Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use specified ciphers for outgoing STARTLS connections
Perdition(8) says:
--ssl_outgoing_ciphers STRING:
Cipher list when making outgoing SSL or TLS connections as
per ciphers(1). If empty ("") then openssl's default will
be used. (default "")
However, this is only the case for outgoing connections that do not use
STARTTLS (the perdition terminology is confusing here, since what it
calls "TLS" actually means "start as cleartext, negotiate to encrypted
via STARTTLS" and what it calls "SSL" actually means "start SSL or TLS
session, run service inside that").
This is a security concern because it means that perdition is not
obeying the specifications of the administrator, and may accept weaker
ciphersuites than instructed on its backhaul connections.
Consider the case where an administrator wants to offer relatively
promiscuous IMAP connections to their end users -- if the user's MUA
only has some weak cipher suite or cleartext IMAP, we want to accept the
weak ciphersuite as better than nothing. However, the admin's backend
IMAP servers are all under her control, and she knows that they are
capable of stronger ciphersuites. in this case, ssl_listen_ciphers will
allow weak ciphers, and ssl_outgoing_ciphers will be strict and require
high security, to at least protect the link between perdition and the
backend IMAP server.
However, if this outgoing connection happens to use IMAP+STARTTLS
instead of IMAPS, the bug described here will offer weak ciphersuites to
the backend IMAP server.
This is CVE-2013-4584
This is Debian Bug #729028
Signed-off-by: Simon Horman <horms@verge.net.au>- Loading branch information
