Authentication with STARTTLS and SSL/TLS - ssl

As far as I understood, both encrypt the connection. However, SSL/TLS "forces" the mail client to encrypt the channel from the beginning. Now let's say I telnet mail.server 25 and, after the ehlo, I am presented with STARTTLS as an authentication option that the server allows me (the mail client) to use. If I choose STARTTLS does it mean that I can authenticate myself (mail client) against the server (using my digital certificate)? why and how?
I am doing as follows but I don't understand where does the client authentication part comes in:
telnet some.mail.server 25
ehlo some.mail.server
...
250-STARTTLS
...
STARTTLS
mail from: guy
rcpt to: otherGuy
data
someting
.
quit
Shouldn't I be sending the client certificate to the server? I tried this using openssl s_client -starttls smtp which actually provides a -cert and -key options to specify the certificate and private key.
So, in fact, the only disadvantage of SSL/TLS compared to STARTTLS is that since the connection is immediately encrypted, there is no way for the client to send its certificate on the same port. Only the server can send its certificate. Correct? A lot of confusion in my head... Please clarify this for me.

Both direct TLS mode and TLS upgrade using STARTTLS can use client certificates.
The only difference between these modes is that with STARTTLS you start with a plain connection and later upgrade if the server announces support for STARTTLS. A man in the middle could strip this announcement (similar to sslstrip) and thus prevent the upgrade to TLS. This is actually used in practice, see https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks.
Unfortunately MX records, which are used to announce which servers are responsible for the mail transfer, can only announce hosts and no ports and in this case the default port 25 will be used with the plain SMTP protocol. Thus you can only get TLS by using the STARTTLS command.

Related

How to find out if SSL/TLS is mandatory on a listener port of kafka broker?

This might be done by issuing openssl s_client -connect with -no_tls1_2 -no_tls1_1 -no_tls1 -no_ssl3 -no_ssl2 but the result seems inconclusive to me. The listener is configured with SASL/SCRAM authentication enabled, but I am not sure if Encrypt data in transit Between clients and brokers Plaintext Enabled MSK cluster setting applies to that listener or not. Another way would be to connect to it and use wireshark to investigate traffic, if data is actually encrypted or not. The fact that I do not need to specify explicitly truststore does not mean it cannot use default java truststore and actually perform one way ssl handshake, when I give it such client settings:
security.protocol=SASL_SSL
sasl.mechanism=SCRAM-SHA-512
Right?
I guess I have found the answer:
Plaintext does not apply to the listener with SASL/SCRAM control method.

Simulate expiring SSL certificate

I'm looking for a service online, able to simulate an expiring SSL certificate. I know about badssl.com, but that only seems to include an expired certificate. What I'm looking to do is to call an endpoint with a certificate expiring in something like 5 days. Possible?
I do not know about an online service tailored to your needs (you could also try to contact badssl.com and ask them if they would be willing to add your test case, as it may profit others too), but locally you can run openssl s_server and configure it to use any local certificate you would have created to be in the situation you need to test.
From its manual:
The s_server command implements a generic SSL/TLS server which listens for connections on a given port using SSL/TLS.
and:
s_server can be used to debug SSL clients. To accept connections from a web browser the command:
openssl s_server -accept 443 -www
can be used for example.
Otherwise, if you are outside of the world wide web world:
If a connection request is established with an SSL client and neither the -www nor the -WWW option has been used then normally any data received from the client is displayed and any key presses will be sent to the client.
(and follows a list of special keys for special operations).

How sim800 get ssl certificate?

Sim800 supports SSL protocol. AT command "AT+CIPSSL" sets TCP to use SSL function.
In the "sim800_series_ssl_application_note_v1.01.pdf" is noted that: "Module will automatic begin SSL certificate after TCP connected."
My Problem: What is the exact meaning of the begin SSL certificate? what does sim800 do exactly? Does sim800 get SSL certificate from website? where does sim800 save SSL certificate?
As far as I know, SIM800 has some certificates in it and when you use a TCP+SSL or HTTP+SSL connection it will automatically use those certificates.
If those certificates are not ok for you, you will need to use an SD card, save there the certificates you want and use the command AT+SSLSETCERT to set the certificate you saved on your SD card. Here you can find how to use the File System.
Usually the certificates that come with the module are enough and you won't need this. But for example they didn't work for me when I tried to communicate with Azure via MQTT. I had to encrypt the data myself using wolfSSL library and send it using TCP without SSL.
Note: Not all SIM800 modules have SD card support.
There are a very few information about sim800 and ssl certificate on the web, and like you i got a lot of questions about it.
About your questions on how does sim800 get certificate and where does it save it, it seems, according to sim800_series_ssl_application_note_v1.01.pdf, that you can create (defining your own path), write and import a ssl certificate on your own with the AT+FSCREATE, AT+FSWRITE and AT+SSLSETCERT commands. An example is provided at the paragraph 3.10.
I'm sorry, i can't answer your other questions.
Anyway, if you get further informations about sim800 and ssl, i would be grateful if you share it with me.
When you use AT+CIPSSL you tell the SIM-module to use the SSL connection with TCP. When you use +CIPSTART command->
SIM module requests the TCP connection with the server through SSL.
Server sends the Server SSL certificate.
The authenticity of that certificate is checked with internal certificate authority certificate (The one that resides inside SIM-module) which is cryptographically connected with server certificate.
If the authenticity of certificate can not be confirmed SIM-module will close the connection unless you use the command AT+SSLOPT=0,0 (which forces the SIM-module to ignore invalid certificate authentication) prior to AT+CIPSSL command.
//Key exchange
SIM-module then encrypts it's master key (already inside SIM-module cannot be changed or read) with the public key (Which is part of the already sent server certificate) and sends it back to server.
Server then encrypts it's master key with SIM-module's master-key and sends it back to SIM-module. Key exchange is now complete as both (server and SIM-module) recieved master keys.
SIM-module currently doesn't support Client authentication which means that server cannot authenticate the client. That means there must be some other option of authentication (For example in MQTT that can be username and password that only client knows)
If you want your module to be able to authenticate server you will need to create the self-signed certificate for server and certificate authority certificate (for SIM-module) which is cryptographically connected to self-signed certificate and upload them to server and SIM-module (through AT+SSLSETCERT command from SD card).
If you only want to encrypt the data traffic you can ignore invalid certificate (AT+SSLOPT=0,0) as you will recieve publickey nevertheless. But if you want to be sure about server authenticity you will need to upload right certificate to module.

