Skip to content

Commit

Permalink
Polish comment + grade cap reason for STARTTLS
Browse files Browse the repository at this point in the history
  • Loading branch information
drwetter committed Oct 14, 2024
1 parent 7c0ccb3 commit fa5664f
Showing 1 changed file with 12 additions and 14 deletions.
26 changes: 12 additions & 14 deletions testssl.sh
Original file line number Diff line number Diff line change
Expand Up @@ -22933,20 +22933,18 @@ run_rating() {
pr_headlineln " Rating (experimental) "
outln


if [[ -n "$STARTTLS_PROTOCOL" ]]; then
read -r -d '' grade_cap_reason <<'EOF'
TL;DR: E-mail transfer via port 25 is broken and the amendments suggested so far are duct tape. So please do not expect testssl.sh to shut up.

Explanation: For other than SMTP you should use TLS as per RFC 8314. For SMTP however there's this thing named reality: A mail server cannot
just switch to the mail submission port 587 only and continue to receive mail from everyone. Even if you advertise this via SRV record (RFC 6186).
For STARTTLS there's no way to tell for testssl.sh whether it is secure. A MitM can always intercept the connection, unless the client checks
the certificate accordingly (it's getting better but some just don't). TLSA Records/DANE and MTA-STS (RFC-8461) on the server side can help too.
But as said, it's useless unless the client MTA checks all that which no tool can check.
EOF
# We can't use newlines in the message, as the grade-sorting function will mess up the reason
set_grade_cap "T" "$(tr '\n' ' ' <<<$grade_cap_reason)"
fi
[[ -n "$STARTTLS_PROTOCOL" ]] && set_grade_cap "T" "STARTTLS is prone to MITM downgrade attacks. A secure TLS upgrade can only be ensured client-side. You should use TLS only (=implicit TLS) rather than STARTTLS as per RFC 8314, for other than SMTP and SIEVE"

# TL;DR: STARTTLS connections are inherently insecure. A MITM can always intercept the connection, unless the client checks e.g. the
# certificate accordingly. A secure STARTTLS client is the key but we can't test for it. For other than SMTP and SIEVE (there's no implicit TLS port)
# you should use implicit TLS as per RFC 8314. Especially e-mail transfer via port 25 is broken and amendments so far are duct tape.

# Explanation: There are active MitM attacks possible when using STARTTLS like https://github.com/tintinweb/striptls or
# https://github.com/libcrack/starttlsstrip. It depends on the client only whether it can detect such downgrade attack.
# As some SMTP servers are still misconfigured with wrong certificates it's is still common practice for SMTP client MTAs to
# accept those wrong certificates -- delivering e-mails is more important. There is an e-mail submission port 587 but a mail server
# cannot just switch to it and continue to receive mail from everyone. Even if you advertise this via SRV record (RFC 6186).
# TLSA Records/DANE and MTA-STS (RFC-8461) on the server side can help too,

pr_bold " Rating specs"; out " (not complete) "; outln "SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)"
pr_bold " Specification documentation "; pr_url "https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide"
Expand Down

0 comments on commit fa5664f

Please sign in to comment.