Re: Strech verweigert E-Mails

To: debian-user-german@lists.debian.org
Subject: Re: Strech verweigert E-Mails
From: Sven Hartge <sven@svenhartge.de>
Date: Tue, 11 Jul 2017 13:52:40 +0200
Message-id: <[🔎] 0dl52nmotf0v8@mids.svenhartge.de>
References: <[🔎] 20170710173405.1470.qmail@mail.vege.net> <[🔎] 20170711084538.tnkngn3u3sg3roua@jumper.schlittermann.de> <[🔎] 53f299eb-c49e-cf2e-6e7f-d04fed533683@o-h-z.de> <[🔎] 2aef9293-d135-612a-d577-8154799c4795@chemie.uni-hamburg.de> <[🔎] d5074d8b-3ed9-1e30-b461-ce5f3a3c5502@o-h-z.de> <[🔎] 4a21b7aa-f4ec-d4b9-2a67-efa60d76a6d0@gmx.net> <[🔎] 20170711100558.3requrkf7gdxer3l@jumper.schlittermann.de> <[🔎] 20170711101605.4ejiwhzunbwl2h3b@jumper.schlittermann.de>

Heiko Schlittermann <hs@schlittermann.de> wrote:

> Aber, ich denke, der Provider ist vielleicht nicht ganz unschuldig:

Es ist noch viel viel schlimmer, Prüfung via testssl.sh:

,----
|  Testing protocols (via sockets except TLS 1.2, SPDY+HTTP2) 
|
|  SSLv2               offered (NOT ok), also VULNERABLE to DROWN attack -- 7 ciphers
|  SSLv3               offered (NOT ok)
|  TLS 1               offered
|  TLS 1.1             not offered
|  TLS 1.2             not offered
|  Version tolerance   downgraded to TLSv1.0 (OK)
`----

Autsch.

,----
|  Testing server preferences 
|
|  Has server cipher order?     nope (NOT ok)
|  Negotiated protocol          TLSv1
|  Negotiated cipher            RC4-SHA (limited sense as client will pick)
|  Negotiated cipher per proto  (limited sense as client will pick)
|      RC2-CBC-MD5:                   SSLv2
|      RC4-SHA:                       SSLv3, TLSv1
|  No further cipher order check has been done as order is determined by the client
`----

Oh Gott.

,----
|  Testing vulnerabilities 
|
|  Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension
|  CCS (CVE-2014-0224)                       VULNERABLE (NOT ok)
|  Secure Renegotiation (CVE-2009-3555)      VULNERABLE (NOT ok)
|  Secure Client-Initiated Renegotiation     VULNERABLE (NOT ok), potential DoS threat
|  CRIME, TLS (CVE-2012-4929)                not vulnerable (OK) (not using HTTP anyway)
|  POODLE, SSL (CVE-2014-3566)               VULNERABLE (NOT ok), uses SSLv3+CBC (check TLS_FALLBACK_SCSV mitigation below)
|  TLS_FALLBACK_SCSV (RFC 7507),             Downgrade attack prevention NOT supported
|  FREAK (CVE-2015-0204)                     VULNERABLE (NOT ok), uses EXPORT RSA ciphers
|  DROWN (2016-0800, CVE-2016-0703)          VULNERABLE (NOT ok), SSLv2 offered with 7 ciphers
|  LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK), common primes not checked. See below for any DH ciphers + bit size
|  BEAST (CVE-2011-3389)                     SSL3: DES-CBC-SHA DES-CBC3-SHA
|                                                  EXP1024-DES-CBC-SHA
|                                            TLS1: DES-CBC-SHA DES-CBC3-SHA
|                                                  EXP1024-DES-CBC-SHA
|                                            VULNERABLE -- and no higher protocols as mitigation supported
|  RC4 (CVE-2013-2566, CVE-2015-2808)        VULNERABLE (NOT ok): RC4-SHA RC4-MD5 RC4-MD5 RC4-64-MD5 EXP1024-RC4-SHA EXP-RC4-MD5 
`----

Himmel.