What TLS method is better for port 587?

What is suggested method for securing submission port 587 on SMTP server,
STARTTLS command or direct TLS layer?
I am currently tend to use (mandatory) STARTTLS command and not direct TLS layer. In case of problems, STARTTLS command can be disabled without changing MUA`s configuration. I think in case of direct usage of TLS layer it would not be so straightforward.
Are there any other suggestions, opinions ? I didn't find out if it is standardised in some RFC.
You don't have a choice. Port 587 is always the STARTTLS command. The only standard port allowing an SSL-wrapped ("direct TLS") connection is port 465.
RFC 4409 talks only about plain text communication with optional STARTTLS command submission port 587.
Ignoring the other SSL/TLS security issues, the important thing is to ensure protection to SSL/TLS stripping attack.
If MUA is configured to connect to port 587 with STARTTLS, it must refuse connection when MITM attacker strips the EHLO command STARTTLS.
If server is configured to use SSL/TLS-wrapped SMTP layer and client configured to use wrapped layer, again MUA client must refuse connection when MITM attacker strips whole SSL/TLS layer.
From a security point of view there is no difference between these two approaches.
Nevertheless, it is generally advisable to respect RFC and use STARTTLS on port 587.

How do SMTP clients determine whether to use Explicit or Implicit SSL

Most mail clients that support SSL/TLS only require the user to say whether or not SSL should be enabled. The user doesn't have to know anything about Explicit & Implicit SSL and the differences between them.
So, how does the mail client determine which type of SSL to use? Is it based on default port numbers? Does it just try one and then the other?
A mail client must know if implicit SSL is in use when it connects, as it is responsible for initiating the SSL handshake with a ClientHello message. How it determines this is up to the client. Port numbers are a great hint, but there could also be a check box in some UI that forces it even when the standard (unprotected) port number is used.
There are IANA registered port numbers for secure mail, but some ISPs may use other ports.
IMAP/SSL: 993
POP3/SSL: 995
SMTP/SSL is often offered on port 465, but this is not registered, and is less common since support for explicit SSL is widely supported by SMTP agents.
Support for explicit SSL can be advertised by a server using a protocol-specific negotiation. For example, when a client connects to an SMTP server, and issues the EHLO command, the server will list its capabilities, which might include support for the STARTTLS command.
Port 465 is very common among commercial mail servers and is used very often. Most often it used for implicit SSL. When you telnet to this port you will get a timeout since you must set up the SSL connection first before communications with the mail server. Thus a timeout may be the first clue you have an implicit SSL connection. You cannot use EHLO to return results because no connection other than an SSL connection is allowed. AND NO you do not simply connect to an SMTP server running implicit SSL it will not respond and will just drop the connection. That is what it is supposed to do. Explicit SSL will allow connection first and then set up SSL. AND yes implicit SSL is used often. The drawback is that the RFC standards are not specific as to how it is implemented so different developers set it up in varying ways, even though implicit SSL is considered by some as depreciated.
I believe most clients that support SMTP over SSL start out with an unencrypted connection and issue an EHLO rather than HELO. The former has extra flag responses, one of which indicates whether the server supports the STARTTLS command or not. If they do, then the client can use STARTTLS, and then use SSL from that point on.
Example:
% telnet quack.kfu.com 25
220 quack.kfu.com ESMTP ready NO UCE
EHLO client
250-quack.kfu.com Hello client [xx.xx.xx.xx] (may be forged), pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 25000000
250-ETRN
250-AUTH PLAIN LOGIN
250-STARTTLS
250-DELIVERBY
250 HELP
starttls
220 2.0.0 Ready to start TLS