StartTLS and ejabberd

stephdl · 2018-09-21 13:36:03 UTC

I worked to improve security in ejabberd restricting it to TLS1.2 with a new tls policy 2018-10-01, this is the issue to track it, and the blog article where I found the instructions.

my concern here is to demonstrate that the connection is well restricted to tls1.2

I used to test with testssl.sh but it works only with the port 5223 (only ssl)

With startTLS I can connect, see in the debug window of pidgin that I connected with TLS (that is required), the cipher used, but not much information

I saw that testssl.sh need to be adapted for starttls but it doesn’t work as expected

testssl.sh --starttls xmpp your-server:5222
testssl.sh --starttls xmpp --xmpphost your-domain your-server:5222

what is good now is that even with the stable rpm, I cannot test my tls connection…do you have a way ?

mrmarkuz · 2018-09-21 23:57:05 UTC

Does this show more?

openssl s_client -starttls xmpp -connect your-server:5222

stephdl · 2018-09-22 07:25:39 UTC

Will try again but it seems openssl failed too

dnutan · 2018-09-22 08:39:26 UTC

Don’t know if any of these can be useful to you: openssl s_client, sslscan, SSLyze, ssl-enum-ciphers or IM Observatory

stephdl · 2018-09-24 21:29:49 UTC

I can test the S2S by

https://xmpp.net
https://tls.imirhil.fr/

need to understand for the C2S

stephdl · 2018-09-24 21:56:45 UTC

if I remove the max_stanza_size: 65536 in the c2S connection I can test the cipher and the starttls required. If enabled the site https://xmpp.net is unable to connect to c2S

For now https://xmpp.net is the only way I found to test C2S and S2S

What do you think @giacomo ?

**max_stanza_size: Size** : This option specifies an approximate maximum size in bytes of XML stanzas. Approximate, because it is calculated with the precision of one block of read data. For example{max_stanza_size, 65536}. The default value isinfinity. Recommended values are 65536 for c2s connections and 131072 for s2s connections. s2s max stanza size must always much higher than c2s limit. Change this value with extreme care as it can cause unwanted disconnect if set too low.

davidep · 2018-09-25 11:02:34 UTC

I propose to proceed with the issue verification by checking the port 5223: as the TLS configuration is the same of port 5222 I assume the test is valid for both ports:

 nmap  --script ssl-enum-ciphers 192.168.122.5 -p 5223

VERIFIED for me

Summary

Without policy

[davidep@davidep1 nethserver-ejabberd]$ nmap  --script ssl-enum-ciphers 192.168.122.5 -p 5223

Starting Nmap 7.60 ( https://nmap.org ) at 2018-09-25 12:46 CEST
Nmap scan report for vm5.dpnet.nethesis.it (192.168.122.5)
Host is up (0.00031s latency).

PORT     STATE SERVICE
5223/tcp open  hpvirtgrp
| ssl-enum-ciphers: 
|   TLSv1.0: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: client
|   TLSv1.1: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: client
|   TLSv1.2: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: client
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.41 seconds

With policy

[davidep@davidep1 nethserver-ejabberd]$ nmap  --script ssl-enum-ciphers 192.168.122.5 -p 5223

Starting Nmap 7.60 ( https://nmap.org ) at 2018-09-25 12:50 CEST
Nmap scan report for vm5.dpnet.nethesis.it (192.168.122.5)
Host is up (0.00029s latency).

PORT     STATE SERVICE
5223/tcp open  hpvirtgrp
| ssl-enum-ciphers: 
|   TLSv1.2: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: client
|_  least strength: A

davidep · 2018-09-25 16:58:15 UTC

I must run additional tests. I’ll report (also) here

stephdl · 2018-09-25 19:37:11 UTC

never mind it seems if we use the same previous list of cipher (tls20180621) for ejabberd, it solves quite all my issue, thank for pointing me in that direction