Disable SSLv2 by default.

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index c4739a80fb94549212e1c6a62acfd744c9ae7bab..a00908fe47da307e298efd46ededbdbd8dd44d48 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -14355,7 +14355,7 @@ harm. This option overrides the &%pipe_as_creator%& option of the &(pipe)&
 transport driver.
 
 
 transport driver.
 
 

-.option openssl_options main "string list" unset
+.option openssl_options main "string list" "+no_sslv2"

 .cindex "OpenSSL "compatibility options"
 This option allows an administrator to adjust the SSL options applied
 by OpenSSL to connections.  It is given as a space-separated list of items,
 .cindex "OpenSSL "compatibility options"
 This option allows an administrator to adjust the SSL options applied
 by OpenSSL to connections.  It is given as a space-separated list of items,

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index ed226b7564f9d687a4f34bbd9fd68d62e095963a..6b2b62cdb02eeb9684c875cb069c8f2c440dee58 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -86,6 +86,8 @@ PP/19 DNS resolver init changes for NetBSD compatibility.  (Risk of breakage
       Not seeing resolver debug output on NetBSD, but suspect this is a
       resolver implementation change.
 
       Not seeing resolver debug output on NetBSD, but suspect this is a
       resolver implementation change.
 

+PP/20 Disable SSLv2 by default in OpenSSL support.
+

 
 Exim version 4.77
 -----------------
 
 Exim version 4.77
 -----------------

diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index 2872d241f0f74857095d85ba1b521e3c4e44142e..6eae4ce7b0eebc500bb1dee00fa95f98f0cb79f1 100644 (file)
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -56,6 +56,10 @@ Version 4.78
 
     Currently OpenSSL only.
 
 
     Currently OpenSSL only.
 

+ 8. SSLv2 now disabled by default in OpenSSL.  (Never supported by GnuTLS).
+    Use "openssl_options -no_sslv2" to re-enable support, if your OpenSSL
+    install was not built with OPENSSL_NO_SSL2 ("no-ssl2").
+

 
 Version 4.77
 ------------
 
 Version 4.77
 ------------

diff --git a/doc/doc-txt/OptionLists.txt b/doc/doc-txt/OptionLists.txt
index 52a24b1984584045bc5964ba0bf7cc88c1e55c4c..d6fedcb5c3df72390ffebe268e7d930945e42bcf 100644 (file)
--- a/doc/doc-txt/OptionLists.txt
+++ b/doc/doc-txt/OptionLists.txt
@@ -373,7 +373,7 @@ once                                 string*         unset         autoreply
 once_file_size                       integer         0             autoreply         3.20
 once_repeat                          time            0s            autoreply         2.95
 one_time                             boolean         false         redirect          4.00
 once_file_size                       integer         0             autoreply         3.20
 once_repeat                          time            0s            autoreply         2.95
 one_time                             boolean         false         redirect          4.00

-openssl_options                      string          unset         main              4.73 default to unset in 4.78
+openssl_options                      string          +no_sslv2     main              4.73 default changed in 4.78

 optional                             boolean         false         iplookup          4.00
 oracle_servers                       string          unset         main              4.00
 owners                               string list     unset         redirect          4.00
 optional                             boolean         false         iplookup          4.00
 oracle_servers                       string          unset         main              4.00
 owners                               string list     unset         redirect          4.00

diff --git a/src/README.UPDATING b/src/README.UPDATING
index 5b6bea869ae5ab3a26b634ef742d6d2144873451..12335eab8ea7fde8fc81d6adb5a8d67b2adf8618 100644 (file)
--- a/src/README.UPDATING
+++ b/src/README.UPDATING
@@ -39,6 +39,12 @@ Exim version 4.78
    the message.  No tool has been provided as we believe this is a rare
    occurence.
 
    the message.  No tool has been provided as we believe this is a rare
    occurence.
 

+ * For OpenSSL, SSLv2 is now disabled by default.  (GnuTLS does not support
+   SSLv2).  RFC 6176 prohibits SSLv2 and some informal surveys suggest no
+   actual usage.  You can re-enable with the "openssl_options" Exim option,
+   in the main configuration section.  Note that supporting SSLv2 exposes
+   you to ciphersuite downgrade attacks.
+

  * With OpenSSL 1.0.1+, Exim now supports TLS 1.1 and TLS 1.2.  If built
    against 1.0.1a then you will get a warning message and the
    "openssl_options" value will not parse "no_tlsv1_1": the value changes
  * With OpenSSL 1.0.1+, Exim now supports TLS 1.1 and TLS 1.2.  If built
    against 1.0.1a then you will get a warning message and the
    "openssl_options" value will not parse "no_tlsv1_1": the value changes


@@ -48,8 +54,9 @@ Exim version 4.78
    "openssl_options" gains "no_tlsv1_1", "no_tlsv1_2" and "no_compression".
 
    COMPATIBILITY WARNING: The default value of "openssl_options" is no longer
    "openssl_options" gains "no_tlsv1_1", "no_tlsv1_2" and "no_compression".
 
    COMPATIBILITY WARNING: The default value of "openssl_options" is no longer

-   "+dont_insert_empty_fragments".  We default to unset.  That old default was
-   grandfathered in from before openssl_options became a configuration option.
+   "+dont_insert_empty_fragments".  We default to "+no_sslv2".
+   That old default was grandfathered in from before openssl_options became a
+   configuration option.

    Empty fragments are inserted by default through TLS1.0, to partially defend
    against certain attacks; TLS1.1+ change the protocol so that this is not
    needed.  The DIEF SSL option was required for some old releases of mail
    Empty fragments are inserted by default through TLS1.0, to partially defend
    against certain attacks; TLS1.1+ change the protocol so that this is not
    needed.  The DIEF SSL option was required for some old releases of mail

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index e609670ee73e57d0ebb311dfdf98178e9d222e75..ea32bdb406b07829ec94435e6b024aed55324df7 100644 (file)
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -481,7 +481,13 @@ list of available digests. */
 EVP_add_digest(EVP_sha256());
 #endif
 
 EVP_add_digest(EVP_sha256());
 #endif
 

-/* Create a context */
+/* Create a context.
+The OpenSSL docs in 1.0.1b have not been updated to clarify TLS variant
+negotiation in the different methods; as far as I can tell, the only
+*_{server,client}_method which allows negotiation is SSLv23, which exists even
+when OpenSSL is built without SSLv2 support.
+By disabling with openssl_options, we can let admins re-enable with the
+existing knob. */

 
 ctx = SSL_CTX_new((host == NULL)?
   SSLv23_server_method() : SSLv23_client_method());
 
 ctx = SSL_CTX_new((host == NULL)?
   SSLv23_server_method() : SSLv23_client_method());


@@ -1522,6 +1528,9 @@ BOOL adding, item_parsed;
 result = 0L;
 /* Prior to 4.78 we or'd in SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; removed
  * from default because it increases BEAST susceptibility. */
 result = 0L;
 /* Prior to 4.78 we or'd in SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; removed
  * from default because it increases BEAST susceptibility. */

+#ifdef SSL_OP_NO_SSLv2
+result |= SSL_OP_NO_SSLv2;
+#endif

 
 if (option_spec == NULL)
   {
 
 if (option_spec == NULL)
   {