cPanel Dovecot 2.4 upgrade breaking Windows 7 clients
cPanel recently rolled out an upgrade from Dovecot 2.3 to 2.4 which has accidentally broken old IMAP and POP3 clients, such as those running on Windows 7 as it removes some key configuration needed to support certain SSL/TLS ciphers.
For example, a Microsoft Outlook client running on Windows 7 would report:
Receiving reported error (0x800CCC1A) Your server does not support the connection encryption type you have specified. Try changing the encryption method. Contact your mai server administrator or Internet service provider (ISP) for additional assistance.”
Despite the minor version number increment, Dovecot 2.4 is a major update which has significant breaking changes to the structure of the configuration files and thus the old configuration files need to be carefully converted in order to work with Dovecot 2.4.
Dovecot 2.4 should really have been called Dovecot 3.0. I have no idea why Open-Xchange considered a minor version number bump to be appropriate for this release.
The default TLS ciphers enabled for Dovecot (both 2.3 and 2.4) on cPanel are:
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-ECDSA-CHACHA20-POLY1305
- ECDHE-RSA-CHACHA20-POLY1305
- DHE-RSA-AES128-GCM-SHA256
- DHE-RSA-AES256-GCM-SHA384
This is almost identical to the very useful Mozilla “Intermediate” list, except that the DHE-RSA-CHACHA20-POLY1305 cipher is missing.
Windows 7 has very poor support for modern cryptography since it went end-of-life in January 2020 and so hasn’t received any updates for 6 years now.
The supported cipher suites advertised in the SSL/TLS handshake by a Windows 7 client device are:
| IANA name | OpenSSL name |
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | ECDHE-RSA-AES256-SHA384 |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | ECDHE-RSA-AES128-SHA256 |
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | ECDHE-RSA-AES256-SHA |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | ECDHE-RSA-AES128-SHA |
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | DHE-RSA-AES256-GCM-SHA384 |
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | DHE-RSA-AES128-GCM-SHA256 |
| TLS_RSA_WITH_AES_256_GCM_SHA384 | AES256-GCM-SHA384 |
| TLS_RSA_WITH_AES_128_GCM_SHA256 | AES128-GCM-SHA256 |
| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | ECDHE-ECDSA-AES256-GCM-SHA384 |
| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | ECDHE-ECDSA-AES128-GCM-SHA256 |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | ECDHE-ECDSA-AES256-SHA384 |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | ECDHE-ECDSA-AES128-SHA256 |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | ECDHE-ECDSA-AES256-SHA |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | ECDHE-ECDSA-AES128-SHA |
| TLS_RSA_WITH_AES_256_CBC_SHA256 | AES256-SHA256 |
| TLS_RSA_WITH_AES_128_CBC_SHA256 | AES128-SHA256 |
| TLS_RSA_WITH_AES_256_CBC_SHA | AES256-SHA |
| TLS_RSA_WITH_AES_128_CBC_SHA | AES128-SHA |
| TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 | DHE-DSS-AES256-SHA256 |
| TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 | DHE-DSS-AES128-SHA256 |
| TLS_DHE_DSS_WITH_AES_256_CBC_SHA | DHE-DSS-AES256-SHA |
| TLS_DHE_DSS_WITH_AES_128_CBC_SHA | DHE-DSS-AES128-SHA |
| TLS_RSA_WITH_3DES_EDE_CBC_SHA | DES-CBC3-SHA |
| TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA | EDH-DSS-DES-CBC3-SHA |
| TLS_RSA_WITH_RC4_128_SHA | RC4-SHA |
| TLS_RSA_WITH_RC4_128_MD5 | RC4-MD5 |
Most of these are now considered insecure and thus are not enabled on the server side.
The overlap between the TLS ciphers supported by the client and the TLS ciphers which are allowed on the server side is just four ciphers:
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- DHE-RSA-AES256-GCM-SHA384
- DHE-RSA-AES128-GCM-SHA256
Unfortunately, the two ECDHE-ECDSA-* ones will only work if you are using ECDSA SSL certificates. If you are using RSA certificates then you can only use the DHE-RSA-* ones.
Still, we have TLS ciphers which are supported by both the client and the server so this should be working… why isn’t it?
Previously under Dovecot 2.3, cPanel had the following configuration in /etc/dovecot/dovecot.conf for the Diffie-Hellman parameters file necessary for the DHE-RSA-* ciphers to function:
# SSL DH parameters
# Generate new params with `openssl dhparam -out /etc/dovecot/dh.pem 4096`
# Or migrate from old ssl-parameters.dat file with the command dovecot
# gives on startup when ssl_dh is unset.
ssl_dh = </etc/dovecot/dh.pemIn Dovecot 2.4 this configuration directive changed to “ssl_server_dh_file” (see https://doc.dovecot.org/2.4.2/installation/upgrade/2.3-to-2.4.html#converted-settings) and it isn’t present anywhere in /etc/dovecot/ post-upgrade on cPanel servers.
As a random, aside; the old configuration “ssl_dh” option value was for the contents of the certificate, which could be read from a file with the redirect. The new “ssl_server_dh_file” option takes file path as the value, which Dovecot then reads itself. As such, when moving from 2.3 to 2.4 it’s important to ensure that you don’t copy over the less than symbol that precedes the path, otherwise Dovecot will try to read the contents of that file and treat those as the path that it should use.
In order to add the configuration for the Diffie-Hellman parameters file to the Dovecot 2.4 configuration yourself, you will need to make use of the cPanel configuration file templating system, otherwise any manual changes to the configuration files in /etc/dovecot/ will get overwritten the next time cPanel regenerates them.
First check if the /var/cpanel/templates/dovecot/main.local file already exists (for example if you already have custom Dovecot configuration or if you are using Imunify360). If not, then copy the file /var/cpanel/templates/dovecot/main.default to /var/cpanel/templates/dovecot/main.local and edit it in your favour editor to add the following configuration to the bottom of the file:
# Required for DHE-RSA-AES128-GCM-SHA256 and DHE-RSA-AES256-GCM-SHA384 ciphers needed for Windows 7 clients to work
ssl_server_dh_file = /etc/dovecot/dh.pemOnce you have modified the /var/cpanel/templates/dovecot/main.local file, you can run “/scripts/builddovecotconf” to regenerate the configuration files from your new template, followed by “/scripts/restartsrv_dovecot” to restart the Dovecot service.
IMAP and POP3 clients running on old devices such as Windows 7 should once again be able to connect as the DHE-RSA-* TLS ciphers that they rely on are functioning again.
