IMAP SSL connection failed on Android mailclients

[H.Csaba]

What do you think of the solution below which has solved me?

Change Dovecot setting:

SSL Protocols = !SSLv3 
SSL Cipher List = ALL:!ADH:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:+HIGH:+MEDIUM

I've been looking for a solution to this problem for half a year and it works ...

 

[sparek-3]

What version of Android are you using?

What specific email client are you using?

I'm betting that version of Android or that email client does not support TLSv1.2.

 

[H.Csaba]

Android 7.0
Galaxy s6
Email client? ALL...
(default Samsung E-mail app v 4.2.77.0 .. K9 mail latest ver. , Email Pro ) but trayed in Outlook android and many
whitout this setting:

SSL Protocols = !SSLv3
SSL Cipher List = ALL:!ADH:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:+HIGH:+MEDIUM

not working IMAP SSL 993 port..

but I'm essentially wondering what the opinion about the above mentioned setting is ?!
because you are only willing to work with this setting normally with IMAP SSL

(and cpanel v74.0.4 / centos 7.5)

 

[dynaweb]

Have you tried the default Protocols and Cipher lists from cPanel in Exim Manager?

 

[H.Csaba]

yes and not work .. message: (Unable connect server)

 

[dynaweb]

That's interesting. K9 Mail supports a wide variety of cyphers, so I would not expect that changing away from the defaults would be necessary.
I suggesting sticking with default cyphers, or something very close.

Are you able to connect to the IMAP using the same credentials on a different mail client?

 

[sparek-3]

It would seem that K9 Mail needs the cipher:

DHE-RSA-AES128-GCM-SHA256

At least, that's what it's using on the server that I am checking with.

According to PCI compliance, you should only be using TLSv1.2

So the recommended protocol list should be set to:

TLSv1.2 !TLSv1.1 !TLSv1 !SSLv3 !SSLv2

However, the cipher list would need to include DHE-RSA-AES128-GCM-SHA256 in order to handle connections between K9 Mail.

All of this underscores that there is a huge (HUGE!) disconnect between TLS version support/cipher support between recommended server configuration and what real world applications are using.

 

[H.Csaba]

Are you able to connect to the IMAP using the same credentials on a different mail client?

yes PC Thunderbrid but Andoroid ALL app not work!

 

[H.Csaba]

However, the cipher list would need to include DHE-RSA-AES128-GCM-SHA256 in order to handle connections between K9 Mail.

would you suggest that the after default give me this?
default is:

ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

+ add this?:

:DHE-RSA-AES128-GCM-SHA256

 

[sparek-3]

This is why we can't have nice things.

Generate Mozilla Security Recommended Web Server Configuration Files

can be used to generate a cipher list. A modern cipher list does not include DHE-RSA-AES128-GCM-SHA256

But hey! Security, Shemurity!

I just want to use the client software that I want to use and I don't want my private information to leak out. This whole "vulnerabilities in security software" is fake news. When my information leaks out, I'll just blame it on something else.

 

[H.Csaba]

This is why we can't have nice things.

Generate Mozilla Security Recommended Web Server Configuration Files

can be used to generate a cipher list. A modern cipher list does not include DHE-RSA-AES128-GCM-SHA256

But hey! Security, Shemurity!

I just want to use the client software that I want to use and I don't want my private information to leak out. This whole "vulnerabilities in security software" is fake news. When my information leaks out, I'll just blame it on something else.

sparek-3
I do not quite understand what you're saying

 

[sparek-3]

It was a rant.

Basically, security experts around the Internet have said "Only use TLSv1.2 and only use these specific ciphers."

But everyone else has decided to ignore those experts and just develop (or not update) their software or operating systems using TLS versions and ciphers that are commonly used.

Then you hear about all of these security breaches affecting websites, banks, political entities. And we wonder why this keeps happening.

Bottom line: You can't continue to use insecure things and expect it to be secure. But such is the fallacy that we are living in.

 

[cPanelLauren]

I find this odd only in that I have an older android running 6 and I don't have any issues connecting securely with POP/IMAP using the standard ciphers.

If you'd like for us to take a closer look at your configuration please open a ticket using the link in my signature. Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!

 

[sparek-3]

I would encourage you to add the TLS information to your dovecot logs:

/etc/dovecot/dovecot.conf

Add

tls=%k

To the end of the

login_log_format_elements

line

This will help you to see exactly what TLS cipher is being used in your (successful) connection.

 

[cPanelLauren]

@sparek-3

I can do that just not today (switched away from android this week), though the reason I didn't test previously, is because based on the previous responses I *should* be experiencing issues if Android is requiring older/less secure ciphers. I can tell you my Cipher List for dovecot is as follows:

AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

I tested with someone else's phone and found that they were having issues connecting but no TLS or connection error was provided over ports 993 and 995 just timeouts (with or without the cipher mentioned) which makes me think there is something else going on as they were able to connect over 143 or 110 which is specifically why I believe that the OP should open a ticket so that we can further investigate the configuration.

