv1  40 bits   EXP-RC2-CBC-MD5
    Rejected  TLSv1  40 bits   EXP-ADH-RC4-MD5
    Accepted  TLSv1  40 bits   EXP-RC4-MD5
    Rejected  TLSv1  0 bits    ECDHE-RSA-NULL-SHA
    Rejected  TLSv1  0 bits    ECDHE-ECDSA-NULL-SHA
    Rejected  TLSv1  0 bits    AECDH-NULL-SHA
    Rejected  TLSv1  0 bits    ECDH-RSA-NULL-SHA
    Rejected  TLSv1  0 bits    ECDH-ECDSA-NULL-SHA
    Failed    TLSv1  0 bits    NULL-SHA256
    Rejected  TLSv1  0 bits    NULL-SHA
    Rejected  TLSv1  0 bits    NULL-MD5

  Prefered Server Cipher(s):
    TLSv1  256 bits  DHE-RSA-AES256-SHA

Code: Select all

Testing SSL server gmail-smtp-in.l.google.com on port 25

  Supported Server Cipher(s):
    Failed    TLSv1  256 bits  ECDHE-RSA-AES256-GCM-SHA384
    Failed    TLSv1  256 bits  ECDHE-ECDSA-AES256-GCM-SHA384
    Failed    TLSv1  256 bits  ECDHE-RSA-AES256-SHA384
    Failed    TLSv1  256 bits  ECDHE-ECDSA-AES256-SHA384
    Accepted  TLSv1  256 bits  ECDHE-RSA-AES256-SHA
    Rejected  TLSv1  256 bits  ECDHE-ECDSA-AES256-SHA
    Rejected  TLSv1  256 bits  SRP-DSS-AES-256-CBC-SHA
    Rejected  TLSv1  256 bits  SRP-RSA-AES-256-CBC-SHA
    Failed    TLSv1  256 bits  DHE-DSS-AES256-GCM-SHA384
    Failed    TLSv1  256 bits  DHE-RSA-AES256-GCM-SHA384
    Failed    TLSv1  256 bits  DHE-RSA-AES256-SHA256
    Failed    TLSv1  256 bits  DHE-DSS-AES256-SHA256
    Rejected  TLSv1  256 bits  DHE-RSA-AES256-SHA
    Rejected  TLSv1  256 bits  DHE-DSS-AES256-SHA
    Rejected  TLSv1  256 bits  DHE-RSA-CAMELLIA256-SHA
    Rejected  TLSv1  256 bits  DHE-DSS-CAMELLIA256-SHA
    Rejected  TLSv1  256 bits  AECDH-AES256-SHA
    Rejected  TLSv1  256 bits  SRP-AES-256-CBC-SHA
    Failed    TLSv1  256 bits  ADH-AES256-GCM-SHA384
    Failed    TLSv1  256 bits  ADH-AES256-SHA256
    Rejected  TLSv1  256 bits  ADH-AES256-SHA
    Rejected  TLSv1  256 bits  ADH-CAMELLIA256-SHA
    Failed    TLSv1  256 bits  ECDH-RSA-AES256-GCM-SHA384
    Failed    TLSv1  256 bits  ECDH-ECDSA-AES256-GCM-SHA384
    Failed    TLSv1  256 bits  ECDH-RSA-AES256-SHA384
    Failed    TLSv1  256 bits  ECDH-ECDSA-AES256-SHA384
    Rejected  TLSv1  256 bits  ECDH-RSA-AES256-SHA
