Greg Helledy on 22 Jul 2015 11:00:36 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Thunderbird 38.1.0 and insecure cyphers (Logjam)


Thunderbird 38.1 was recently released and many users are set to auto-update to new versions. Those who did could no longer connect to our mail server.

Apparently the new version of Thunderbird performs a test for weak SSL keys to to protect people from the Logjam vulnerability.
https://weakdh.org/

The T-bird error console says "SSE received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message".

I've confirmed that we have a 2,048 bit key, so the implication is that our software is set to allow an export-grade "cypher suite", downgrading our 2,048-bit key to 512 bits. Note that this key is not one we generated, but is provided by the VPS hosting company.

I've gone into the management console and the "IMAP TLS/SSL Cipher List" had the following:

ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

Which should be fine because it disables export-grade suites. I added a couple of things to specifically disable ephemeral Diffie-Hellman:

ALL:!ADH:!kDHE:!DHE:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

Clicking on save restarts the IMAP server. However, T-Bird is *still* reporting the same error. I'm left to conclude that either: 1. The config shown in the VPS management GUI is not in fact what's applied to the running software, or
2.  There's something wrong with this T-bird release.

I wanted to get an independent confirmation of whether our server is vulnerable, but the Qualsys SSL tool says "Ports other than 443 not supported" when I try to point it at our mail server at port 993. Our webserver, running Apache, is fine. Is there an online tool for mail servers?

In case it's not obvious, I am NOT knowledgeable about crypto. Would a next step be to find the config file for the IMAP server (Courier) where the cypher list is stored?

Anyone else having this kind of issue?

--
Greg Helledy
GRA, Incorporated
P:  +1 215-884-7500
F:  +1 215-884-1385
www.gra.aero
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug