Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » kerio ssl with forward secrecy
  •  
Mark_und_Pfennig

Messages: 26
Karma: -1
Send a private message to this user
Hello,

how do I configure cerio to use perfect forward secrecy and TLS 1.2 as a default with ssl-connections?

Greetings

Stefan Westner
  •  
Pavel Dobry (Kerio)

Messages: 5163
Karma: 245
Send a private message to this user
Make sure you are running Kerio Connect 8.2.2. The server offers TLS 1.2 to clients and supports Forward Secrecy. It works automatically, no set up needed. It is up to the client to choose the TLS version and cipher suite.

[Updated on: Thu, 06 February 2014 09:52]


Knowledge Base: http://kb.kerio.com/.
Technical support: http://www.kerio.com/support
------------------
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
Jabba

Messages: 87
Karma: -1
Send a private message to this user
Hi Pavel,

today i have fixed my Kerio Connect server for OpenSSL Vulnerability and after that i have try to test my servers with https://www.ssllabs.com/ssltest.
SSL Labs give to my server A- because "The server does not support Forward Secrecy with the reference browsers. Grade reduced to A-. "

How can i fix it ?
  •  
lelandbay

Messages: 22
Karma: -1
Send a private message to this user
I received the same test results on 8.2.3 with and without the Heartbleed hotfix.
  •  
Pavel Dobry (Kerio)

Messages: 5163
Karma: 245
Send a private message to this user
Kerio Connect 8.2 does support Forward Secrecy with most of the browsers, except MS IE. Internet Explorer uses a different set of ciphers and the ones with FS are not present in Kerio Connect at this moment. MSIE-compatible FS cipher suites might be introduced in some next Kerio Connect version. Chrome, Firefox and Safari use FS with Kerio Connect with no issues.

Knowledge Base: http://kb.kerio.com/.
Technical support: http://www.kerio.com/support
------------------
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
gommog

Messages: 8
Karma: -3
Send a private message to this user
Pavel Dobry (Kerio) wrote on Thu, 10 April 2014 15:12
Kerio Connect 8.2 does support Forward Secrecy with most of the browsers, except MS IE. Internet Explorer uses a different set of ciphers and the ones with FS are not present in Kerio Connect at this moment. MSIE-compatible FS cipher suites might be introduced in some next Kerio Connect version. Chrome, Firefox and Safari use FS with Kerio Connect with no issues.


We're running Kerio 8.5.4, are there any plans to include the required ciphers in a future version?
  •  
Pavel Dobry (Kerio)

Messages: 5163
Karma: 245
Send a private message to this user
gommog wrote on Wed, 14 October 2015 11:49


We're running Kerio 8.5.4, are there any plans to include the required ciphers in a future version?


There is no version 8.5.4.
Starting with Kerio Connect 8.5.0 ECDHE cipher suites are supported therefore Forward Secrecy is available to all browsers including MS IE.

Knowledge Base: http://kb.kerio.com/.
Technical support: http://www.kerio.com/support
------------------
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
gommog

Messages: 8
Karma: -3
Send a private message to this user
OK so our version is 8.5.1 (4597), apparently the most up to date but according to the SSL report from ssllabs.com forward secrecy is only available with some browsers not all. This would suggest that ciphers needed for IE are still not available in Kerio, can you confirm this?

Updated, just checked mail.kerio.com against ssllabs.com tests, it turns out your own mail server doesn't fully support forward secrecy Embarassed

[Updated on: Wed, 14 October 2015 14:51]

  •  
ikheetleon

Messages: 67
Karma: -1
Send a private message to this user
Besides that, there is the DDoS ssl bug (client initated renegotiation) which is still not patched.... for 2 years!!!

http://forums.kerio.com/t/25703/webmail-dos-vulnerability-vi a-client-initiated-renegotiation

I just got my new invoice to renew the support maintenace. The price has gone up very fast last years, but support/development has actually gone down. It took years for ipv6 support and it still takes years for patching security bugs. Other ssl features like HSTS (which is a must for webmail) are still missing.
  •  
Pavel Dobry (Kerio)

Messages: 5163
Karma: 245
Send a private message to this user
gommog wrote on Wed, 14 October 2015 14:44
OK so our version is 8.5.1 (4597), apparently the most up to date but according to the SSL report from ssllabs.com forward secrecy is only available with some browsers not all. This would suggest that ciphers needed for IE are still not available in Kerio, can you confirm this?

Updated, just checked mail.kerio.com against ssllabs.com tests, it turns out your own mail server doesn't fully support forward secrecy Embarassed


Kerio Connect 8.5.2 passes all Forward Secrecy tests in default configuration (although with 1024bit prime number in DHE, which is reasonably secure but reported as B):
./fa/4060/0/

Our own mail server is running a development version, not final one. Thank you for letting us know.


Knowledge Base: http://kb.kerio.com/.
Technical support: http://www.kerio.com/support
------------------
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
Pavel Dobry (Kerio)

Messages: 5163
Karma: 245
Send a private message to this user
ikheetleon wrote on Thu, 15 October 2015 17:13
Besides that, there is the DDoS ssl bug (client initated renegotiation) which is still not patched.... for 2 years!!!

http://forums.kerio.com/t/25703/webmail-dos-vulnerability-vi a-client-initiated-renegotiation

I just got my new invoice to renew the support maintenace. The price has gone up very fast last years, but support/development has actually gone down. It took years for ipv6 support and it still takes years for patching security bugs. Other ssl features like HSTS (which is a must for webmail) are still missing.