    Rejected  TLSv1  256 bits  ECDH-ECDSA-AES256-SHA
    Failed    TLSv1  256 bits  AES256-GCM-SHA384
    Failed    TLSv1  256 bits  AES256-SHA256
    Accepted  TLSv1  256 bits  AES256-SHA
    Rejected  TLSv1  256 bits  CAMELLIA256-SHA
    Failed    TLSv1  256 bits  PSK-AES256-CBC-SHA
    Rejected  TLSv1  168 bits  ECDHE-RSA-DES-CBC3-SHA
    Rejected  TLSv1  168 bits  ECDHE-ECDSA-DES-CBC3-SHA
    Rejected  TLSv1  168 bits  SRP-DSS-3DES-EDE-CBC-SHA
    Rejected  TLSv1  168 bits  SRP-RSA-3DES-EDE-CBC-SHA
    Rejected  TLSv1  168 bits  EDH-RSA-DES-CBC3-SHA
    Rejected  TLSv1  168 bits  EDH-DSS-DES-CBC3-SHA
    Rejected  TLSv1  168 bits  AECDH-DES-CBC3-SHA
    Rejected  TLSv1  168 bits  SRP-3DES-EDE-CBC-SHA
    Rejected  TLSv1  168 bits  ADH-DES-CBC3-SHA
    Rejected  TLSv1  168 bits  ECDH-RSA-DES-CBC3-SHA
    Rejected  TLSv1  168 bits  ECDH-ECDSA-DES-CBC3-SHA
    Accepted  TLSv1  168 bits  DES-CBC3-SHA
    Failed    TLSv1  168 bits  PSK-3DES-EDE-CBC-SHA
    Failed    TLSv1  128 bits  ECDHE-RSA-AES128-GCM-SHA256
    Failed    TLSv1  128 bits  ECDHE-ECDSA-AES128-GCM-SHA256
    Failed    TLSv1  128 bits  ECDHE-RSA-AES128-SHA256
    Failed    TLSv1  128 bits  ECDHE-ECDSA-AES128-SHA256
    Accepted  TLSv1  128 bits  ECDHE-RSA-AES128-SHA
    Rejected  TLSv1  128 bits  ECDHE-ECDSA-AES128-SHA
    Rejected  TLSv1  128 bits  SRP-DSS-AES-128-CBC-SHA
    Rejected  TLSv1  128 bits  SRP-RSA-AES-128-CBC-SHA
    Failed    TLSv1  128 bits  DHE-DSS-AES128-GCM-SHA256
    Failed    TLSv1  128 bits  DHE-RSA-AES128-GCM-SHA256
    Failed    TLSv1  128 bits  DHE-RSA-AES128-SHA256
    Failed    TLSv1  128 bits  DHE-DSS-AES128-SHA256
    Rejected  TLSv1  128 bits  DHE-RSA-AES128-SHA
    Rejected  TLSv1  128 bits  DHE-DSS-AES128-SHA
    Rejected  TLSv1  128 bits  DHE-RSA-SEED-SHA
    Rejected  TLSv1  128 bits  DHE-DSS-SEED-SHA
    Rejected  TLSv1  128 bits  DHE-RSA-CAMELLIA128-SHA
    Rejected  TLSv1  128 bits  DHE-DSS-CAMELLIA128-SHA
    Rejected  TLSv1  128 bits  AECDH-AES128-SHA
    Rejected  TLSv1  128 bits  SRP-AES-128-CBC-SHA
    Failed    TLSv1  128 bits  ADH-AES128-GCM-SHA256
