changeset 914:b8bc29835c9a

Use specified ciphers for outgoing STARTLS connections Perdition(8) says: --ssl_outgoing_ciphers STRING: Cipher list when making outgoing SSL or TLS connections as per ciphers(1). If empty ("") then openssl's default will be used. (default "") However, this is only the case for outgoing connections that do not use STARTTLS (the perdition terminology is confusing here, since what it calls "TLS" actually means "start as cleartext, negotiate to encrypted via STARTTLS" and what it calls "SSL" actually means "start SSL or TLS session, run service inside that"). This is a security concern because it means that perdition is not obeying the specifications of the administrator, and may accept weaker ciphersuites than instructed on its backhaul connections. Consider the case where an administrator wants to offer relatively promiscuous IMAP connections to their end users -- if the user's MUA only has some weak cipher suite or cleartext IMAP, we want to accept the weak ciphersuite as better than nothing. However, the admin's backend IMAP servers are all under her control, and she knows that they are capable of stronger ciphersuites. in this case, ssl_listen_ciphers will allow weak ciphers, and ssl_outgoing_ciphers will be strict and require high security, to at least protect the link between perdition and the backend IMAP server. However, if this outgoing connection happens to use IMAP+STARTTLS instead of IMAPS, the bug described here will offer weak ciphersuites to the backend IMAP server. This is CVE-2013-4584 This is Debian Bug #729028 Signed-off-by: Simon Horman <horms@verge.net.au>
author Daniel Kahn Gillmor <dkg@fifthhorseman.net>
date Thu, 07 Nov 2013 23:31:16 -0500
parents 384a78e5951a
children b4870012da64
files perdition/perdition.c
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/perdition/perdition.c	Fri Oct 04 11:44:06 2013 +0900
+++ b/perdition/perdition.c	Thu Nov 07 23:31:16 2013 -0500
@@ -985,7 +985,7 @@
     else if((opt.ssl_mode & SSL_MODE_TLS_OUTGOING) &&
           (status & PROTOCOL_S_STARTTLS)) {
       server_io=perdition_ssl_client_connection(server_io, opt.ssl_ca_file, 
-		      opt.ssl_ca_path, opt.ssl_listen_ciphers, servername);
+		      opt.ssl_ca_path, opt.ssl_outgoing_ciphers, servername);
       if(!server_io) {
         VANESSA_LOGGER_DEBUG("perdition_ssl_connection outgoing");
         VANESSA_LOGGER_ERR("Fatal error establishing SSL connection");