On Fri, Oct 11, 2019 at 11:32:50AM -0400, micah anderson wrote:

> > The concern is as stated, we don't know what remote MTAs will do if

> > they receive an unexpected SNI. You can try it I guess, and see

> > what happens.

>

> Indeed, this is why I was wondering how we could go about probing these

> remote MTAs to track down what exactly they would do. We'd need someone

> who has a significant number of remote clients that they send to, over

> TLS, to gather those and attempt to connect using SNI to see what would

> happen.

>

> Or is there a good 'gamification' site that people use that could be

> convinced to add this check?

FWIW, I just sent my system a message from a Gmail account, with a

tcpdump capture running to record inbound SMTP traffic. My system

does not advertise MTA-STS, and, AFAIK, Gmail does not support

outbound DANE. So my server plausibly looks "generic" to Gmail's

outbound systems.

The tshark decode of that traffic, shows, that Gmail sends SNI,

probably unconditionally, especially because it also attempts to

negotiate TLS 1.3, where SNI is generally expected.

So likely at this point it is safe to conclude that sending SNI is

unlikely to cause problems. Your mileage may vary.

--

Viktor.

Transport Layer Security

TLSv1 Record Layer: Handshake Protocol: Client Hello

Content Type: Handshake (22)

Version: TLS 1.0 (0x0301)

Length: 255

Handshake Protocol: Client Hello

Handshake Type: Client Hello (1)

Length: 251

Version: TLS 1.2 (0x0303)

Random: b076d376a44eb9442cf84e00ccce53ac3ce3e8742d704c63…

GMT Unix Time: Oct 25, 2063 18:36:38.000000000 EDT

Random Bytes: a44eb9442cf84e00ccce53ac3ce3e8742d704c6320e8547a…

Session ID Length: 32

Session ID: ec944655829cba19b42319521a5f0c8c2503a0bd1cf1e4a8…

Cipher Suites Length: 36

Cipher Suites (18 suites)

Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)

Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)

Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)

Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)

Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)

Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)

Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)

Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)

Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)

Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)

Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)

Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)

Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)

Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)

Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)

Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)

Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)

Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)

Compression Methods Length: 1

Compression Methods (1 method)

Compression Method: null (0)

Extensions Length: 142

Extension: server_name (len=22)

Type: server_name (0)

Length: 22

Server Name Indication extension

Server Name list length: 20

Server Name Type: host_name (0)

Server Name length: 17

Server Name: smtp.dukhovni.org

Extension: extended_master_secret (len=0)

Type: extended_master_secret (23)

Length: 0

Extension: renegotiation_info (len=1)

Type: renegotiation_info (65281)

Length: 1

Renegotiation Info extension

Renegotiation info extension length: 0

Extension: supported_groups (len=8)

Type: supported_groups (10)

Length: 8

Supported Groups List Length: 6

Supported Groups (3 groups)

Supported Group: x25519 (0x001d)

Supported Group: secp256r1 (0x0017)

Supported Group: secp384r1 (0x0018)

Extension: ec_point_formats (len=2)

Type: ec_point_formats (11)

Length: 2

EC point formats Length: 1

Elliptic curves point formats (1)

EC point format: uncompressed (0)

Extension: session_ticket (len=0)

Type: session_ticket (35)

Length: 0

Data (0 bytes)

Extension: signature_algorithms (len=20)

Type: signature_algorithms (13)

Length: 20

Signature Hash Algorithms Length: 18

Signature Hash Algorithms (9 algorithms)

Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)

Signature Hash Algorithm Hash: SHA256 (4)

Signature Hash Algorithm Signature: ECDSA (3)

Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)

Signature Hash Algorithm Hash: Unknown (8)

Signature Hash Algorithm Signature: Unknown (4)

Signature Algorithm: rsa_pkcs1_sha256 (0x0401)

Signature Hash Algorithm Hash: SHA256 (4)

Signature Hash Algorithm Signature: RSA (1)

Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)

Signature Hash Algorithm Hash: SHA384 (5)

Signature Hash Algorithm Signature: ECDSA (3)

Signature Algorithm: rsa_pss_rsae_sha384 (0x0805)

Signature Hash Algorithm Hash: Unknown (8)

Signature Hash Algorithm Signature: Unknown (5)

Signature Algorithm: rsa_pkcs1_sha384 (0x0501)

Signature Hash Algorithm Hash: SHA384 (5)

Signature Hash Algorithm Signature: RSA (1)

Signature Algorithm: rsa_pss_rsae_sha512 (0x0806)

Signature Hash Algorithm Hash: Unknown (8)

Signature Hash Algorithm Signature: Unknown (6)

Signature Algorithm: rsa_pkcs1_sha512 (0x0601)

Signature Hash Algorithm Hash: SHA512 (6)

Signature Hash Algorithm Signature: RSA (1)

Signature Algorithm: rsa_pkcs1_sha1 (0x0201)

Signature Hash Algorithm Hash: SHA1 (2)

Signature Hash Algorithm Signature: RSA (1)

Extension: key_share (len=38)

Type: key_share (51)

Length: 38

Key Share extension

Client Key Share Length: 36

Key Share Entry: Group: x25519, Key Exchange length: 32

Group: x25519 (29)

Key Exchange Length: 32

Key Exchange: bf35ed7ad1b921cc3d1442977047cbb1a98430348588ab49…

Extension: psk_key_exchange_modes (len=2)

Type: psk_key_exchange_modes (45)

Length: 2

PSK Key Exchange Modes Length: 1

PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1)

Extension: supported_versions (len=9)

Type: supported_versions (43)

Length: 9

Supported Versions length: 8

Supported Version: TLS 1.3 (0x0304)

Supported Version: TLS 1.2 (0x0303)

Supported Version: TLS 1.1 (0x0302)

Supported Version: TLS 1.0 (0x0301)