    Failed    TLSv1  128 bits  ADH-AES128-SHA256
    Rejected  TLSv1  128 bits  ADH-AES128-SHA
    Rejected  TLSv1  128 bits  ADH-SEED-SHA
    Rejected  TLSv1  128 bits  ADH-CAMELLIA128-SHA
    Failed    TLSv1  128 bits  ECDH-RSA-AES128-GCM-SHA256
    Failed    TLSv1  128 bits  ECDH-ECDSA-AES128-GCM-SHA256
    Failed    TLSv1  128 bits  ECDH-RSA-AES128-SHA256
    Failed    TLSv1  128 bits  ECDH-ECDSA-AES128-SHA256
    Rejected  TLSv1  128 bits  ECDH-RSA-AES128-SHA
    Rejected  TLSv1  128 bits  ECDH-ECDSA-AES128-SHA
    Failed    TLSv1  128 bits  AES128-GCM-SHA256
    Failed    TLSv1  128 bits  AES128-SHA256
    Accepted  TLSv1  128 bits  AES128-SHA
    Rejected  TLSv1  128 bits  SEED-SHA
    Rejected  TLSv1  128 bits  CAMELLIA128-SHA
    Failed    TLSv1  128 bits  PSK-AES128-CBC-SHA
    Accepted  TLSv1  128 bits  ECDHE-RSA-RC4-SHA
    Rejected  TLSv1  128 bits  ECDHE-ECDSA-RC4-SHA
    Rejected  TLSv1  128 bits  AECDH-RC4-SHA
    Rejected  TLSv1  128 bits  ADH-RC4-MD5
    Rejected  TLSv1  128 bits  ECDH-RSA-RC4-SHA
    Rejected  TLSv1  128 bits  ECDH-ECDSA-RC4-SHA
    Accepted  TLSv1  128 bits  RC4-SHA
    Accepted  TLSv1  128 bits  RC4-MD5
    Failed    TLSv1  128 bits  PSK-RC4-SHA
    Rejected  TLSv1  56 bits   EDH-RSA-DES-CBC-SHA
    Rejected  TLSv1  56 bits   EDH-DSS-DES-CBC-SHA
    Rejected  TLSv1  56 bits   ADH-DES-CBC-SHA
    Rejected  TLSv1  56 bits   DES-CBC-SHA
    Rejected  TLSv1  40 bits   EXP-EDH-RSA-DES-CBC-SHA
    Rejected  TLSv1  40 bits   EXP-EDH-DSS-DES-CBC-SHA
    Rejected  TLSv1  40 bits   EXP-ADH-DES-CBC-SHA
    Rejected  TLSv1  40 bits   EXP-DES-CBC-SHA
    Rejected  TLSv1  40 bits   EXP-RC2-CBC-MD5
    Rejected  TLSv1  40 bits   EXP-ADH-RC4-MD5
    Rejected  TLSv1  40 bits   EXP-RC4-MD5
    Rejected  TLSv1  0 bits    ECDHE-RSA-NULL-SHA
    Rejected  TLSv1  0 bits    ECDHE-ECDSA-NULL-SHA
    Rejected  TLSv1  0 bits    AECDH-NULL-SHA
    Rejected  TLSv1  0 bits    ECDH-RSA-NULL-SHA
    Rejected  TLSv1  0 bits    ECDH-ECDSA-NULL-SHA
    Failed    TLSv1  0 bits    NULL-SHA256
    Rejected  TLSv1  0 bits    NULL-SHA
    Rejected  TLSv1  0 bits    NULL-MD5

