Re: Strech verweigert E-Mails
Heiko Schlittermann <hs@schlittermann.de> wrote:
> Aber, ich denke, der Provider ist vielleicht nicht ganz unschuldig:
Es ist noch viel viel schlimmer, Prüfung via testssl.sh:
,----
| Testing protocols (via sockets except TLS 1.2, SPDY+HTTP2)
|
| SSLv2 offered (NOT ok), also VULNERABLE to DROWN attack -- 7 ciphers
| SSLv3 offered (NOT ok)
| TLS 1 offered
| TLS 1.1 not offered
| TLS 1.2 not offered
| Version tolerance downgraded to TLSv1.0 (OK)
`----
Autsch.
,----
| Testing server preferences
|
| Has server cipher order? nope (NOT ok)
| Negotiated protocol TLSv1
| Negotiated cipher RC4-SHA (limited sense as client will pick)
| Negotiated cipher per proto (limited sense as client will pick)
| RC2-CBC-MD5: SSLv2
| RC4-SHA: SSLv3, TLSv1
| No further cipher order check has been done as order is determined by the client
`----
Oh Gott.
,----
| Testing vulnerabilities
|
| Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension
| CCS (CVE-2014-0224) VULNERABLE (NOT ok)
| Secure Renegotiation (CVE-2009-3555) VULNERABLE (NOT ok)
| Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), potential DoS threat
| CRIME, TLS (CVE-2012-4929) not vulnerable (OK) (not using HTTP anyway)
| POODLE, SSL (CVE-2014-3566) VULNERABLE (NOT ok), uses SSLv3+CBC (check TLS_FALLBACK_SCSV mitigation below)
| TLS_FALLBACK_SCSV (RFC 7507), Downgrade attack prevention NOT supported
| FREAK (CVE-2015-0204) VULNERABLE (NOT ok), uses EXPORT RSA ciphers
| DROWN (2016-0800, CVE-2016-0703) VULNERABLE (NOT ok), SSLv2 offered with 7 ciphers
| LOGJAM (CVE-2015-4000), experimental not vulnerable (OK), common primes not checked. See below for any DH ciphers + bit size
| BEAST (CVE-2011-3389) SSL3: DES-CBC-SHA DES-CBC3-SHA
| EXP1024-DES-CBC-SHA
| TLS1: DES-CBC-SHA DES-CBC3-SHA
| EXP1024-DES-CBC-SHA
| VULNERABLE -- and no higher protocols as mitigation supported
| RC4 (CVE-2013-2566, CVE-2015-2808) VULNERABLE (NOT ok): RC4-SHA RC4-MD5 RC4-MD5 RC4-64-MD5 EXP1024-RC4-SHA EXP-RC4-MD5
`----
Himmel.
,----
| Testing all 183 locally available ciphers against the server, ordered by encryption strength
|
| Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
| ---------------------------------------------------------------------------------------------------------------------------
| x030080 RC2-CBC-MD5 RSA RC2 128 SSL_CK_RC2_128_CBC_WITH_MD5
| x05 RC4-SHA RSA RC4 128 TLS_RSA_WITH_RC4_128_SHA
| x04 RC4-MD5 RSA RC4 128 TLS_RSA_WITH_RC4_128_MD5
| x010080 RC4-MD5 RSA RC4 128 SSL_CK_RC4_128_WITH_MD5
| x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA
| x0700c0 DES-CBC3-MD5 RSA 3DES 168 SSL_CK_DES_192_EDE3_CBC_WITH_MD5
| x080080 RC4-64-MD5 RSA RC4 64 SSL_CK_RC4_64_WITH_MD5
| x62 EXP1024-DES-CBC-SHA RSA(1024) DES 56,exp TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
| x09 DES-CBC-SHA RSA DES 56 TLS_RSA_WITH_DES_CBC_SHA
| x61 EXP1024-RC2-CBC-MD5 RSA(1024) RC2 56,exp TLS_RSA_EXPORT1024_WITH_RC2_56_MD5
| x060040 DES-CBC-MD5 RSA DES 56 SSL_CK_DES_64_CBC_WITH_MD5
| x64 EXP1024-RC4-SHA RSA(1024) RC4 56,exp TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
| x60 EXP1024-RC4-MD5 RSA(1024) RC4 56,exp TLS_RSA_EXPORT1024_WITH_RC4_56_MD5
| x040080 EXP-RC2-CBC-MD5 RSA(512) RC2 40,exp SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5
| x020080 EXP-RC4-MD5 RSA(512) RC4 40,exp SSL_CK_RC4_128_EXPORT40_WITH_MD5
`----
Lediglich "DES-CBC3-SHA" ist halbwegs modern (aber eigentlich auch schon
Jahre veraltet), der Rest ist schon fast mit einem RasPi3 in 2 Stunden
knackbar.
> Oben, bei der funktionierenden Verbindung, da steht was von RC4-SHA,
> sollte mir das zu denken geben, oder ist das in Ordnung?
Nein, definitiv nicht. Provider ist maximal merkbefreit.
Basierend auf dem Banner vom IMAP-Server "Courier-IMAP ready. Copyright
1998-2005" sowie der Version vom SMTP-Server "qmail home page:
http://pobox.com/~djb/qmail.html" wundert mich gar nichts mehr.
S°
--
Sigmentation fault. Core dumped.
Reply to: