Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use specified ciphers for outgoing STARTLS connections
Perdition(8) says: --ssl_outgoing_ciphers STRING: Cipher list when making outgoing SSL or TLS connections as per ciphers(1). If empty ("") then openssl's default will be used. (default "") However, this is only the case for outgoing connections that do not use STARTTLS (the perdition terminology is confusing here, since what it calls "TLS" actually means "start as cleartext, negotiate to encrypted via STARTTLS" and what it calls "SSL" actually means "start SSL or TLS session, run service inside that"). This is a security concern because it means that perdition is not obeying the specifications of the administrator, and may accept weaker ciphersuites than instructed on its backhaul connections. Consider the case where an administrator wants to offer relatively promiscuous IMAP connections to their end users -- if the user's MUA only has some weak cipher suite or cleartext IMAP, we want to accept the weak ciphersuite as better than nothing. However, the admin's backend IMAP servers are all under her control, and she knows that they are capable of stronger ciphersuites. in this case, ssl_listen_ciphers will allow weak ciphers, and ssl_outgoing_ciphers will be strict and require high security, to at least protect the link between perdition and the backend IMAP server. However, if this outgoing connection happens to use IMAP+STARTTLS instead of IMAPS, the bug described here will offer weak ciphersuites to the backend IMAP server. This is CVE-2013-4584 This is Debian Bug #729028 Signed-off-by: Simon Horman <horms@verge.net.au>
- Loading branch information