  Prefered Server Cipher(s):
    TLSv1  128 bits  ECDHE-RSA-RC4-SHA
I did manage to make the tester error out though. I assure you we are not rejecting STARTTLS. And I only made changes to one of them, not both. Honestly, my faith in this test tool keeps decreasing the more I try to figure it out.
Attachments
Screen Shot 2014-04-08 at 11.04.31 PM.png
Seth Mattinen, Roller Network LLC
Seth
Site Admin
Posts: 309
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: Insecure mail server configuration

Post by Seth »

Here's another cipher comparison using the following script:

Code: Select all

SERVER=$1
ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g')

echo Obtaining cipher list from $(openssl version).

for cipher in ${ciphers[@]}
do
echo -n Testing $cipher...
result=$(echo -n | openssl s_client -cipher "$cipher" -connect $SERVER -starttls smtp 2>&1)
if [[ "$result" =~ "Cipher is ${cipher}" ]] ; then
  echo YES
else
  if [[ "$result" =~ ":error:" ]] ; then
    error=$(echo -n $result | cut -d':' -f6)
    echo NO \($error\)
  else
    echo UNKNOWN RESPONSE
    echo $result
  fi
fi
done

Code: Select all

sethm@whiskers:~$ bash ssltest.sh mail:25
Obtaining cipher list from OpenSSL 1.0.1e 11 Feb 2013.
Testing ECDHE-RSA-AES256-GCM-SHA384...NO (ssl handshake failure)
Testing ECDHE-ECDSA-AES256-GCM-SHA384...NO (ssl handshake failure)
Testing ECDHE-RSA-AES256-SHA384...NO (ssl handshake failure)
Testing ECDHE-ECDSA-AES256-SHA384...NO (ssl handshake failure)
Testing ECDHE-RSA-AES256-SHA...NO (ssl handshake failure)
Testing ECDHE-ECDSA-AES256-SHA...NO (ssl handshake failure)
Testing SRP-DSS-AES-256-CBC-SHA...NO (ssl handshake failure)
Testing SRP-RSA-AES-256-CBC-SHA...NO (ssl handshake failure)
Testing DHE-DSS-AES256-GCM-SHA384...NO (ssl handshake failure)
Testing DHE-RSA-AES256-GCM-SHA384...NO (ssl handshake failure)
Testing DHE-RSA-AES256-SHA256...NO (ssl handshake failure)
Testing DHE-DSS-AES256-SHA256...NO (ssl handshake failure)
Testing DHE-RSA-AES256-SHA...YES
Testing DHE-DSS-AES256-SHA...NO (ssl handshake failure)
Testing DHE-RSA-CAMELLIA256-SHA...NO (ssl handshake failure)
Testing DHE-DSS-CAMELLIA256-SHA...NO (ssl handshake failure)
Testing AECDH-AES256-SHA...NO (ssl handshake failure)
Testing SRP-AES-256-CBC-SHA...NO (ssl handshake failure)
Testing ADH-AES256-GCM-SHA384...NO (ssl handshake failure)
Testing ADH-AES256-SHA256...NO (ssl handshake failure)
Testing ADH-AES256-SHA...NO (ssl handshake failure)
Testing ADH-CAMELLIA256-SHA...NO (ssl handshake failure)
Testing ECDH-RSA-AES256-GCM-SHA384...NO (ssl handshake failure)
Testing ECDH-ECDSA-AES256-GCM-SHA384...NO (ssl handshake failure)
Testing ECDH-RSA-AES256-SHA384...NO (ssl handshake failure)
Testing ECDH-ECDSA-AES256-SHA384...NO (ssl handshake failure)
Testing ECDH-RSA-AES256-SHA...NO (ssl handshake failure)
Testing ECDH-ECDSA-AES256-SHA...NO (ssl handshake failure)
Testing AES256-GCM-SHA384...NO (ssl handshake failure)
Testing AES256-SHA256...NO (ssl handshake failure)
Testing AES256-SHA...YES
Testing CAMELLIA256-SHA...NO (ssl handshake failure)
Testing PSK-AES256-CBC-SHA...NO (no ciphers available)
Testing ECDHE-RSA-DES-CBC3-SHA...NO (ssl handshake failure)
Testing ECDHE-ECDSA-DES-CBC3-SHA...NO (ssl handshake failure)
Testing SRP-DSS-3DES-EDE-CBC-SHA...NO (ssl handshake failure)
Testing SRP-RSA-3DES-EDE-CBC-SHA...NO (ssl handshake failure)
Testing EDH-RSA-DES-CBC3-SHA...YES
Testing EDH-DSS-DES-CBC3-SHA...NO (ssl handshake failure)
Testing AECDH-DES-CBC3-SHA...NO (ssl handshake failure)
Testing SRP-3DES-EDE-CBC-SHA...NO (ssl handshake failure)
Testing ADH-DES-CBC3-SHA...NO (ssl handshake failure)
Testing ECDH-RSA-DES-CBC3-SHA...NO (ssl handshake failure)
