Bug 342567 - TLSv1.2 is not used on imap/smtp/managesieve
Summary: TLSv1.2 is not used on imap/smtp/managesieve
Status: RESOLVED FIXED
Alias: None
Product: kmail2
Classification: Applications
Component: crypto (show other bugs)
Version: 4.14.1
Platform: Ubuntu Linux
: NOR normal
Target Milestone: ---
Assignee: kdepim bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-01-06 21:24 UTC by Teemu Torma
Modified: 2018-05-27 21:18 UTC (History)
9 users (show)

See Also:
Latest Commit:
Version Fixed In: 16.12
Sentry Crash Report:


Attachments
Patch to allow imap/smtp/managesieve to use TLSv1.2 (2.21 KB, patch)
2015-01-06 21:27 UTC, Teemu Torma
Details
Patch to allow imap/smtp/managesieve to use TLSv1.2 in KF5 (1.59 KB, patch)
2016-06-16 20:39 UTC, Teemu Torma
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Teemu Torma 2015-01-06 21:24:04 UTC
While trying to enforce TLSv1.2 everywhere, I noticed that kmail does not support it.  By digging into code, I noticed that TLSv1.0 is forced everywhere except imap/ssl (which allows any protocol version).




Reproducible: Always

Steps to Reproduce:
1. Try to use imap/starttls, smtp/starttls or smtp/ssl on a server that does not support TLSv1.0, only later protocols.


Actual Results:  
It doesn't work.

Expected Results:  
It should work.
Comment 1 Teemu Torma 2015-01-06 21:27:06 UTC
Created attachment 90267 [details]
Patch to allow imap/smtp/managesieve to use TLSv1.2

With the following patch I managed to get TLSv1.2 working with imap/ssl, imap/starttls, smtp/ssl, smtp/starttls and managesieve connections.

The patch basically replaces the forced TLSv1.0 with QSsl::SecureProtocols.  Since TLSv1.0 is also part of QSsl::SecureProtocols (at least for now), it should not cause any regression.
Comment 2 Laurent Montel 2015-01-07 06:22:52 UTC
Why it's necessary to patch  "kio/kio/tcpslavebase.cpp" ?
Comment 3 Teemu Torma 2015-01-07 09:19:17 UTC
"kio/kio/tcpslavebase.cpp" change was needed to get smtp/starttls working.

I had to hunt that down once I noticed that patches to kdepimlibs were not enough.
Comment 4 Laurent Montel 2015-01-07 12:24:19 UTC
I can't change, and don't know kio code.
I add cc "Dawit Alemayehu <adawit@kde.org>" which knows better it.
Comment 5 Laurent Montel 2015-01-07 12:25:49 UTC
Hi Dawit could you evaluate patch (kio part please) ?

Thanks
Comment 6 Teemu Torma 2015-01-07 12:38:22 UTC
I don't know any of this code either.  I just made a minimal patch to make it work, I don't know if it should be done like that.
Comment 7 Dawit Alemayehu 2015-01-07 13:04:25 UTC
I dunno this particular code base but what that patch does is bascially change the protocol to be used during SSL handshake from only TLSv1 to SSLv3/TLSv1. I am not entirely certain that QSslSocket in Qt 4.x would make a TLSv1.2 connection if you set QSsl::SecureProtocols as the protocol to be used during handshake. However, it will most definitely attempt use SSLv3 if that is the only thing available. I dunno if that is desired when making imap/smpt connections.
Comment 8 Teemu Torma 2015-01-07 13:43:36 UTC
I verified with server log files every combination that TLSv1.2 is used with QSsl::SecureProtocols.

It is a bit unfortunate that Qt4 QSsl::TlsV1 implies that it is the latest protocol, and from the code it seems that the idea is to use latest protocols.  That was true ten years ago, but nowadays it has opposite effect to pinning the protocol to least acceptable one which has already shown weaknesses. 

