Use best practice cipher suites for 2021 (#1802)

Update cipherlist to sync with OWASP B and Mozilla Intermediate

target/dovecot/10-ssl.conf

@@ -52,7 +52,7 @@ ssl_dh = </etc/dovecot/dh.pem
 ssl_min_protocol = TLSv1.2
 
 # SSL ciphers to use
-ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
 
 # Prefer the server's order of ciphers over client's.
 ssl_prefer_server_ciphers = yes

target/postfix/main.cf

@@ -31,13 +31,13 @@ smtp_tls_loglevel = 1
 # Reduce opportunities for a potential CPU exhaustion attack with `NO_RENEGOTIATION`
 tls_ssl_options = NO_COMPRESSION, NO_RENEGOTIATION
 
-tls_high_cipherlist = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+tls_high_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
 tls_preempt_cipherlist = yes
 smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
 smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
 smtpd_tls_mandatory_ciphers = high
 smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
-smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL
+smtpd_tls_exclude_ciphers = aNULL, SEED, CAMELLIA, RSA+AES
 smtpd_tls_dh1024_param_file = /etc/postfix/dhparams.pem
 smtpd_tls_CApath = /etc/ssl/certs
 smtp_tls_CApath = /etc/ssl/certs

target/scripts/start-mailserver.sh

@@ -1138,32 +1138,41 @@ function _setup_ssl
 {
   _notify 'task' 'Setting up SSL'
 
+  function _apply_tls_level()
+  {
+    local TLS_CIPHERS_ALLOW=$1
+    local TLS_PROTOCOL_IGNORE=$2
+    local TLS_PROTOCOL_MINIMUM=$3
+
+    # Postfix configuration
+    sed -i 's/^smtpd_tls_mandatory_protocols =.*/smtpd_tls_mandatory_protocols = '"${TLS_PROTOCOL_IGNORE}/" /etc/postfix/main.cf
+    sed -i 's/^smtpd_tls_protocols =.*/smtpd_tls_protocols = '"${TLS_PROTOCOL_IGNORE}/" /etc/postfix/main.cf
+    sed -i 's/^smtp_tls_protocols =.*/smtp_tls_protocols = '"${TLS_PROTOCOL_IGNORE}/" /etc/postfix/main.cf
+    sed -i 's/^tls_high_cipherlist =.*/tls_high_cipherlist = '"${TLS_CIPHERS_ALLOW}/" /etc/postfix/main.cf
+
+    # Dovecot configuration (secure by default though)
+    sed -i 's/^ssl_min_protocol =.*/ssl_min_protocol = '"${TLS_PROTOCOL_MINIMUM}/" /etc/dovecot/conf.d/10-ssl.conf
+    sed -i 's/^ssl_cipher_list =.*/ssl_cipher_list = '"${TLS_CIPHERS_ALLOW}/" /etc/dovecot/conf.d/10-ssl.conf
+  }
+
   # TLS strength/level configuration
   case "${TLS_LEVEL}" in
     "modern" )
-      # Postfix configuration
-      sed -i -r 's/^smtpd_tls_mandatory_protocols =.*$/smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1/' /etc/postfix/main.cf
-      sed -i -r 's/^smtpd_tls_protocols =.*$/smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1/' /etc/postfix/main.cf
-      sed -i -r 's/^smtp_tls_protocols =.*$/smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1/' /etc/postfix/main.cf
-      sed -i -r 's/^tls_high_cipherlist =.*$/tls_high_cipherlist = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256/' /etc/postfix/main.cf
+      local TLS_MODERN_SUITE='ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'
+      local TLS_MODERN_IGNORE='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1'
+      local TLS_MODERN_MIN='TLSv1.2'
 
-      # Dovecot configuration (secure by default though)
-      sed -i -r 's/^ssl_min_protocol =.*$/ssl_min_protocol = TLSv1.2/' /etc/dovecot/conf.d/10-ssl.conf
-      sed -i -r 's/^ssl_cipher_list =.*$/ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256/' /etc/dovecot/conf.d/10-ssl.conf
+      _apply_tls_level "${TLS_MODERN_SUITE}" "${TLS_MODERN_IGNORE}" "${TLS_MODERN_MIN}"
 
       _notify 'inf' "TLS configured with 'modern' ciphers"
       ;;
 