Testing ECDH-ECDSA-DES-CBC3-SHA...NO (ssl handshake failure)
Testing DES-CBC3-SHA...YES
Testing PSK-3DES-EDE-CBC-SHA...NO (no ciphers available)
Testing ECDHE-RSA-AES128-GCM-SHA256...NO (ssl handshake failure)
Testing ECDHE-ECDSA-AES128-GCM-SHA256...NO (ssl handshake failure)
Testing ECDHE-RSA-AES128-SHA256...NO (ssl handshake failure)
Testing ECDHE-ECDSA-AES128-SHA256...NO (ssl handshake failure)
Testing ECDHE-RSA-AES128-SHA...NO (ssl handshake failure)
Testing ECDHE-ECDSA-AES128-SHA...NO (ssl handshake failure)
Testing SRP-DSS-AES-128-CBC-SHA...NO (ssl handshake failure)
Testing SRP-RSA-AES-128-CBC-SHA...NO (ssl handshake failure)
Testing DHE-DSS-AES128-GCM-SHA256...NO (ssl handshake failure)
Testing DHE-RSA-AES128-GCM-SHA256...NO (ssl handshake failure)
Testing DHE-RSA-AES128-SHA256...NO (ssl handshake failure)
Testing DHE-DSS-AES128-SHA256...NO (ssl handshake failure)
Testing DHE-RSA-AES128-SHA...YES
Testing DHE-DSS-AES128-SHA...NO (ssl handshake failure)
Testing DHE-RSA-SEED-SHA...NO (ssl handshake failure)
Testing DHE-DSS-SEED-SHA...NO (ssl handshake failure)
Testing DHE-RSA-CAMELLIA128-SHA...NO (ssl handshake failure)
Testing DHE-DSS-CAMELLIA128-SHA...NO (ssl handshake failure)
Testing AECDH-AES128-SHA...NO (ssl handshake failure)
Testing SRP-AES-128-CBC-SHA...NO (ssl handshake failure)
Testing ADH-AES128-GCM-SHA256...NO (ssl handshake failure)
Testing ADH-AES128-SHA256...NO (ssl handshake failure)
Testing ADH-AES128-SHA...NO (ssl handshake failure)
Testing ADH-SEED-SHA...NO (ssl handshake failure)
Testing ADH-CAMELLIA128-SHA...NO (ssl handshake failure)
Testing ECDH-RSA-AES128-GCM-SHA256...NO (ssl handshake failure)
Testing ECDH-ECDSA-AES128-GCM-SHA256...NO (ssl handshake failure)
Testing ECDH-RSA-AES128-SHA256...NO (ssl handshake failure)
Testing ECDH-ECDSA-AES128-SHA256...NO (ssl handshake failure)
Testing ECDH-RSA-AES128-SHA...NO (ssl handshake failure)
Testing ECDH-ECDSA-AES128-SHA...NO (ssl handshake failure)
Testing AES128-GCM-SHA256...NO (ssl handshake failure)
Testing AES128-SHA256...NO (ssl handshake failure)
Testing AES128-SHA...YES
Testing SEED-SHA...NO (ssl handshake failure)
Testing CAMELLIA128-SHA...NO (ssl handshake failure)
Testing PSK-AES128-CBC-SHA...NO (no ciphers available)
Testing ECDHE-RSA-RC4-SHA...NO (ssl handshake failure)
Testing ECDHE-ECDSA-RC4-SHA...NO (ssl handshake failure)
Testing AECDH-RC4-SHA...NO (ssl handshake failure)
Testing ADH-RC4-MD5...NO (ssl handshake failure)
Testing ECDH-RSA-RC4-SHA...NO (ssl handshake failure)
Testing ECDH-ECDSA-RC4-SHA...NO (ssl handshake failure)
Testing RC4-SHA...YES
Testing RC4-MD5...YES
Testing PSK-RC4-SHA...NO (no ciphers available)
Testing EDH-RSA-DES-CBC-SHA...NO (ssl handshake failure)
Testing EDH-DSS-DES-CBC-SHA...NO (ssl handshake failure)
Testing ADH-DES-CBC-SHA...NO (ssl handshake failure)
Testing DES-CBC-SHA...NO (ssl handshake failure)
Testing EXP-EDH-RSA-DES-CBC-SHA...NO (ssl handshake failure)
Testing EXP-EDH-DSS-DES-CBC-SHA...NO (ssl handshake failure)
Testing EXP-ADH-DES-CBC-SHA...NO (ssl handshake failure)
Testing EXP-DES-CBC-SHA...NO (ssl handshake failure)
Testing EXP-RC2-CBC-MD5...NO (ssl handshake failure)
Testing EXP-ADH-RC4-MD5...NO (ssl handshake failure)
Testing EXP-RC4-MD5...NO (ssl handshake failure)
Testing ECDHE-RSA-NULL-SHA...NO (ssl handshake failure)
Testing ECDHE-ECDSA-NULL-SHA...NO (ssl handshake failure)
Testing AECDH-NULL-SHA...NO (ssl handshake failure)
Testing ECDH-RSA-NULL-SHA...NO (ssl handshake failure)
Testing ECDH-ECDSA-NULL-SHA...NO (ssl handshake failure)
Testing NULL-SHA256...NO (ssl handshake failure)
Testing NULL-SHA...NO (ssl handshake failure)
Testing NULL-MD5...NO (ssl handshake failure)

