Bug 1189208 (NOSTARTTLS)

Summary: VUL-0: NOSTARTTLS: A security analysis of STARTTLS in the EMail context
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: gabriele.sonnu, gianluca.gabrielli, mark.harvey
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 1174580, 1189314, 1189316, 1189820, 1190174, 1172935, 1173197, 1173910, 1174457, 1174579, 1174711, 1174712, 1181414, 1187419, 1188275, 1189634, 1190069    
Bug Blocks:    

Description Marcus Meissner 2021-08-09 11:13:07 UTC


Connections between email clients and servers provide two ways to be protected with TLS: While implicit TLS encrypts the whole connection and runs on a separate port, STARTTLS provides a mechanism to upgrade existing unencrypted connections.

Sometimes STARTTLS is seen as an opportunistic encryption mode that provides TLS protection only when available. This is trivially vulnerable to downgrade attacks. However, modern email clients usually have the expectation that STARTTLS is enforced, and when enabled, no unencrypted communication is possible.

Upgrading of connections via STARTTLS is fragile and vulnerable to a number of security vulnerabilities and attacks. We found more than 40 vulnerabilities in STARTTLS implementations. We conclude that these vulnerabilities are so common that we recommend to avoid using STARTTLS when possible.

Comment 1 Marcus Meissner 2021-08-09 12:13:30 UTC
i linked all CVEs referenced in the paper to this bug, perhaps incomplete