,----
|  Testing all 183 locally available ciphers against the server, ordered by encryption strength 
|
| Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.  Encryption Bits     Cipher Suite Name (RFC)
| ---------------------------------------------------------------------------------------------------------------------------
|  x030080 RC2-CBC-MD5                       RSA        RC2       128      SSL_CK_RC2_128_CBC_WITH_MD5                        
|  x05     RC4-SHA                           RSA        RC4       128      TLS_RSA_WITH_RC4_128_SHA                           
|  x04     RC4-MD5                           RSA        RC4       128      TLS_RSA_WITH_RC4_128_MD5                           
|  x010080 RC4-MD5                           RSA        RC4       128      SSL_CK_RC4_128_WITH_MD5                            
|  x0a     DES-CBC3-SHA                      RSA        3DES      168      TLS_RSA_WITH_3DES_EDE_CBC_SHA                      
|  x0700c0 DES-CBC3-MD5                      RSA        3DES      168      SSL_CK_DES_192_EDE3_CBC_WITH_MD5                   
|  x080080 RC4-64-MD5                        RSA        RC4       64       SSL_CK_RC4_64_WITH_MD5                             
|  x62     EXP1024-DES-CBC-SHA               RSA(1024)  DES       56,exp   TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA                
|  x09     DES-CBC-SHA                       RSA        DES       56       TLS_RSA_WITH_DES_CBC_SHA                           
|  x61     EXP1024-RC2-CBC-MD5               RSA(1024)  RC2       56,exp   TLS_RSA_EXPORT1024_WITH_RC2_56_MD5                 
|  x060040 DES-CBC-MD5                       RSA        DES       56       SSL_CK_DES_64_CBC_WITH_MD5                         
|  x64     EXP1024-RC4-SHA                   RSA(1024)  RC4       56,exp   TLS_RSA_EXPORT1024_WITH_RC4_56_SHA                 
|  x60     EXP1024-RC4-MD5                   RSA(1024)  RC4       56,exp   TLS_RSA_EXPORT1024_WITH_RC4_56_MD5                 
|  x040080 EXP-RC2-CBC-MD5                   RSA(512)   RC2       40,exp   SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5               
|  x020080 EXP-RC4-MD5                       RSA(512)   RC4       40,exp   SSL_CK_RC4_128_EXPORT40_WITH_MD5                   
`----

Lediglich "DES-CBC3-SHA" ist halbwegs modern (aber eigentlich auch schon
Jahre veraltet), der Rest ist schon fast mit einem RasPi3 in 2 Stunden
knackbar. 

> Oben, bei der funktionierenden Verbindung, da steht was von RC4-SHA,
> sollte mir das zu denken geben, oder ist das in Ordnung?

Nein, definitiv nicht. Provider ist maximal merkbefreit.
Basierend auf dem Banner vom IMAP-Server "Courier-IMAP ready. Copyright
1998-2005" sowie der Version vom SMTP-Server "qmail home page:
http://pobox.com/~djb/qmail.html"; wundert mich gar nichts mehr.

S°

-- 
Sigmentation fault. Core dumped.

Reply to:

Follow-Ups:
- Re: Strech verweigert E-Mails
  - From: Siegfrid Brandstätter <debian@o-h-z.de>
- Re: Strech verweigert E-Mails
  - From: Heiko Schlittermann <hs@schlittermann.de>
- Re: Strech verweigert E-Mails
  - From: Martin Steigerwald <martin@lichtvoll.de>

References:
- Strech verweigert E-Mails
  - From: Siegfrid Brandstätter <debian@o-h-z.de>
- Re: Strech verweigert E-Mails
  - From: Heiko Schlittermann <hs@schlittermann.de>
- Re: Strech verweigert E-Mails
  - From: Siegfrid Brandstätter <debian@o-h-z.de>
- Re: Strech verweigert E-Mails
  - From: Christian Schmidt <Christian.Schmidt@chemie.uni-hamburg.de>
- Re: Strech verweigert E-Mails
  - From: Siegfrid Brandstätter <debian@o-h-z.de>
- Re: Strech verweigert E-Mails
  - From: Hugo Wau <hugowau@gmx.net>
- Re: Strech verweigert E-Mails
  - From: Heiko Schlittermann <hs@schlittermann.de>
- Re: Strech verweigert E-Mails
  - From: Heiko Schlittermann <hs@schlittermann.de>

Prev by Date: Re: Strech verweigert E-Mails
Next by Date: Re: Strech verweigert E-Mails
Previous by thread: Re: Strech verweigert E-Mails
Next by thread: Re: Strech verweigert E-Mails
Index(es):
- Date
- Thread