Code: Select all

sethm@whiskers:~$ bash ssltest.sh gmail-smtp-in.l.google.com:25
Obtaining cipher list from OpenSSL 1.0.1e 11 Feb 2013.
Testing ECDHE-RSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES256-SHA384...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-AES256-SHA384...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES256-SHA...YES
Testing ECDHE-ECDSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing SRP-DSS-AES-256-CBC-SHA...NO (sslv3 alert handshake failure)
Testing SRP-RSA-AES-256-CBC-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES256-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-AES256-SHA...NO (sslv3 alert handshake failure)
Testing SRP-AES-256-CBC-SHA...NO (sslv3 alert handshake failure)
Testing ADH-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing ADH-AES256-SHA256...NO (sslv3 alert handshake failure)
Testing ADH-AES256-SHA...NO (sslv3 alert handshake failure)
Testing ADH-CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-AES256-SHA384...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-AES256-SHA384...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing AES256-SHA256...NO (sslv3 alert handshake failure)
Testing AES256-SHA...YES
Testing CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing PSK-AES256-CBC-SHA...NO (no ciphers available)
Testing ECDHE-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing SRP-DSS-3DES-EDE-CBC-SHA...NO (sslv3 alert handshake failure)
Testing SRP-RSA-3DES-EDE-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EDH-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing EDH-DSS-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing SRP-3DES-EDE-CBC-SHA...NO (sslv3 alert handshake failure)
Testing ADH-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing DES-CBC3-SHA...YES
Testing PSK-3DES-EDE-CBC-SHA...NO (no ciphers available)
Testing ECDHE-RSA-AES128-GCM-SHA256...YES
Testing ECDHE-ECDSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES128-SHA...YES
Testing ECDHE-ECDSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing SRP-DSS-AES-128-CBC-SHA...NO (sslv3 alert handshake failure)
Testing SRP-RSA-AES-128-CBC-SHA...NO (ssl handshake failure)
Testing DHE-DSS-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-SEED-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-SEED-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-AES128-SHA...NO (sslv3 alert handshake failure)
Testing SRP-AES-128-CBC-SHA...NO (sslv3 alert handshake failure)
Testing ADH-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ADH-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ADH-AES128-SHA...NO (sslv3 alert handshake failure)
Testing ADH-SEED-SHA...NO (sslv3 alert handshake failure)
Testing ADH-CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing AES128-GCM-SHA256...YES
Testing AES128-SHA256...NO (sslv3 alert handshake failure)
Testing AES128-SHA...YES
Testing SEED-SHA...NO (sslv3 alert handshake failure)
Testing CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing PSK-AES128-CBC-SHA...NO (no ciphers available)
Testing ECDHE-RSA-RC4-SHA...YES
Testing ECDHE-ECDSA-RC4-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-RC4-SHA...NO (sslv3 alert handshake failure)
Testing ADH-RC4-MD5...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-RC4-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-RC4-SHA...NO (sslv3 alert handshake failure)
Testing RC4-SHA...YES
Testing RC4-MD5...YES
Testing PSK-RC4-SHA...NO (no ciphers available)
Testing EDH-RSA-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EDH-DSS-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing ADH-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EXP-EDH-RSA-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EXP-EDH-DSS-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EXP-ADH-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EXP-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EXP-RC2-CBC-MD5...NO (sslv3 alert handshake failure)
Testing EXP-ADH-RC4-MD5...NO (sslv3 alert handshake failure)
Testing EXP-RC4-MD5...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-NULL-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-NULL-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-NULL-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-NULL-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-NULL-SHA...NO (sslv3 alert handshake failure)
Testing NULL-SHA256...NO (sslv3 alert handshake failure)
Testing NULL-SHA...NO (sslv3 alert handshake failure)
Testing NULL-MD5...NO (sslv3 alert handshake failure)
This is after changing our server to not offer the lower-bit ciphers like 56 and 40.
Seth Mattinen, Roller Network LLC
Seth
Site Admin
Posts: 309
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: Insecure mail server configuration

