Forcing Dovecot 2.3.4.1 to use TLSv1.2

Solution 1:

Not a complete answer, but maybe part of a solution:

1. I tried the solution suggested by @joffrey, but could not get it to work. Enabling or disabling TLSv1.3 ciphersuites in ssl_cipher_list seems to be completely ignored by Dovecot 2.3.4.1. The ssl_prefer_server_ciphers does not have any effect on TLSv1.3 either. No matter what Dovecot settings I tried, I was unable to prevent a client from negotiating TLSv1.3 and choosing any TLSv1.3 ciphersuite it wanted.

This is probably related to the introduction in OpenSSL 1.1.1 of a new method for selecting TLSv1.3 ciphersuites, in addition to the already existing method for selecting ciphers for TLSv1.2 and below. The OpenSSL developers were aware of the inconvenience this would cause, but said it was unavoidable, see https://github.com/openssl/openssl/pull/5392. Dovecot commit 8f6f04eb seems to lay the groundwork for a new Dovecot option probably to be named ssl_ciphersuites as a front-end to the new OpenSSL method for TLSv1.3, also in addition to the existing ssl_cipher_list for TLSv1.2 and below. This commit was first included in Dovecot 2.3.9, but that version has not been packaged for Debian yet. Also, I do not see the option mentioned in the Dovecot NEWS or online documentation, so maybe they are not finished yet.

2. Alternatively, I found that adding MaxProtocol = TLSv1.2 to /etc/ssl/openssl.cnf works (warning: this will change the behaviour of many other programs using OpenSSL as well!):

[system_default_sect]
MinProtocol = TLSv1.2
MaxProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=2

This immediately prevents Dovecot 2.3.4.1 from negotiating TLSv1.3. No need to even restart it. But, as warned above, this solution also affects other applications, not just Dovecot, so is of limited use.

In an attempt to target the settings to Dovecot exclusively, I tried setting an environment variable to point to a specific config file:

# OPENSSL_CONF=/etc/ssl/openssl-max-tlsv12.cnf dovecot -F

But that did not have any effect on Dovecot. I checked that the variable was visible in the environment and that it worked for other OpenSSL applications. However, I suspect that the OpenSSL library itself does not look at environment variables and that it is considered the responsibility of the calling program (Dovecot) to somehow pass the content of the variable to the library. I doubt that Dovecot does this, because I do not see any use of the OpenSSL CONF library in the Dovecot source code. I also could not get a dovecot application section in the OpenSSL config file to work, nor did I find any Dovecot options for setting an OpenSSL config file location or the application section name to be used from the OpenSSL config file. Perhaps someone else knows how to target OpenSSL settings to a specific program instead of system-wide?

3. Finally, you could always try to edit source code, of course. For the current Debian dovecot package, you could start by duplicating this line, change SSL_CTX_set_min_proto_version to SSL_CTX_set_max_proto_version and then recompile. I did not really want to go that far myself. You might as well just start using upstream directly instead of the distribution package then.

Solution 2:

First, you have to locate the 10-ssl.conf file (usually in /etc/dovecot/conf.d/).

Edit and go to line that contains ssl_protocols (mine is line 52). In that line you can also deny protocols. You can try

ssl_protocols = TLSv1.2 !TLSv1.3

Solution 3:

I have not tried or reproduced but you could try to set the ssl_min_protol to TLSv1.2 and define ssl_cipher_list to not include any specific TLS1.3 ciphers.