     "intermediate" )
-      # Postfix configuration
-      sed -i -r 's/^smtpd_tls_mandatory_protocols =.*$/smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3/' /etc/postfix/main.cf
-      sed -i -r 's/^smtpd_tls_protocols =.*$/smtpd_tls_protocols = !SSLv2,!SSLv3/' /etc/postfix/main.cf
-      sed -i -r 's/^smtp_tls_protocols =.*$/smtp_tls_protocols = !SSLv2,!SSLv3/' /etc/postfix/main.cf
-      sed -i -r 's/^tls_high_cipherlist =.*$/tls_high_cipherlist = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS/' /etc/postfix/main.cf
+      local TLS_INTERMEDIATE_SUITE='ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA'
+      local TLS_INTERMEDIATE_IGNORE='!SSLv2,!SSLv3'
+      local TLS_INTERMEDIATE_MIN='TLSv1'
 
-      # Dovecot configuration
-      sed -i -r 's/^ssl_min_protocol = .*$/ssl_min_protocol = TLSv1/' /etc/dovecot/conf.d/10-ssl.conf
-      sed -i -r 's/^ssl_cipher_list = .*$/ssl_cipher_list = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS/' /etc/dovecot/conf.d/10-ssl.conf
+      _apply_tls_level "${TLS_INTERMEDIATE_SUITE}" "${TLS_INTERMEDIATE_IGNORE}" "${TLS_INTERMEDIATE_MIN}"
 
       _notify 'inf' "TLS configured with 'intermediate' ciphers"
       ;;

test/config/dovecot-lmtp/conf.d/10-ssl.conf

@@ -49,7 +49,7 @@ ssl_key = </etc/dovecot/ssl/dovecot.key
 ssl_protocols = !SSLv3,!TLSv1,!TLSv1.1
 