I agree that SSLv3 is not ideal, but does disabling that really belong to KDE?   I would think that it should be done on lower levels or server side.    

Since imap/ssl talks already TLSv1.2 because it speaks any protocol, we could change just smtp/ssl to get TLSv1.2 functionality, and leave starttls variants to as they are.
Comment 9 Teemu Torma 2015-01-09 11:55:31 UTC
I did have more thorough look into various versions of Qt and how things are implemented there.  

By the time of Qt 4.7 (2010), QSsl had three protocol options, SslV2, SslV3 and TlsV1, and auto negotiate AnyProtocol.  At the time openssl did not support TLSv1.1 or TLSv1.2, so the situation was relatively clear.  The auto negotiation is done by openssl.

By the time of Qt 4.8 (2011), openssl had added support for newer TLS protocols, so QSsl was expanded with two new auto negotiate options, TlsV1SslV3 and SecureProtocols.  They both behaved the some, negotiate the highest protocol excluding SslV2.  Thus, TLSv1.1 and TLSv1.2 started working with these options, as well as with AnyProtocol. 

Qt5 then added explicit versions TlsV1_0, TlsV1_1 and TlsV1_2 and made TlsV1 alias for TlsV1_0.   Then came POODLE attack and Qt 5.4 dropped SslV3 from SecureProtocols.

Now, looking KDE, it seems that it uses Qt 4.7 way of doing things and thus uses TlsV1 in many places.  More appropriate thing would be to use SecureProtocols and leave disabling SSLv3 to the Qt side, like in Qt 5.4.  That way, when for example TLSv1.3 lands, just by upgrading openssl would make it work.

KTcpSocket has at some point added new enumerations TlsV1SslV3 and SecureProtocols, but it is a bit unclear to me what it is trying to do, since in QSsl these are enumerated values and KTcpSocket redefines them somehow as bitmasks.  But these auto negotiate values and explicit protocol values are not really same thing on Qt level.
Comment 10 Teemu Torma 2015-01-09 12:23:11 UTC
I might add that disabling SSLv3 from auto negotiation has really nothing to do with it being the only protocol available.  The problem is that man-in-the-middle can cause the auto negotiation to fail.  Even if both server and client support TLSv1.2, man-in-the-middle can signal client that protocol is not supported, thus client tries lower protocol versions until the connection with SSLv3 succeeds and is vulnerable to POODLE attack.
Comment 11 Eric Christensen 2015-09-03 14:24:31 UTC
Any update on this?  I found this issue last night on Debian.  I, too, am trying to make my communications more secure.  TLSv1.0 is already starting to show its age and I'm sure there will be more to come.
Comment 12 Allen Winter 2015-09-05 20:20:02 UTC
Dawit, Teemu,

Any advice on what to do with the patch attached to this bug?
I'd like to clear this one up.  Unfortuntately us remaining kdepim devs really aren't sure how to handle it.
Comment 13 Teemu Torma 2015-09-05 21:43:28 UTC
I am currently using Ubuntu Vivid with kubuntu-backports as it is and that works for me, and has been since Vivid was released in April.

It has been a while, but for what I remember, I saw Laurent implement some things in my patch at some point, but not all,  However, everything works for me right now without any patching of my own.

What comes to this bug, I do consider it as done.  My patch in itself, I do consider it applies to the version I reported, since I had to use it to get things working.
Comment 14 Allen Winter 2015-09-05 23:39:51 UTC
thanks for your fast response.
resolving then
Comment 15 Eric Christensen 2015-09-08 18:44:46 UTC
In what version of Kmail is this fixed?
Comment 16 Andrius Štikonas 2016-06-16 18:25:45 UTC
Still not working for me with 16.04.2 (KF5 5.21)
Comment 17 Teemu Torma 2016-06-16 20:39:59 UTC
Created attachment 99540 [details]
Patch to allow imap/smtp/managesieve to use TLSv1.2 in KF5

For KF5, as packaged in kubuntu ppa backports, this allows TLSv1.2 (and later) for mail handling.   The patch contains patches for four packages and may need to be split accordingly.