Thanks!

 

[sparek-3]

I would encourage you to add the tls line to your dovecot logs

/etc/dovecot/dovecot.conf

Add

tls=%k

To the end of the

login_log_format_elements

line

Then add

DHE-RSA-AES128-GCM-SHA256

to your dovecot cipher list.

Then try checking the email account on this server with an Android device while tailing the maillog.

If it works, it will show you the cipher that is being used for that connection, and I suspect that it will show DHE-RSA-AES128-GCM-SHA256. Thus, that is why DHE-RSA-AES128-GCM-SHA256 has to be included in the dovecot cipher list for Android phones to work.

I do agree that this is a poor design. Why is Android or K9 Mail depending on this weak cipher? But again, that goes back to my rant about why we can't have nice things.

 

[H.Csaba]

I would encourage you to add the tls line to your dovecot logs

/etc/dovecot/dovecot.conf

Add

tls=%k

To the end of the

login_log_format_elements

line

Then add

DHE-RSA-AES128-GCM-SHA256

to your dovecot cipher list.

Then try checking the email account on this server with an Android device while tailing the maillog.

If it works, it will show you the cipher that is being used for that connection, and I suspect that it will show DHE-RSA-AES128-GCM-SHA256. Thus, that is why DHE-RSA-AES128-GCM-SHA256 has to be included in the dovecot cipher list for Android phones to work.

I do agree that this is a poor design. Why is Android or K9 Mail depending on this weak cipher? But again, that goes back to my rant about why we can't have nice things.

I trayed edit conf file but this line commented...:

# Space-separated list of elements we want to log. The elements which have
# a non-empty variable value are joined together to form a comma-separated
# string.
#login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c

# Login log format. %$ contains login_log_format_elements string, %s contains
# the data we want to log.
#login_log_format = %$: %s

But added this DHE-RSA-AES128-GCM-SHA256
to SSL Cipher List after cpanel default set and work!
Thx!

 

[sparek-3]

You would have to remove the comment line.

You actually probably don't want to edit the /etc/dovecot/dovecot.conf directly, because the changes you make there will go away when cPanel is updated (or whatever process that decides to recreate the dovecot.conf file runs). You would actually want to make the changes in /var/cpanel/conf/dovecot/main if you want it remain persistent.

The post I made was mainly directed towards @cPanelLauren who I assume has a bit more understanding of how these configuration changes work. Modifying the /etc/dovecot/dovecot.conf file directly can be an easy way to test something, and that's basically what I was after in my intention with that post.

Back to the original point of this post, I don't think K9 Mail on Android will work with Dovecot, unless the DHE-RSA-AES128-GCM-SHA256 cipher is enabled. I may be wrong. And this may be a specific K9 Mail issue. It may be that I'm using an older version of K9 Mail (I know they used to release updates more regularly from their website than from the Play Store). This may be an Android issue. I really don't know. I do agree with cPanel that this cipher shouldn't be used... BUT that's the problem here. The correct way of doing something (i.e. not using this cipher) is not what the vast majority of applications are doing (i.e. K9 Mail, Android, etc) so clients and end-users are stuck using an insecure cipher to continue to use their application. And then there's no incentive for applications (like K9 Mail or Android) to ever change their tune and support modern, secure ciphers. And then people, email, and websites get hacked, and we all wonder why.

 

[cPanelLauren]

The post I made was mainly directed towards @cPanelLauren who I assume has a bit more understanding of how these configuration changes work. Modifying the /etc/dovecot/dovecot.conf file directly can be an easy way to test something, and that's basically what I was after in my intention with that post.

As these changes get overwritten each time dovecot restarts it wouldn't be a feasible way to modify the conf permanently. Ultimately I did a test on another android with the changes in place as suggested but I wasn't even able to make a connection (i.e. I got nothing besides timeouts over 995 or 993) whereas non-secure attempts were successful - my old android device (that I switched away from recently) did connect but I no longer have it available to test with, it's since met with an unfortunate fate.

The correct way of doing something (i.e. not using this cipher) is not what the vast majority of applications are doing (i.e. K9 Mail, Android, etc) so clients and end-users are stuck using an insecure cipher to continue to use their application. And then there's no incentive for applications (like K9 Mail or Android) to ever change their tune and support modern, secure ciphers. And then people, email, and websites get hacked, and we all wonder why.

I fully agree with this statement. There's no reason to be using less modern potentially insecure cipher. Further to that I do not believe that we will change our cipher lists to be less secure by default to include this one so it may be a moot point unfortunately.