What is suggested method for securing submission port 587 on SMTP server,
STARTTLS command or direct TLS layer?
I am currently tend to use (mandatory) STARTTLS command and not direct TLS layer. In case of problems, STARTTLS command can be disabled without changing MUA`s configuration. I think in case of direct usage of TLS layer it would not be so straightforward.
Are there any other suggestions, opinions ? I didn't find out if it is standardised in some RFC.
You don't have a choice. Port 587 is always the STARTTLS command. The only standard port allowing an SSL-wrapped ("direct TLS") connection is port 465.
RFC 4409 talks only about plain text communication with optional STARTTLS command submission port 587.
Ignoring the other SSL/TLS security issues, the important thing is to ensure protection to SSL/TLS stripping attack.
If MUA is configured to connect to port 587 with STARTTLS, it must refuse connection when MITM attacker strips the EHLO command STARTTLS.
If server is configured to use SSL/TLS-wrapped SMTP layer and client configured to use wrapped layer, again MUA client must refuse connection when MITM attacker strips whole SSL/TLS layer.
From a security point of view there is no difference between these two approaches.
Nevertheless, it is generally advisable to respect RFC and use STARTTLS on port 587.
Related
Adobe documentation for AEM 6 says
"Check the Use SSL or Use TLS checkboxes when configuring the LDAP
Identity Provider."
What protocol will be used if I check both boxes? Does TLS override the SSL config option? It seems to work with one or both checked, but I can't verify which protocol was used. Is checking just TLS sufficient to ensure I have a connection using the TLS protocol?
There are 2 ways to secure LDAP connections :
One is to connect to the LDAPS port (636 by default) using SSL (or
the later TLS versions). This is the legacy and non-standard way to
do it, also generally known as "Use SSL".
One is to connect to the LDAP port (389), and then enable TLS using
the LDAP StartTLS extended operation (which negotiates SSLv3 or TLS
protocols). It is generally known as "Use TLS".
The underlying version of the protocol used (SSLv3, TLSv1.0, TLSv1.1...) depends on the settings of the LDAP server or the LDAP client library.
I hope this helps.
As far as I understood, both encrypt the connection. However, SSL/TLS "forces" the mail client to encrypt the channel from the beginning. Now let's say I telnet mail.server 25 and, after the ehlo, I am presented with STARTTLS as an authentication option that the server allows me (the mail client) to use. If I choose STARTTLS does it mean that I can authenticate myself (mail client) against the server (using my digital certificate)? why and how?
I am doing as follows but I don't understand where does the client authentication part comes in:
telnet some.mail.server 25
ehlo some.mail.server
...
250-STARTTLS
...
STARTTLS
mail from: guy
rcpt to: otherGuy
data
someting
.
quit
Shouldn't I be sending the client certificate to the server? I tried this using openssl s_client -starttls smtp which actually provides a -cert and -key options to specify the certificate and private key.
So, in fact, the only disadvantage of SSL/TLS compared to STARTTLS is that since the connection is immediately encrypted, there is no way for the client to send its certificate on the same port. Only the server can send its certificate. Correct? A lot of confusion in my head... Please clarify this for me.
Both direct TLS mode and TLS upgrade using STARTTLS can use client certificates.
The only difference between these modes is that with STARTTLS you start with a plain connection and later upgrade if the server announces support for STARTTLS. A man in the middle could strip this announcement (similar to sslstrip) and thus prevent the upgrade to TLS. This is actually used in practice, see https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks.
Unfortunately MX records, which are used to announce which servers are responsible for the mail transfer, can only announce hosts and no ports and in this case the default port 25 will be used with the plain SMTP protocol. Thus you can only get TLS by using the STARTTLS command.
I'm working on adding SSL support into our existing application and have started to think about backwards compatibility.
The one special case that makes this different than other posts I've read is the server may not necessarily be updated with SSL code. So I'll have an SSL client connecting to a server that knows nothing about SSL.
For the sake of this discussion, the application sends keystrokes one at a time to the server, and for each keystroke a new socket is created. So I need to figure out a way to make this work on the existing port number and not use timeouts to determine if the server supports SSL or not.
Any suggestions on a graceful way to handle this?
