Forcing Dovecot 2.3.4.1 to use TLSv1.2
Solution 1:
Not a complete answer, but maybe part of a solution:
1. I tried the solution suggested by @joffrey, but could not get it to
work. Enabling or disabling TLSv1.3 ciphersuites in ssl_cipher_list
seems to be completely ignored by Dovecot 2.3.4.1. The
ssl_prefer_server_ciphers does not have any effect on TLSv1.3 either.
No matter what Dovecot settings I tried, I was unable to prevent a
client from negotiating TLSv1.3 and choosing any TLSv1.3 ciphersuite it
wanted.
This is probably related to the introduction in OpenSSL 1.1.1 of a new
method for selecting TLSv1.3 ciphersuites, in addition to the already
existing method for selecting ciphers for TLSv1.2 and below. The
OpenSSL developers were aware of the inconvenience this would cause,
but said it was unavoidable, see
https://github.com/openssl/openssl/pull/5392. Dovecot commit
8f6f04eb
seems to lay the groundwork for a new Dovecot option probably to be
named ssl_ciphersuites as a front-end to the new OpenSSL method for
TLSv1.3, also in addition to the existing ssl_cipher_list for TLSv1.2
and below. This commit was first included in Dovecot 2.3.9, but that
version has not been packaged for Debian yet. Also, I do not see the
option mentioned in the Dovecot
NEWS or online
documentation, so maybe they are not finished yet.
2. Alternatively, I found that adding MaxProtocol = TLSv1.2 to
/etc/ssl/openssl.cnf works (warning: this will change the
behaviour of many other programs using OpenSSL as well!):
[system_default_sect]
MinProtocol = TLSv1.2
MaxProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=2
This immediately prevents Dovecot 2.3.4.1 from negotiating TLSv1.3. No need to even restart it. But, as warned above, this solution also affects other applications, not just Dovecot, so is of limited use.
In an attempt to target the settings to Dovecot exclusively, I tried setting an environment variable to point to a specific config file:
# OPENSSL_CONF=/etc/ssl/openssl-max-tlsv12.cnf dovecot -F
But that did not have any effect on Dovecot. I checked that the variable was visible in the environment and that it worked for other OpenSSL applications. However, I suspect that the OpenSSL library itself does not look at environment variables and that it is considered the responsibility of the calling program (Dovecot) to somehow pass the content of the variable to the library. I doubt that Dovecot does this, because I do not see any use of the OpenSSL CONF library in the Dovecot source code. I also could not get a dovecot application section in the OpenSSL config file to work, nor did I find any Dovecot options for setting an OpenSSL config file location or the application section name to be used from the OpenSSL config file. Perhaps someone else knows how to target OpenSSL settings to a specific program instead of system-wide?
3. Finally, you could always try to edit source code, of course. For
the current Debian dovecot package, you could start by duplicating
this
line,
change SSL_CTX_set_min_proto_version to
SSL_CTX_set_max_proto_version and then recompile. I did not really
want to go that far myself. You might as well just start using
upstream directly instead of the distribution package then.
Solution 2:
First, you have to locate the 10-ssl.conf file (usually in /etc/dovecot/conf.d/).
Edit and go to line that contains ssl_protocols (mine is line 52). In that line you can also deny protocols. You can try
ssl_protocols = TLSv1.2 !TLSv1.3
Solution 3:
I have not tried or reproduced but you could try to set the ssl_min_protol to TLSv1.2 and define ssl_cipher_list to not include any specific TLS1.3 ciphers.