 # SSL ciphers to use
-ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
 
 # Prefer the server's order of ciphers over client's.
 ssl_prefer_server_ciphers = yes

test/security_tls_cipherlists.bats

@@ -0,0 +1,205 @@
+#!/usr/bin/env bats
+load 'test_helper/common'
+# Globals ${BATS_TMPDIR} and ${NAME}
+# `${NAME}` defaults to `mailserver-testing:ci`
+
+function setup() {
+    run_setup_file_if_necessary
+}
+
+function teardown() {
+    docker rm -f tls_test_cipherlists
+    run_teardown_file_if_necessary
+}
+
+function setup_file() {
+    export DOMAIN="example.test"
+    export NETWORK="test-network"
+
+    # Shared config for TLS testing (read-only)
+    export TLS_CONFIG_VOLUME
+    TLS_CONFIG_VOLUME="$(pwd)/test/test-files/ssl/${DOMAIN}/:/config/ssl/:ro"
+    # `${BATS_TMPDIR}` maps to `/tmp`
+    export TLS_RESULTS_DIR="${BATS_TMPDIR}/results"
+
+    # NOTE: If the network already exists, test will fail to start.
+    docker network create "${NETWORK}"
+
+    # Copies all of `./test/config/` to specific directory for testing
+    # `${PRIVATE_CONFIG}` becomes `$(pwd)/test/duplicate_configs/<bats test filename>`
+    export PRIVATE_CONFIG
+    PRIVATE_CONFIG="$(duplicate_config_for_container .)"
+
+    # Pull `testssl.sh` image in advance to avoid it interfering with the `run` captured output.
+    # Only interferes (potential test failure) with `assert_output` not `assert_success`?
+    docker pull drwetter/testssl.sh:3.1dev
+}
+
+function teardown_file() {
+    docker network rm "${NETWORK}"
+}
+
+@test "first" {
+  skip 'this test must come first to reliably identify when to run setup_file'
+}
+
+@test "checking tls: cipher list - rsa intermediate" {
+    check_ports 'rsa' 'intermediate'
+}
+
+@test "checking tls: cipher list - rsa modern" {
+    check_ports 'rsa' 'modern'
+}
+
+@test "checking tls: cipher list - ecdsa intermediate" {
+    check_ports 'ecdsa' 'intermediate'
+}
+
+@test "checking tls: cipher list - ecdsa modern" {
+    check_ports 'ecdsa' 'modern'
+}
+
+function check_ports() {
+    local KEY_TYPE=$1
+    local TLS_LEVEL=$2
+    local RESULTS_PATH="${KEY_TYPE}/${TLS_LEVEL}"
+
+    collect_cipherlist_data
+
+    # SMTP: Opportunistic STARTTLS Explicit(25)
+    # Needs to test against cipher lists specific to Port 25 ('_p25' parameter)
+    check_cipherlists "${RESULTS_PATH}/port_25.json" '_p25'
+    # SMTP Submission: Mandatory STARTTLS Explicit(587) and Implicit(465) TLS
+    check_cipherlists "${RESULTS_PATH}/port_587.json"
+    check_cipherlists "${RESULTS_PATH}/port_465.json"
+    # IMAP: Mandatory STARTTLS Explicit(143) and Implicit(993) TLS
+    check_cipherlists "${RESULTS_PATH}/port_143.json"
+    check_cipherlists "${RESULTS_PATH}/port_993.json"
+    # POP3: Mandatory STARTTLS Explicit(110) and Implicit(995)
+    check_cipherlists "${RESULTS_PATH}/port_110.json"
+    check_cipherlists "${RESULTS_PATH}/port_995.json"
+}
+
+function collect_cipherlist_data() {
+    run docker run -d --name tls_test_cipherlists \
+        --volume "${PRIVATE_CONFIG}/:/tmp/docker-mailserver/" \
+        --volume "${TLS_CONFIG_VOLUME}" \
+        --env DMS_DEBUG=0 \
+        --env ENABLE_POP3=1 \
+        --env SSL_TYPE="manual" \
+        --env SSL_CERT_PATH="/config/ssl/cert.${KEY_TYPE}.pem" \
+        --env SSL_KEY_PATH="/config/ssl/key.${KEY_TYPE}.pem" \
+        --env TLS_LEVEL="${TLS_LEVEL}" \
+        --network "${NETWORK}" \
+        --network-alias "${DOMAIN}" \
+        --hostname "mail.${DOMAIN}" \
+        --tty \
+        "${NAME}" # Image name
+    assert_success
+
+    wait_for_finished_setup_in_container tls_test_cipherlists
+    # NOTE: An rDNS query for the container IP will resolve to `<container name>.<network name>.`
+
+    # Make directory with test user ownership. Avoids Docker creating with root ownership.
+    # TODO: Can switch to filename prefix for JSON output when this is resolved: https://github.com/drwetter/testssl.sh/issues/1845
+    mkdir -p "${TLS_RESULTS_DIR}/${RESULTS_PATH}"
+
+    # For non-CI test runs, instead of removing prior test files after this test suite completes,
+    # they're retained and overwritten by future test runs instead. Useful for inspection.
+    # `--preference` reduces the test scope to the cipher suites reported as supported by the server. Completes in ~35% of the time.
+    local TESTSSL_CMD="--quiet --file /config/ssl/testssl.txt --mode parallel --overwrite --preference"
+    # NOTE: Batch testing ports via `--file` doesn't properly bubble up failure.
+    # If the failure for a test is misleading consider testing a single port with:
+    # local TESTSSL_CMD="--quiet --jsonfile-pretty ${RESULTS_PATH}/port_${PORT}.json --starttls smtp ${DOMAIN}:${PORT}"
+    # TODO: Can use `jq` to check for failure when this is resolved: https://github.com/drwetter/testssl.sh/issues/1844
+
+    # `--user "<uid>:<gid>"` is a workaround: Avoids `permission denied` write errors for json output, uses `id` to match user uid & gid.
+    # shellcheck disable=SC2086 # ${TESTSSL_CMD} doesn't work with double quotes