Post by Seth »

And here's me trying to actually connect with a null cipher that the test claims is being accepted and graded down on:

Forcing openssl client to only use a specified cipher:

Code: Select all

sethm@whiskers:~$ openssl s_client -cipher "NULL-SHA256" -connect mail.rollernet.us:25 -starttls smtp
CONNECTED(00000003)
139913780999848:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 208 bytes and written 137 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
Connection failed, as expected. The "sslscan" output above said as much.

Debug output on the server side:

Code: Select all

Apr  8 23:36:50 mail postfix/smtpd[27280]: connect from whiskers.rollernet.us[208.79.242.34]
Apr  8 23:36:50 mail postfix/smtpd[27280]: setting up TLS connection from whiskers.rollernet.us[208.79.242.34]
Apr  8 23:36:50 mail postfix/smtpd[27280]: whiskers.rollernet.us[208.79.242.34]: TLS cipher list "ALL:!EXPORT:!LOW:+RC4:@STRENGTH:!aNULL"
Apr  8 23:36:50 mail postfix/smtpd[27280]: SSL_accept:before/accept initialization
Apr  8 23:36:50 mail postfix/smtpd[27280]: SSL3 alert write:fatal:handshake failure
Apr  8 23:36:50 mail postfix/smtpd[27280]: SSL_accept:error in SSLv3 read client hello C
Apr  8 23:36:50 mail postfix/smtpd[27280]: SSL_accept error from whiskers.rollernet.us[208.79.242.34]: -1
Apr  8 23:36:50 mail postfix/smtpd[27280]: warning: TLS library problem: 27280:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1087:
Apr  8 23:36:50 mail postfix/smtpd[27280]: lost connection after STARTTLS from whiskers.rollernet.us[208.79.242.34]
Apr  8 23:36:50 mail postfix/smtpd[27280]: disconnect from whiskers.rollernet.us[208.79.242.34]
Note how it failed with "no shared cipher". Basically this means that because our server will not accept NULL-SHA256" but that's all the connecting client supported, the connection failed to negotiate.

Going back and picking out the ADH ciphers for both us and Google show all failed/rejected:

Code: Select all

sethm@whiskers:~$ grep ADH sslscan_mail 
    Failed    TLSv1  256 bits  ADH-AES256-GCM-SHA384
    Failed    TLSv1  256 bits  ADH-AES256-SHA256
    Rejected  TLSv1  256 bits  ADH-AES256-SHA
    Rejected  TLSv1  256 bits  ADH-CAMELLIA256-SHA
    Rejected  TLSv1  168 bits  ADH-DES-CBC3-SHA
    Failed    TLSv1  128 bits  ADH-AES128-GCM-SHA256
    Failed    TLSv1  128 bits  ADH-AES128-SHA256
    Rejected  TLSv1  128 bits  ADH-AES128-SHA
    Rejected  TLSv1  128 bits  ADH-SEED-SHA
    Rejected  TLSv1  128 bits  ADH-CAMELLIA128-SHA
    Rejected  TLSv1  128 bits  ADH-RC4-MD5
    Rejected  TLSv1  56 bits   ADH-DES-CBC-SHA
    Rejected  TLSv1  40 bits   EXP-ADH-DES-CBC-SHA
    Rejected  TLSv1  40 bits   EXP-ADH-RC4-MD5