I agree that unpatched client re-negotiation looks scary but the real world impact is low. The same DoS can be initiated by many TCP connections even if this fixed or disabled.
We take security seriously and continuously work on providing the best security score. In many cases what was secure two months ago is now considered by testing tools as lower security (eg. DHE 1024bit primes).

Kerio Connect can be configured to enforce HTTPS connections - which is exactly what HSTS is supposed to do. But we do even more. We enforce HTTPS also for other HTTP-based clients, not just for browsers. In secure configuration the server does not allow HTTP connections and redirects clients to HTTPS automatically.

Knowledge Base: http://kb.kerio.com/.
Technical support: http://www.kerio.com/support
------------------
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
ikheetleon

Messages: 67
Karma: -1
Send a private message to this user
So, because other services might also offer DoS vulnerability, that's a reason for Kerio not to patch? Security is a constant rat-race to stay up to date. If your in the business of software development, that should be part of your way of working. You might be right that the impact is low, but still, if your running a security business and want your front door (which is your business card) to be spotless, Kerio is not the way to go. It used to be to my opinion, and there I see a step back which disappoints me.

About HSTS, you should really do some further reading. It is NOT the same as redirecting http > https. Heard of sslstrip and Wifi Pinapple devices? People carry such devices arround airports/shopping malls and other public places with "shared" wifi. They take over the Wifi signal and strip ssl. Many users will not see that the https icon is missing. Their webmail is working as expected, no ssl errors, so it's "safe". Unfortunatelly, a man in the middle attack has occured and obtained their login credentials. HSTS could have prevented this, since the browser would have detected a non https connection to a site which should have had https. It's a small feature to make sure, webmail is never read via http, but only https. Since the implementation is pretty simple, why not let your customers decide if they want it switched on or off?

  •  
Lukas Petrlik (Kerio)

Messages: 109
Karma: 7
Send a private message to this user
gommog wrote on Wed, 14 October 2015 14:44
Updated, just checked mail.kerio.com against ssllabs.com tests, it turns out your own mail server doesn't fully support forward secrecy Embarassed
Alhough this is not a beta forum, please let me comment on the changes related to Diffie Hellman Key Exchange (DHE) that we have made to the development version of Connect. (The scan results you posted to this forum are for the development version, DHE is one of two methods used to implement Forward Secrecy in SSL/TLS.)

The first change is related to the "threat from state-level adversaries" that was published along with the Logjam attack. When DHE is enabled, the development version of Connect generates unique DHE parameters which make the threat infeasible. The generated parameters are saved to ...\sslcert\dhparams\dhparams_XXXX.pem and Connect reuses them on the next restart. Although previous versions of Connect use different DHE parameters than most web servers, having unique parameters for each Connect istance is definitely a security improvement.

The second change allows to change the length of the DHE parameters in the configuration. A new configuration variable EphemeralDHParamSize can be set to 1024, 2048, or 4096 to use DHE parameters of the specified length. The value of 0 means to use the default value (2048 bits), but you can change it back to 1024 bit if you experience compatibility problems with the default value.

During this year several people called for an increase of the default DHE parameter length from 1024 to 2048 bits. Unfortunately, there is a compatity problem with JDK 7 and earlier which do not support 2048 bit parameters. The result is that systems running on JDK 7 and earlier may not be able to deliver mail to a system configured to use DHE parameters 2048 bits long.

Because we want all our customers receive their mail, we have decided to disable DHE in the development version but you can reenable it in the configuration.

To sum up, you have basically three options regarding DHE with the development version:

1) Leave the default SSL/TLS configuration. This is the the best compromise between security and compatibility with other servers. The server does not use any weak ciphers and it can receive mail from JDK 7 and earlier. SSLLabs rating of the server is "A-" because IE11 and IE8 on WinXP cannot connect to it with Forward Security.

(Regarding IE11 - you can actually change Connect configuration to use Forward Secrecy with IE11 even if DHE is disabled but it would be actually less secure than the default - it would use CBC chaining instead of GCM.)

2) Eable DHE and leave the default DHE parameter length 2048 bits. This is the most secure configuration but Connect instances with this configuration cannot receive mail from some older JDK-based applications. SSLLabs rating of Connect with this congiguration is "A".

3) Eable DHE and set the DHE parameter length to 1024 bits. This is the same configuration as in Connect 8.5.3 and earlier. SSLLabs rating of the server is "B".
  •  
ikheetleon

Messages: 67
Karma: -1
Send a private message to this user
Thank you for this information Lukas. Is my assumption correct that this new param (EphemeralDHParamSize) will be available in the next (stable) release of Kerio Connect? Is that version 9? I think it's a very good development that Kerio let their customers decide what security meassures to take.

PS If you want to make it an A+ in ssllabs, add the possibility to add an HSTS header in the webserver config. For some customers, this will increase security, and allow them to remove the reverse proxy.


gommog

Messages: 8
Karma: -3
Send a private message to this user
Pavel Dobry (Kerio) wrote on Thu, 15 October 2015 22:43

Kerio Connect 8.5.2 passes all Forward Secrecy tests in default configuration (although with 1024bit prime number in DHE, which is reasonably secure but reported as B):
[img]./fa/4060/0/[/img]

Our own mail server is running a development version, not final one. Thank you for letting us know.


All forward secrecy tests? That's not what the screenshot shows and not what is reported in a non development version. How about telling us when these features will be fixed rather than telling us they're fixed when they're obviously not?
Previous Topic: Attachment Filter > deny secured archives
Next Topic: Differential backups missing
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Feb 24 11:43:04 CET 2017

Total time taken to generate the page: 0.02328 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.