+    run docker run --rm \
+        --user "$(id -u):$(id -g)" \
+        --network "${NETWORK}" \
+        --volume "${TLS_CONFIG_VOLUME}" \
+        --volume "${TLS_RESULTS_DIR}/${RESULTS_PATH}/:/output" \
+        --workdir "/output" \
+        drwetter/testssl.sh:3.1dev ${TESTSSL_CMD}
+    assert_success
+}
+
+# Use `jq` to extract a specific cipher list from the target`testssl.sh` results json output file
+function compare_cipherlist() {
+    local TARGET_CIPHERLIST=$1
+    local RESULTS_FILE=$2
+    local EXPECTED_CIPHERLIST=$3
+
+    run jq '.scanResult[0].fs[] | select(.id=="'"${TARGET_CIPHERLIST}"'") | .finding' "${TLS_RESULTS_DIR}/${RESULTS_FILE}"
+    assert_success
+    assert_output "${EXPECTED_CIPHERLIST}"
+}
+
+# Compares the expected cipher lists against logged test results from `testssl.sh`
+function check_cipherlists() {
+    local RESULTS_FILE=$1
+    local p25=$2 # optional suffix
+
+    # TLS_LEVEL `modern` doesn't have TLS v1.0 or v1.1 cipher suites. Sets TLS v1.2 as minimum.
+    if [[ "${TLS_LEVEL}" == "intermediate" ]]
+        then
+            compare_cipherlist "cipherorder_TLSv1"   "${RESULTS_FILE}" "$(get_cipherlist "TLSv1${p25}")"
+            compare_cipherlist "cipherorder_TLSv1_1" "${RESULTS_FILE}" "$(get_cipherlist "TLSv1_1${p25}")"
+    fi
+    compare_cipherlist "cipherorder_TLSv1_2" "${RESULTS_FILE}" "$(get_cipherlist "TLSv1_2${p25}")"
+    compare_cipherlist "cipherorder_TLSv1_3" "${RESULTS_FILE}" "$(get_cipherlist 'TLSv1_3')"
+}
+
+# Expected cipher lists. Should match `TLS_LEVEL` cipher lists set in `start-mailserver.sh`.
+# Excluding Port 25 which uses defaults from Postfix after applying `smtpd_tls_exclude_ciphers` rules.
+function get_cipherlist() {
+    local TLS_VERSION=$1
+
+    if [[ "${TLS_VERSION}" == "TLSv1_3" ]]
+        then
+            # TLS v1.3 cipher suites are not user defineable and not unique to the available certificate(s).
+            # They do not support server enforced order either.
+            echo '"TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256"'
+        else
+
+        # Associative array for easy querying of required cipher list
+        declare -A CIPHER_LIST
+        # Our TLS v1.0 and v1.1 cipher suites should be the same:
+        CIPHER_LIST["rsa_intermediate_TLSv1"]='"ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA"'
+        CIPHER_LIST["rsa_intermediate_TLSv1_1"]=${CIPHER_LIST["rsa_intermediate_TLSv1"]}
+        CIPHER_LIST["rsa_intermediate_TLSv1_2"]='"ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA"'
+
+        # `modern` doesn't have TLS v1.0 or v1.1 cipher suites:
+        CIPHER_LIST["rsa_modern_TLSv1_2"]='"ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384"'
+
+        # ECDSA
+        CIPHER_LIST["ecdsa_intermediate_TLSv1"]='"ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA"'
+        CIPHER_LIST["ecdsa_intermediate_TLSv1_1"]=${CIPHER_LIST["ecdsa_intermediate_TLSv1"]}
+        CIPHER_LIST["ecdsa_intermediate_TLSv1_2"]='"ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA"'
+        CIPHER_LIST["ecdsa_modern_TLSv1_2"]='"ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305"'
+
+        # Port 25
+        # TLSv1 and TLSv1_1 share the same cipher suites as other ports have. The server order differs.
+        # TLSv1_2 has different server order and ARIA, CCM, DHE+CHACHA20-POLY1305 cipher suites
+        CIPHER_LIST["rsa_intermediate_TLSv1_p25"]='"ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA"'
+        CIPHER_LIST["rsa_intermediate_TLSv1_1_p25"]=${CIPHER_LIST["rsa_intermediate_TLSv1_p25"]}
+
+        CIPHER_LIST["rsa_intermediate_TLSv1_2_p25"]='"ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-CCM8 DHE-RSA-AES256-CCM ECDHE-ARIA256-GCM-SHA384 DHE-RSA-ARIA256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES256-SHA256 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA ARIA256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-CCM8 DHE-RSA-AES128-CCM ECDHE-ARIA128-GCM-SHA256 DHE-RSA-ARIA128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA ARIA128-GCM-SHA256"'
+        CIPHER_LIST["rsa_modern_TLSv1_2_p25"]=${CIPHER_LIST["rsa_intermediate_TLSv1_2_p25"]}
+
+        # ECDSA
+        CIPHER_LIST["ecdsa_intermediate_TLSv1_p25"]='"ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA"'
+        CIPHER_LIST["ecdsa_intermediate_TLSv1_1_p25"]=${CIPHER_LIST["ecdsa_intermediate_TLSv1_p25"]}
+
+        CIPHER_LIST["ecdsa_intermediate_TLSv1_2_p25"]='"ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-CCM8 ECDHE-ECDSA-AES256-CCM ECDHE-ECDSA-ARIA256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-CCM8 ECDHE-ECDSA-AES128-CCM ECDHE-ECDSA-ARIA128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA"'
+        CIPHER_LIST["ecdsa_modern_TLSv1_2_p25"]=${CIPHER_LIST["ecdsa_intermediate_TLSv1_2_p25"]}
+
+        local TARGET_QUERY="${KEY_TYPE}_${TLS_LEVEL}_${TLS_VERSION}"
+        echo "${CIPHER_LIST[${TARGET_QUERY}]}"
+    fi
+}
+
+@test "last" {
+  skip 'this test is only there to reliably mark the end for the teardown_file'
+}