sethm@whiskers:~$ grep ADH ssltest_mail
Testing ADH-AES256-GCM-SHA384...NO (ssl handshake failure)
Testing ADH-AES256-SHA256...NO (ssl handshake failure)
Testing ADH-AES256-SHA...NO (ssl handshake failure)
Testing ADH-CAMELLIA256-SHA...NO (ssl handshake failure)
Testing ADH-DES-CBC3-SHA...NO (ssl handshake failure)
Testing ADH-AES128-GCM-SHA256...NO (ssl handshake failure)
Testing ADH-AES128-SHA256...NO (ssl handshake failure)
Testing ADH-AES128-SHA...NO (ssl handshake failure)
Testing ADH-SEED-SHA...NO (ssl handshake failure)
Testing ADH-CAMELLIA128-SHA...NO (ssl handshake failure)
Testing ADH-RC4-MD5...NO (ssl handshake failure)
Testing ADH-DES-CBC-SHA...NO (ssl handshake failure)
Testing EXP-ADH-DES-CBC-SHA...NO (ssl handshake failure)
Testing EXP-ADH-RC4-MD5...NO (ssl handshake failure)

Code: Select all

sethm@whiskers:~$ grep ADH sslscan_google
    Failed    TLSv1  256 bits  ADH-AES256-GCM-SHA384
    Failed    TLSv1  256 bits  ADH-AES256-SHA256
    Rejected  TLSv1  256 bits  ADH-AES256-SHA
    Rejected  TLSv1  256 bits  ADH-CAMELLIA256-SHA
    Rejected  TLSv1  168 bits  ADH-DES-CBC3-SHA
    Failed    TLSv1  128 bits  ADH-AES128-GCM-SHA256
    Failed    TLSv1  128 bits  ADH-AES128-SHA256
    Rejected  TLSv1  128 bits  ADH-AES128-SHA
    Rejected  TLSv1  128 bits  ADH-SEED-SHA
    Rejected  TLSv1  128 bits  ADH-CAMELLIA128-SHA
    Rejected  TLSv1  128 bits  ADH-RC4-MD5
    Rejected  TLSv1  56 bits   ADH-DES-CBC-SHA
    Rejected  TLSv1  40 bits   EXP-ADH-DES-CBC-SHA
    Rejected  TLSv1  40 bits   EXP-ADH-RC4-MD5

sethm@whiskers:~$ grep ADH ssltest_google 
Testing ADH-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing ADH-AES256-SHA256...NO (sslv3 alert handshake failure)
Testing ADH-AES256-SHA...NO (sslv3 alert handshake failure)
Testing ADH-CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing ADH-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ADH-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ADH-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ADH-AES128-SHA...NO (sslv3 alert handshake failure)
Testing ADH-SEED-SHA...NO (sslv3 alert handshake failure)
Testing ADH-CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing ADH-RC4-MD5...NO (sslv3 alert handshake failure)
Testing ADH-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EXP-ADH-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EXP-ADH-RC4-MD5...NO (sslv3 alert handshake failure)
I am unsure why Rollernet was graded down for this but Google was not when it appears similar.

These are all tests anyone can run using the openssl client tools, so if I've missed something stupidly obvious to a crypto-geek (which I admit I am not) please feel free to correct me.
Seth Mattinen, Roller Network LLC
Seth
Site Admin
Posts: 309
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: Insecure mail server configuration

Post by Seth »

I still get "rejected" from that online test after giving it a break.
Seth Mattinen, Roller Network LLC
Seth
Site Admin
Posts: 309
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: Insecure mail server configuration

Post by Seth »

I finally figured out the issue: the test sites blow through SMTP rate limits like crazy creating and dropping connections rapidly, so they quickly overran the rate limits for any sane client and our servers would fail the connections halfway through the test sequence. I added the test source IP address for starttls.info and it shows passing instead of error.
Seth Mattinen, Roller Network LLC
Post Reply