(I'm using Winsock and OpenSSL)
Usually applications accept plain connections and direct SSL connections on different ports, e.g. smtp port 25 and smtps port 465, http port 80 and https port 443 etc. Other ways are to use the same port and then have a specific command from the client to upgrade to SSL, e.g. like STARTTLS with smtp or AUTH TLS with ftp.
If these common ways are not an option for you and the client sends the first packet in your protocol anyway (like with http, but not with smtp or ftp) you might do an recv(..MSG_PEEK) after the initial accept to see, what kind of data the client sends without removing the data from the socket buffer yet. If the peeked data look like your plain application protocol you continue there, if they look like a client hello from SSL (see https://security.stackexchange.com/questions/34780/checking-client-hello-for-https-classification) you do an SSL upgrade.
I'm adding TLS/SSL option to my email client using openssl. 3 options can be selected: AUTO, TLS, SSL (like Outlook Express's "encrypted connection option").
I'm curious that when 'AUTO' option selected, how it should work?
How can I select the best option for a specific mail server?
If I have to try the options one by one by priority (maybe TLS -> SSL -> none), how can I check the attempt fails?
Any advice will be welcomed.
First, make the determination based on the port number. The secure e-mail ports are 993 for IMAP and 995 for POP3. So if you're connecting to either of these ports, use TLS or SSL to connect.
If the port number is standard IMAP 143 or POP3 110, then you need to do an unsecure connection and query the capabilities of the mail server. You initiate a secure connection with the STARTTLS command.
During TLS negotiation, you tell the server what you're capable of (TLSv1 and SSLv3 for example) and the server picks which one to use.
If you have an AUTO option, you should show a "lock" icon or some other indicator in the user interface so that the user knows whether or not the connection is encrypted. Otherwise they'd have no idea which connection method you used.
You may want to look at this article on how Thunderbird does it.
Most mail clients that support SSL/TLS only require the user to say whether or not SSL should be enabled. The user doesn't have to know anything about Explicit & Implicit SSL and the differences between them.
So, how does the mail client determine which type of SSL to use? Is it based on default port numbers? Does it just try one and then the other?
A mail client must know if implicit SSL is in use when it connects, as it is responsible for initiating the SSL handshake with a ClientHello message. How it determines this is up to the client. Port numbers are a great hint, but there could also be a check box in some UI that forces it even when the standard (unprotected) port number is used.
There are IANA registered port numbers for secure mail, but some ISPs may use other ports.
IMAP/SSL: 993
POP3/SSL: 995
SMTP/SSL is often offered on port 465, but this is not registered, and is less common since support for explicit SSL is widely supported by SMTP agents.
Support for explicit SSL can be advertised by a server using a protocol-specific negotiation. For example, when a client connects to an SMTP server, and issues the EHLO command, the server will list its capabilities, which might include support for the STARTTLS command.
Port 465 is very common among commercial mail servers and is used very often. Most often it used for implicit SSL. When you telnet to this port you will get a timeout since you must set up the SSL connection first before communications with the mail server. Thus a timeout may be the first clue you have an implicit SSL connection. You cannot use EHLO to return results because no connection other than an SSL connection is allowed. AND NO you do not simply connect to an SMTP server running implicit SSL it will not respond and will just drop the connection. That is what it is supposed to do. Explicit SSL will allow connection first and then set up SSL. AND yes implicit SSL is used often. The drawback is that the RFC standards are not specific as to how it is implemented so different developers set it up in varying ways, even though implicit SSL is considered by some as depreciated.
I believe most clients that support SMTP over SSL start out with an unencrypted connection and issue an EHLO rather than HELO. The former has extra flag responses, one of which indicates whether the server supports the STARTTLS command or not. If they do, then the client can use STARTTLS, and then use SSL from that point on.
Example:
% telnet quack.kfu.com 25
220 quack.kfu.com ESMTP ready NO UCE
EHLO client
250-quack.kfu.com Hello client [xx.xx.xx.xx] (may be forged), pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 25000000
250-ETRN
250-AUTH PLAIN LOGIN
250-STARTTLS
250-DELIVERBY
250 HELP
starttls
220 2.0.0 Ready to start TLS