Topic: [Solved] 8.2 TLS 1.2 support?

[Michail Pappas]

I've been running a SME server for some 3-4 years now. Excellent workhorse, huge community here. This year I will also take the plunge and try to upgrade to 9.x.

In the meantime, I've stumbled into the SSLlabs checkssl page at https://www.ssllabs.com/ssltest/analyze.html

I decided to test my own 8.2-based server. End result is that the server was graded with C, the 2 main issues being that the rather old-in-the-tooth TLS 1.0 is supported, as well as weak cipher suites. Pasted from the grading:"

This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B.   MORE INFO »
The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C.  MORE INFO »
The server does not support Forward Secrecy with the reference browsers.  MORE INFO »

From all these recommendations, the only one actually worrying me is the one about TLS 1.2. As per RFC7525 (also a Best Current Practice document, BCP195):

   o  Implementations SHOULD NOT negotiate TLS version 1.0 [RFC2246];
      the only exception is when no higher version is available in the
      negotiation.

      Rationale: TLS 1.0 (published in 1999) does not support many
      modern, strong cipher suites.  In addition, TLS 1.0 lacks a per-
      record Initialization Vector (IV) for CBC-based cipher suites and
      does not warn against common padding errors.

   o  Implementations SHOULD NOT negotiate TLS version 1.1 [RFC4346];
      the only exception is when no higher version is available in the
      negotiation.

      Rationale: TLS 1.1 (published in 2006) is a security improvement
      over TLS 1.0 but still does not support certain stronger cipher
      suites.

   o  Implementations MUST support TLS 1.2 [RFC5246] and MUST prefer to
      negotiate TLS version 1.2 over earlier versions of TLS.

      Rationale: Several stronger cipher suites are available only with
      TLS 1.2 (published in 2008).  In fact, the cipher suites
      recommended by this document (Section 4.2 below) are only
      available in TLS 1.2.

   This BCP applies to TLS 1.2 and also to earlier versions.  It is not
   safe for readers to assume that the recommendations in this BCP apply
   to any future version of TLS.

Can 8.2 OpenSSL be upgraded, considering that EOL is on 2017? Are things better on 9.x?

[brianr]

Just tested my 9.1 server, with a letsencrypt cert - grade A-.

"The server does not support Forward Secrecy with the reference browsers. Grade reduced to A-.".

[Michail Pappas]

Just tested my 9.1 server, with a letsencrypt cert - grade A-.

Therefore I assume that TLS 1.2 is supported on SME 9.

Perhaps someone else could comment on the possibility of implementing the same transport on SME 8.2?

[Stefano]

well, are you bound to SME 8?
why don't you move to SME 9?

[Michail Pappas]

Lacking some prerequisites atm, mainly disk space on my VM host. I wanted to keep the old VM around, backup its data to USB, create a new VM, restore data on it and if only everything works fine, delete the old VM.

Atm I'm out of storage and due to some very time-consuming tender process, I'll have these disks in some 4-5 months. It's for this interim interval I was wondering if something could/would be done regarding TLS.

[janet]

Michail Pappas

I can also comment that SME9.1 passes online tests with a high rating.

Most probably your easiest, quickest & simplest approach is to upgrade to SME 9.1, you will expend effort to tweak your SME8.x so put that effort to the SME9.x upgrade instead.

You could make a complete VM backup & download that locally.
Then do the USB backup.
Then delete/over write your current VM space with a new SME9.1 clean install & restore from USB backup.
If you have a serious problem then you can upload/reinstate your SME9.x from the local VM backup.
 
Do a test run first to "in particular" make sure your SME8.x is recoverable from the VM backup.

Otherwise temporarily just "buy" some extra VM storage space (the $ cost may be the lesser/cheaper option if considering the cost of your time & efforts).

If you are unsure about something re SME9.1 &/or contribs etc, then do a local install in a local VM & test until you are happy.

Alternatively stop being concerned about TLS 1.2 support & online test results.
If you are that concerned about security, or have a strong business reason, then upgrade immediately & I expect cost is not really a consideration then.

[CharlieBrady]

As per RFC7525 (also a Best Current Practice document, BCP195):

Do you need current best practice? Do you have any national governments capturing all traffic in and out of your system and trying to crack any encryption? Do you have any highly valued private data leaving your website?

IOW, maybe a C grade is OK for you.

[Michail Pappas]

@janet: upgrading to 9.1 was in my plans. Perhaps I'll do it as you proposed. It's just that I hate the downtime.

@CharlieBrady: The server does handle government email mostly, although there is some web content served. I am not afraid of cracking here. I am mostly concerned with possible TLS 1.0 vulnerabilities that might arise, having become obsolete for some time (AFAIK).

Bottomline: a C grade is probably ok, only because it is not a permanent state; I will switch to 9.x soon I hope.

[Michail Pappas]

Just to close this thread: updating my server to 9.1 updated its grade A-.

EDIT: I can not edit the original post to tag it as [SOLVED]'d. I'd appreciate if a mod did it. TIA.