test/test-files/ssl/example.test/README.md

@@ -0,0 +1,146 @@
+# Testing certificates for TLS
+
+Use these certificates for any tests that require a certificate during a test. **DO NOT USE IN PRODUCTION**.
+
+These certificates for usage with TLS have been generated via the [Smallstep `step certificate`](https://smallstep.com/docs/step-cli/reference/certificate/create) CLI tool. They have a duration of 10 years and are valid for the SAN `example.test` or it's `mail` subdomain.
+
+`Certificate Details` sections are the output of: `step certificate inspect cert.<key type>.pem`.
+
+---
+<!-- markdownlint-disable MD033 MD040 -->
+**RSA (2048-bit) - self-signed:**
+
+```sh
+step certificate create "Smallstep self-signed" cert.rsa.pem key.rsa.pem \
+  --no-password --insecure \
+  --profile self-signed --subtle \
+  --not-before "2021-01-01T00:00:00+00:00" \
+  --not-after "2031-01-01T00:00:00+00:00" \
+  --san "example.test" \
+  --san "mail.example.test" \
+  --kty RSA --size 2048
+```
+
+<details>
+<summary>Certificate Details:</summary>
+
+```
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 208627341009417536895802991697858158387 (0x9cf42a11521763a5a0fbd1cedb085f33)
+    Signature Algorithm: SHA256-RSA
+        Issuer: CN=Smallstep self-signed
+        Validity
+            Not Before: Jan 1 00:00:00 2021 UTC
+            Not After : Jan 1 00:00:00 2031 UTC
+        Subject: CN=Smallstep self-signed
+        Subject Public Key Info:
+            Public Key Algorithm: RSA
+                Public-Key: (2048 bit)
+                Modulus:
+                    e2:78:fa:af:1b:82:ee:92:8c:b6:9b:96:ee:a7:4f:
+                    b8:dd:72:ec:c6:85:97:a8:53:c0:ad:0c:04:c9:23:
+                    5d:3e:f5:1a:ce:78:b7:14:fd:61:53:1e:51:03:54:
+                    64:60:3c:87:38:c9:fc:ec:55:8e:c0:dd:82:8c:ac:
+                    d9:e9:b8:ee:37:df:95:60:d9:f2:02:f6:21:04:e0:
+                    af:d2:c5:1a:b6:3e:5f:dc:3a:31:b8:e6:c7:37:8b:
+                    7a:53:54:b1:21:61:34:31:05:aa:6f:28:88:89:2d:
+                    ac:43:f8:4f:b0:e7:57:17:fe:b6:4d:b3:7c:0e:f4:
+                    34:58:1c:b7:06:e9:33:13:d3:2a:68:eb:41:c3:5c:
+                    cf:a9:f1:76:b4:41:9e:cd:86:6a:4a:80:6b:05:cd:
+                    5c:0f:1a:6d:f6:8d:ed:50:a2:b5:f7:97:00:75:1b:
+                    36:9f:e8:68:e7:43:d4:1c:cc:7e:d3:03:e0:c5:be:
+                    54:ab:e9:e4:dc:53:36:6c:b2:46:fb:72:bd:26:e7:
+                    9b:c6:45:a9:be:4a:e3:10:b8:80:55:ee:28:63:09:
+                    09:60:9c:fb:57:f4:c7:36:8f:09:39:32:9d:26:92:
+                    4b:78:51:9c:eb:bc:74:61:ec:80:6e:73:59:5d:52:
+                    f2:02:95:24:f7:47:9d:6a:b2:b3:17:35:9d:48:58:
+                    81
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment
+            X509v3 Extended Key Usage:
+                Server Authentication, Client Authentication
+            X509v3 Subject Key Identifier:
+                05:AC:63:51:E2:44:A1:46:F8:08:86:D9:EF:69:32:B2:89:6D:DA:CE
+            X509v3 Subject Alternative Name:
