[Fetchmail-devel] SECURITY ANNOUNCE (INTERIM): fetchmail users should configure --ssl wherever available, and also require at least TLS1.2

[Matthias A. <mat...@gm...>]

Greetings,

all released fetchmail versions to date (up to and including 6.4.21) 
were found susceptible to some sorts of attacks against STARTTLS (IMAP) 
or STLS (POP3), which can lead to a session that remains unencrypted 
even though --sslproto tls1.2+ or similar configurations require 
encryption, and worst case exposing the user's login credentials and 
also e-mail when the configuration tells otherwise.

The solution in fetchmail code requires thorough reviews and
changes that will take more time.  Remember that fetchmail is 
a volunteer spare-time project.

The details of the implementation and concept flaws shall be disclosed 
later in the formal fetchmail security announcement 2021-02 (not yet 
published).

MITIGATING THE IMPACT: 

Proper configuration for Implicit TLS can mitigate the impact for many 
users.  I am already announcing such configuration changes below:

------------------------------------------------------------------------
Everyone whose server supports "Implicit TLS", meaning TLS on 
a dedicated imaps port (TCP port 993) or pop3s port (TCP port 995), 
should reconfigure fetchmail to enable this option (ssl or --ssl) 
permanently.
This can be achieved in two ways, either of which alone is sufficient:

- on the command line, add --ssl), which will affect all servers 
  included in the poll (= all poll statements from the rcfile, or all 
  servers mentioned on the same command line).

- in the rcfile, by adding the word "ssl" without quotes after each
  configuration stanza for a user description.

After making the change, test your new configuration before enabling 
unattended operation.


Future directions: 1. The Internet Engineering Task Force (IETF) has 
proposed standards that consider both STARTTLS obsolete (RFC-8314) and 
deprecate TLS 1.1 and earlier (including all SSL versions) (RFC-8997).

2. I may make Implicit TLS the default in future fetchmail releases,
and promise to at least bump the minor version to >= 6.5.0 in that case.
------------------------------------------------------------------------

I will also add an *unrelated* recommendation while we are at it and 
users are suggested to edit their configurations anyways:

I suggest that everyone configures fetchmail to negotiate at least TLS 
v1.2 if supported by the server, or at least TLS v1.2, which can happen 
on the command line through --sslproto TLS1.2+ or in the rcfile by 
adding sslproto TLS1.2+ in each stanza after each user statement.

Where possible, meaning server-side support and support by the local 
OpenSSL library version (for instance, 1.1.1 is good enough), fetchmail 
can also be configured to require TLS v1.3 or newer instead, in that 
case, use --sslproto TLS1.3+ on the command line or sslproto TLS1.3+ in 
the rcfile.


future direction: fetchmail 6.5 and newer (not yet released and several 
weeks to months out) will make TLS 1.2 the minimum required version, and 
will also require an OpenSSL library that supports TLS 1.3.
------------------------------------------------------------------------


Note that the changes proposed above, when successfully deployed, can 
remain in place when fetchmail 6.4.22 will be released, so there is no 
need to wait.