TLS library problem: no shared cipher

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

TLS library problem: no shared cipher

Markus E.
Hi!

What's your suggestion to avoid the following problem?

Sep 22 13:11:22 postfix/smtpd[21000]: connect from dragon.trusteddomain.org[208.69.40.156]
Sep 22 13:11:25 postfix/smtpd[21000]: SSL_accept error from dragon.trusteddomain.org[208.69.40.156]: -1
Sep 22 13:11:25 postfix/smtpd[21000]: warning: TLS library problem: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:2284:
Sep 22 13:11:25 postfix/smtpd[21000]: lost connection after STARTTLS from dragon.trusteddomain.org[208.69.40.156]
Sep 22 13:11:25 postfix/smtpd[21000]: disconnect from dragon.trusteddomain.org[208.69.40.156] ehlo=1 starttls=0/1 commands=1/2

I only see this warning with this particular client.

I'm running Postfix 3.6-20200830 compiled with openssl-1.1.1g.
Using Let's Encrypt certificate.

My main.cf:

smtp_tls_security_level = may
smtp_tls_CAfile = /path/to/cacert.pem
smtp_tls_cert_file = /path/to/fullchain.cer
smtp_tls_key_file = /path/to/keyfile.key
smtpd_tls_security_level = $smtp_tls_security_level
smtpd_tls_CAfile = $smtp_tls_CAfile
smtpd_tls_cert_file = $smtp_tls_cert_file
smtpd_tls_key_file = $smtp_tls_key_file
smtpd_tls_ask_ccert = no

...everything else tls related is default.

Is it possible to not announce STARTTLS to some clients?

-me
Reply | Threaded
Open this post in threaded view
|

Re: TLS library problem: no shared cipher

Herbert J. Skuhra-3
On Tue, Sep 22, 2020 at 04:37:55PM +0200, Markus E. wrote:
>
> Is it possible to not announce STARTTLS to some clients?

http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps

--
Herbert
Reply | Threaded
Open this post in threaded view
|

Re: TLS library problem: no shared cipher

Markus E.
On Tue, 22 Sep 2020, Herbert J. Skuhra wrote:

> On Tue, Sep 22, 2020 at 04:37:55PM +0200, Markus E. wrote:
>>
>> Is it possible to not announce STARTTLS to some clients?
>
> http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps
>
>

Thank you!
Problem circumvented but not solved :)

-me
Reply | Threaded
Open this post in threaded view
|

Re: TLS library problem: no shared cipher

Viktor Dukhovni
On Tue, Sep 22, 2020 at 04:37:55PM +0200, Markus E. wrote:

> What's your suggestion to avoid the following problem?
>
> Sep 22 13:11:22 postfix/smtpd[21000]: connect from dragon.trusteddomain.org[208.69.40.156]
> Sep 22 13:11:25 postfix/smtpd[21000]: SSL_accept error from dragon.trusteddomain.org[208.69.40.156]: -1
> Sep 22 13:11:25 postfix/smtpd[21000]: warning: TLS library problem: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:2284:
> Sep 22 13:11:25 postfix/smtpd[21000]: lost connection after STARTTLS from dragon.trusteddomain.org[208.69.40.156]
> Sep 22 13:11:25 postfix/smtpd[21000]: disconnect from dragon.trusteddomain.org[208.69.40.156] ehlo=1 starttls=0/1 commands=1/2
>
> I only see this warning with this particular client.