+                DNS:example.test, DNS:mail.example.test
+    Signature Algorithm: SHA256-RSA
+         50:47:7b:59:26:9d:8d:f7:e4:dc:03:94:b0:35:e4:03:b7:94:
+         16:7e:b6:79:c5:bb:e7:61:db:ca:e6:22:cc:c8:a0:9f:9d:b0:
+         7c:12:43:ec:a7:f3:fe:ad:0a:44:69:69:7f:c7:31:f7:3f:e8:
+         98:a7:37:43:bd:fb:5b:c6:85:85:91:dc:29:23:cb:6b:a9:aa:
+         f0:f0:62:79:ce:43:8c:5f:28:49:ee:a1:d4:16:67:6b:59:c3:
+         15:65:e3:d3:3b:35:da:59:35:33:2a:5e:8a:59:ff:14:b9:51:
+         a5:8e:0b:7c:1b:a1:b1:f4:89:1a:3f:2f:d7:b1:8d:23:0a:7a:
+         79:e1:c2:03:b5:2f:ee:34:16:a9:67:27:b6:10:67:5d:f4:1d:
+         d6:b3:e0:ab:80:3d:59:fc:bc:4b:1a:55:fb:36:75:ff:e3:88:
+         73:e3:16:4d:2b:17:7b:2a:21:a3:18:14:04:19:b3:b8:11:39:
+         55:3f:ce:21:b7:d3:5d:8d:78:d5:3a:e0:b2:17:41:ad:3c:8e:
+         a5:a2:ba:eb:3d:b6:9e:2c:ef:7d:d5:cc:71:cb:07:54:21:42:
+         81:79:45:2b:93:74:93:a1:c9:f1:5e:5e:11:3d:ac:df:55:98:
+         37:44:d2:55:a5:15:a9:33:79:6e:fe:49:6d:e5:7b:a0:1c:12:
+         c5:1b:4d:33
+```
+
+</details>
+
+**ECDSA (P-256) - self-signed:**
+
+```sh
+step certificate create "Smallstep self-signed" cert.ecdsa.pem key.ecdsa.pem \
+  --no-password --insecure \
+  --profile self-signed --subtle \
+  --not-before "2021-01-01T00:00:00+00:00" \
+  --not-after "2031-01-01T00:00:00+00:00" \
+  --san "example.test" \
+  --san "mail.example.test" \
+  --kty EC --crv P-256
+```
+
+<details>
+<summary>Certificate Details:</summary>
+
+```
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 311463463867833685003701497925006766941 (0xea51ae60cd02784bbf1ba4e367ffb35d)
+    Signature Algorithm: ECDSA-SHA256
+        Issuer: CN=Smallstep self-signed
+        Validity
+            Not Before: Jan 1 00:00:00 2021 UTC
+            Not After : Jan 1 00:00:00 2031 UTC
+        Subject: CN=Smallstep self-signed
+        Subject Public Key Info:
+            Public Key Algorithm: ECDSA
+                Public-Key: (256 bit)
+                X:
+                    b1:f7:b1:12:75:17:a8:72:9a:39:31:ef:f0:61:b2:
+                    f4:0c:88:c6:05:b2:12:f2:99:e0:ac:81:78:4c:72:
+                    94:e9
+                Y:
+                    52:8f:e9:c1:7b:b0:15:83:90:06:30:d2:c0:6b:66:
+                    63:31:14:54:28:80:1d:89:6e:a4:2c:dd:59:17:5f:
+                    a6:3e
+                Curve: P-256
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Digital Signature
+            X509v3 Extended Key Usage:
+                Server Authentication, Client Authentication
+            X509v3 Subject Key Identifier:
+                14:9F:BA:EB:14:52:9F:2C:13:B2:E9:F1:77:DA:5B:F6:E2:1D:54:BD
+            X509v3 Subject Alternative Name:
+                DNS:example.test, DNS:mail.example.test
+    Signature Algorithm: ECDSA-SHA256
+         30:46:02:21:00:f8:72:3d:90:7e:db:9e:7a:4f:6d:80:fb:fa:
+         dc:42:43:e2:dc:8f:6a:ec:18:c5:af:e1:ea:03:fd:66:78:a2:
+         01:02:21:00:f7:86:58:81:17:f5:74:5b:14:c8:0f:93:e2:bb:
+         b8:e9:90:47:c0:f7:b1:60:82:d9:b4:1a:fc:fa:66:fa:48:5c
+```
+
+</details>
+<!-- markdownlint-enable MD033 MD040 -->

