Skip to content

Security fixes in SMTP_SSL and SMTP_TLS strategies#104

Merged
bbottema merged 1 commit intobbottema:masterfrom
cbarcenas:fix_tls
Nov 5, 2017
Merged

Security fixes in SMTP_SSL and SMTP_TLS strategies#104
bbottema merged 1 commit intobbottema:masterfrom
cbarcenas:fix_tls

Conversation

@cbarcenas
Copy link
Copy Markdown
Contributor

@cbarcenas cbarcenas commented Oct 19, 2017

  • The SMTP_SSL and SMTP_TLS transport strategies now validate certificates
    by setting JavaMail's mail.<protocol>.ssl.checkserveridentity property
    to true.

    Previously, no identity validation was performed, leaving SMTPS and
    STARTTLS connections vulnerable to man-in-the-middle attacks. Without
    identity validation, JavaMail accepts any certificate issued by a
    JVM-trusted CA, regardless of the identity encoded in the certificate.

  • The SMTP_TLS transport strategy now requires STARTTLS support by setting
    JavaMail's mail.smtp.starttls.required property to true.

    Previously, STARTTLS support was not required, enabling a man-in-the-middle
    attack whereby an attacker could strip the STARTTLS request from an SMTP
    connection, causing JavaMail to fall back to plaintext SMTP for
    authentication and email transport.

@cbarcenas
Copy link
Copy Markdown
Contributor Author

cbarcenas commented Oct 19, 2017
edited
Loading

It's worth noting that while having a certificate identity validation mechanism is required the STARTTLS/SMTPS RFCs, it's only "strongly recommended" by Oracle, who left it off "for compatibility with earlier releases of JavaMail". 🤦‍♂️ This is very dangerous default behavior - and it's no surprise that developers might miss this while building software on top of JavaMail.

RFC 2595 specifies addition checks that must be performed on the
server's certificate to ensure that the server you connected to is
the server you intended to connect to. This reduces the risk of
"man in the middle" attacks. For compatibility with earlier releases
of JavaMail, these additional checks are disabled by default. We
strongly recommend that you enable these checks when using SSL. To
enable these checks, set the "mail.<protocol>.ssl.checkserveridentity"
property to "true".

- "Server Identity Check", SSLNOTES.txt

@cbarcenas cbarcenas mentioned this pull request Oct 19, 2017
Closed
@cbarcenas
Misc. TLS security fixes and improvements
633aa4d 
  - The SMTP_PLAIN transport strategy now attempts an (insecure) STARTTLS
    upgrade where possible, but will always permit plaintext fallback to
    preserve backwards-compatibility with unencrypted SMTP.

    The opportunistic STARTTLS handshake in SMTP_PLAIN does not validate
    the server certificate's issuer or identity; therefore, it does not
    protect against active network attackers.

    The STARTTLS handshake, in this transport strategy, is merely a best-effort
    encryption mechanism to defend against passive network eavesdroppers.

  - The SMTP_SSL and SMTP_TLS transport strategies now validate certificates
    by setting JavaMail's `mail.<protocol>.ssl.checkserveridentity` property
    to true.

    Previously, no identity validation was performed, leaving SMTPS and
    STARTTLS connections vulnerable to man-in-the-middle attacks. Without
    identity validation, JavaMail accepts _any_ certificate issued by a
    JVM-trusted CA, regardless of the identity encoded in the certificate.

  - The SMTP_TLS transport strategy now requires STARTTLS support by setting
    JavaMail's `mail.smtp.starttls.required` property to true.

    Previously, STARTTLS support was not required, enabling a man-in-the-middle
    attack whereby an attacker could strip the STARTTLS request from an SMTP
    connection, causing JavaMail to fall back to plaintext SMTP for
    authentication and email transport.
@bbottema bbottema merged commit 633aa4d into bbottema:master Nov 5, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cbarcenas @bbottema