 The following changes in packages were needed for KF5:

kdepim: to fix managesieve
kimap: to fix imap

kio: to fix smtp
kmailtransport: to fix smtp
Comment 18 Magnus Kessler 2016-08-22 09:31:07 UTC
Still an issue with 16.08 (KF5 5.25)
Comment 19 Andrius Štikonas 2016-09-26 17:20:52 UTC
Ok, I've submitted 3 review requests to git.reviewboard.kde.org kmailtransport fix seems to be already in.

kio: https://git.reviewboard.kde.org/r/129031/
kimap: https://git.reviewboard.kde.org/r/129030/
libksieve: https://git.reviewboard.kde.org/r/129029/
Comment 20 Andrius Štikonas 2016-09-28 17:56:50 UTC
kio patch is now merged too, commit 8196a735bebc6fd5eaf9d293bd565c00ef98516b

So SMTP should be working now.
Comment 21 Andrius Štikonas 2016-09-29 12:03:39 UTC
All patches are not merged. Will be fixed in 16.12 with Frameworks 5.27.
Comment 22 zless 2017-12-31 17:38:34 UTC
With kde-frameworks 5.41 and kde-applications 17.12 KMail still uses only TLSv1.

Maybe this bug should be reopened?
Comment 23 Andrius Štikonas 2018-01-01 00:34:21 UTC
Strange, I just checked, on my system (frameworks 5.40 and kde apps 17.12) I still get TLSv1.2
Comment 24 zless 2018-01-01 15:01:15 UTC
Strange, this might indicate some configuration error on my side.

However, I tested the same postfix server with 3 email clients: KMail, Sylpheed and K9-Mail on Android.

KMail is the only one that has these postfix logs:

    postfix/submission/smtpd[18455]: Anonymous TLS connection [...]: TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)

The other clients show this:

    postfix/submission/smtpd[18455]: Anonymous TLS connection [...]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)

This is for SMTP with STARTTLS. The IMAP connections are using TLSv1.2 as expected.
Comment 25 zless 2018-01-12 10:06:52 UTC
Some additional info:

The problem computer (KMail only uses TLSv1 for SMTP) has ksmtp-17.12.1 which seems introduced in 17.12.

Another computer, with 17.08, has no ksmtp package and KMail successfully uses TLSv1.2 for SMTP.
Comment 26 Jörg Thalheim 2018-05-27 19:27:21 UTC
I assume Andrius Štikonas was using TLS 1.2 without STARTTLS, which should work however for STARTTLS an incorrect patch was applied which hard codes TLSv1 for STARTTLS.

I have written a longer explanation here: https://github.com/KDE/ksmtp/commit/e83911f9d1963b5e7181932960f999f331b4a5f9#r29145231

Please consider to reopen this ticket
Comment 27 Jörg Thalheim 2018-05-27 19:29:44 UTC
Both kimap and ksmtp suffer from the same issue. I can not connect to dovecot/postfix when I enforce protocols greater then TLSv1, because this would in turn disable STARTTLS on the connection.
Comment 28 Jörg Thalheim 2018-05-27 19:36:27 UTC
This line should not be hard coded to TLSv1 in kimap:
https://github.com/KDE/kimap/blob/35464c7fd3858d70c8ac0558ecece216e3a95398/src/loginjob.cpp#L254
Comment 29 Jörg Thalheim 2018-05-27 20:29:30 UTC
As a workaround I enabled smpts/imaps port (TLS without STARTTLS) to have TLSv1.2
Comment 30 Rex Dieter 2018-05-27 21:08:43 UTC
Better file a new bug than comment on closed/fixed ones, imho
Comment 31 Jörg Thalheim 2018-05-27 21:18:01 UTC
new bug report: https://bugs.kde.org/show_bug.cgi?id=394769