test/test-files/ssl/example.test/cert.ecdsa.pem

@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBvDCCAWGgAwIBAgIRAOpRrmDNAnhLvxuk42f/s10wCgYIKoZIzj0EAwIwIDEe
+MBwGA1UEAxMVU21hbGxzdGVwIHNlbGYtc2lnbmVkMB4XDTIxMDEwMTAwMDAwMFoX
+DTMxMDEwMTAwMDAwMFowIDEeMBwGA1UEAxMVU21hbGxzdGVwIHNlbGYtc2lnbmVk
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsfexEnUXqHKaOTHv8GGy9AyIxgWy
+EvKZ4KyBeExylOlSj+nBe7AVg5AGMNLAa2ZjMRRUKIAdiW6kLN1ZF1+mPqN8MHow
+DgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAd
+BgNVHQ4EFgQUFJ+66xRSnywTsunxd9pb9uIdVL0wKgYDVR0RBCMwIYIMZXhhbXBs
+ZS50ZXN0ghFtYWlsLmV4YW1wbGUudGVzdDAKBggqhkjOPQQDAgNJADBGAiEA+HI9
+kH7bnnpPbYD7+txCQ+Lcj2rsGMWv4eoD/WZ4ogECIQD3hliBF/V0WxTID5Piu7jp
+kEfA97Fggtm0Gvz6ZvpIXA==
+-----END CERTIFICATE-----

test/test-files/ssl/example.test/cert.rsa.pem

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDRzCCAi+gAwIBAgIRAJz0KhFSF2OloPvRztsIXzMwDQYJKoZIhvcNAQELBQAw
+IDEeMBwGA1UEAxMVU21hbGxzdGVwIHNlbGYtc2lnbmVkMB4XDTIxMDEwMTAwMDAw
+MFoXDTMxMDEwMTAwMDAwMFowIDEeMBwGA1UEAxMVU21hbGxzdGVwIHNlbGYtc2ln
+bmVkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4nj6rxuC7pKMtpuW
+7qdPuN1y7MaFl6hTwK0MBMkjXT71Gs54txT9YVMeUQNUZGA8hzjJ/OxVjsDdgoys
+2em47jfflWDZ8gL2IQTgr9LFGrY+X9w6MbjmxzeLelNUsSFhNDEFqm8oiIktrEP4
+T7DnVxf+tk2zfA70NFgctwbpMxPTKmjrQcNcz6nxdrRBns2GakqAawXNXA8abfaN
+7VCitfeXAHUbNp/oaOdD1BzMftMD4MW+VKvp5NxTNmyyRvtyvSbnm8ZFqb5K4xC4
+gFXuKGMJCWCc+1f0xzaPCTkynSaSS3hRnOu8dGHsgG5zWV1S8gKVJPdHnWqysxc1
+nUhYgQIDAQABo3wwejAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH
+AwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQFrGNR4kShRvgIhtnvaTKyiW3azjAqBgNV
+HREEIzAhggxleGFtcGxlLnRlc3SCEW1haWwuZXhhbXBsZS50ZXN0MA0GCSqGSIb3
+DQEBCwUAA4IBAQBQR3tZJp2N9+TcA5SwNeQDt5QWfrZ5xbvnYdvK5iLMyKCfnbB8
+EkPsp/P+rQpEaWl/xzH3P+iYpzdDvftbxoWFkdwpI8trqarw8GJ5zkOMXyhJ7qHU
+FmdrWcMVZePTOzXaWTUzKl6KWf8UuVGljgt8G6Gx9IkaPy/XsY0jCnp54cIDtS/u
+NBapZye2EGdd9B3Ws+CrgD1Z/LxLGlX7NnX/44hz4xZNKxd7KiGjGBQEGbO4ETlV
+P84ht9NdjXjVOuCyF0GtPI6lorrrPbaeLO991cxxywdUIUKBeUUrk3STocnxXl4R
+PazfVZg3RNJVpRWpM3lu/klt5XugHBLFG00z
+-----END CERTIFICATE-----

test/test-files/ssl/example.test/key.ecdsa.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIO4nGpEVFeDjKsUKBBumdJxg0tOx/BEasG6G/denFif1oAoGCCqGSM49
+AwEHoUQDQgAEsfexEnUXqHKaOTHv8GGy9AyIxgWyEvKZ4KyBeExylOlSj+nBe7AV
+g5AGMNLAa2ZjMRRUKIAdiW6kLN1ZF1+mPg==
+-----END EC PRIVATE KEY-----

test/test-files/ssl/example.test/key.rsa.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA4nj6rxuC7pKMtpuW7qdPuN1y7MaFl6hTwK0MBMkjXT71Gs54
+txT9YVMeUQNUZGA8hzjJ/OxVjsDdgoys2em47jfflWDZ8gL2IQTgr9LFGrY+X9w6
+MbjmxzeLelNUsSFhNDEFqm8oiIktrEP4T7DnVxf+tk2zfA70NFgctwbpMxPTKmjr
+QcNcz6nxdrRBns2GakqAawXNXA8abfaN7VCitfeXAHUbNp/oaOdD1BzMftMD4MW+
+VKvp5NxTNmyyRvtyvSbnm8ZFqb5K4xC4gFXuKGMJCWCc+1f0xzaPCTkynSaSS3hR
+nOu8dGHsgG5zWV1S8gKVJPdHnWqysxc1nUhYgQIDAQABAoIBAQDA++JycPkjnxH1
+UaRN/Zi7qUkTZx/T2gZ0e4FwWo2eGdX3X9YR/PrlglSlKDczyaYKfGPy+Nj3anXX
+l1R75ORHaqlFu2A9EDT4chWc/fgkCQQh36JfWHafcD+Un4nd3tncBaIUV+CsaGjZ
+EJp6Hf8kgjf01UWLA5spN6RQer0hXbrtcIbzXH/aHPblKHJPrZ1I4HnQ4FlM9DvP
+RZqm4RYf2NLSQiS494x9CthoEh77/CkuIRcwcY499rVT6L70io4oO5CWD8QyBeUK
+qA0pLKZ97vTxpexkMiuOS5hP4t96D7xFfmDMtJv4/qZtlN7DD11+Nl65PG1Qf37+
+GbFfEuYhAoGBAOtkaBnWztqiNP8v9avs1lUoRuAip2pnfM6P86r7dy+8ha2BuAYu
+oCdZnjxFgdLq7KDp4XfgUC0GF9MpP4A5VYo2zR+YjMyXP9JdW0jWjtiBdXiermn5
+oAOFuRUPjtvj0UHhAKcGrTP2gN9Kz+BOS9C2UnmzBgmIYv4NgB5GI0AVAoGBAPZM
+qpJ9Ger3PgZoq1pCDSLoV6X18BWuTzzTH07QYxy8ObVxZ1/iKUKvMEmUz0rQxUsu
+Xc9teD9Q0GKg2KcdTzPh+khuc99THoywhMOElWw0g1RmWwnJWcTmCItLzkyBpmd3
+y3rAig5+eOCiG8DuA6KIwV3L1HrQ/Xn2wIF5wyW9AoGBANGpNAPXzZT1J2koSZSh
+teJRppdapm1i0cqWcz2XD3jIXPTG9qci/mkuLH+YlWLM9oj46GdCt4byx2PAeJv3
+9VXPK/L5iGduTF1N49HDsaXr4TrXc5hWzAx3HfxBSEhY6XjZNSCQFNOUuwKn+vHa
+KzMyQdG+ACGbhjisw7GzXRBlAoGBAMyXXK04e9oBLKWYNpZP/ad8hqoWRCtOUwW8
+feozEdFhzTIaFHvCWvHIonzMvvBvwSM1TbmrPlKh56e14qHWp976HLQkA96DpgHJ
+806SCKkMafcm2wKjHg1/46MKAkDtBXQ3P3AlFcj6Z6B5KEK3s49EuBMY6NRoW9X/
+EWO76E2lAoGASH1EAyBSFSa61M+6BwHzjKFgNCCj3tQP6wGJGeDs+rb4tPsmnbvB
+PFpmI4FvlFWIuCmZu5v/Yx/eqeD3mVhoXk5zibVSUyTAbrChPO2qSu8yCE9qlsOB
+gkXdlpwYF++HnuRaMMIk8jJfU6u48cMULxjDHgrHrDjnUDBBVrBNXuo=
+-----END RSA PRIVATE KEY-----

test/test-files/ssl/example.test/testssl.txt

@@ -0,0 +1,10 @@
+# Provides commands for `testssl.sh` `--file` option to run multiple tests with
+--jsonfile-pretty port_25.json --starttls smtp example.test:25
+--jsonfile-pretty port_587.json --starttls smtp example.test:587
+--jsonfile-pretty port_465.json example.test:465
+
+--jsonfile-pretty port_110.json --starttls pop3 example.test:110
+--jsonfile-pretty port_995.json example.test:995
+
+--jsonfile-pretty port_143.json --starttls imap example.test:143
+--jsonfile-pretty port_993.json example.test:993