You might find another one in your logs now. :-)

    $ posttls-finger -g HIGH -o tls_high_cipherlist='DEFAULT:!aECDSA' -p '!TLSv1.3' mars.unx.se
    posttls-finger: Connected to mx.unx.se[2600:3c04::f03c:91ff:feea:d4d]:25
    posttls-finger: < 220 phobos.unx.se ESMTP
    posttls-finger: > EHLO amnesiac
    posttls-finger: < 250-phobos.unx.se
    posttls-finger: < 250-PIPELINING
    posttls-finger: < 250-SIZE 10240000
    posttls-finger: < 250-ETRN
    posttls-finger: < 250-STARTTLS
    posttls-finger: < 250-ENHANCEDSTATUSCODES
    posttls-finger: < 250-8BITMIME
    posttls-finger: < 250 CHUNKING
    posttls-finger: > STARTTLS
    posttls-finger: < 220 2.0.0 Ready to start TLS
    posttls-finger: SSL_connect error to mx.unx.se[2600:3c04::f03c:91ff:feea:d4d]:25: -1
    posttls-finger: warning: TLS library problem: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1544:SSL alert number 40:

> I'm running Postfix 3.6-20200830 compiled with openssl-1.1.1g.  Using
> Let's Encrypt certificate.

Specifically, an ECDSA P-256 certificate, but some systems don't (yet?)
support ECDSA.  You'd need an additional RSA certificate to interoperate
with their sending MTA's limited STARTTLS cipher/protocol repertoire.

On Tue, Sep 22, 2020 at 05:25:13PM +0200, Markus E. wrote:

> > On Tue, Sep 22, 2020 at 04:37:55PM +0200, Markus E. wrote:
> >>
> >> Is it possible to not announce STARTTLS to some clients?
> >
> > http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps
>
> Thank you!
> Problem circumvented but not solved :)

Or just let them fail to establish STARTTLS, and retry in cleartext,
though based on the MX host of trusteddomains.org (which appears to be
running Sendmail), that might not work out, since IIRC Sendmail does not
fall back to cleartext when STARTTLS is announced, but fails.

The combination of a rather ancient, poorly interoperable, TLS stack
(TLSv1 only or preferred, no ECDSA support) with an inability to retry
without STARTTLS makes their SMTP servers rather brittle.  One might
reasonably take the view that the problem is theirs to solve.

    https://dilbert.com/strip/1995-06-24

--
    Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: TLS library problem: no shared cipher

Markus E.
On Tue, 22 Sep 2020, Viktor Dukhovni wrote:

> On Tue, Sep 22, 2020 at 04:37:55PM +0200, Markus E. wrote:
>
> You might find another one in your logs now. :-)

You're welcome! :)


>    $ posttls-finger -g HIGH -o tls_high_cipherlist='DEFAULT:!aECDSA' -p '!TLSv1.3' mars.unx.se
>    posttls-finger: Connected to mx.unx.se[2600:3c04::f03c:91ff:feea:d4d]:25
>    posttls-finger: < 220 phobos.unx.se ESMTP
>    posttls-finger: > EHLO amnesiac
>    posttls-finger: < 250-phobos.unx.se
>    posttls-finger: < 250-PIPELINING
>    posttls-finger: < 250-SIZE 10240000
>    posttls-finger: < 250-ETRN
>    posttls-finger: < 250-STARTTLS
>    posttls-finger: < 250-ENHANCEDSTATUSCODES
>    posttls-finger: < 250-8BITMIME
>    posttls-finger: < 250 CHUNKING
>    posttls-finger: > STARTTLS
>    posttls-finger: < 220 2.0.0 Ready to start TLS
>    posttls-finger: SSL_connect error to mx.unx.se[2600:3c04::f03c:91ff:feea:d4d]:25: -1
>    posttls-finger: warning: TLS library problem: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1544:SSL alert number 40:
>
>> I'm running Postfix 3.6-20200830 compiled with openssl-1.1.1g.  Using
>> Let's Encrypt certificate.
>
> Specifically, an ECDSA P-256 certificate, but some systems don't (yet?)
> support ECDSA.  You'd need an additional RSA certificate to interoperate
> with their sending MTA's limited STARTTLS cipher/protocol repertoire.

Oh, yes, you are right!


> The combination of a rather ancient, poorly interoperable, TLS stack
> (TLSv1 only or preferred, no ECDSA support) with an inability to retry
> without STARTTLS makes their SMTP servers rather brittle.  One might
> reasonably take the view that the problem is theirs to solve.

The host in question, which also happens to run the DMARC mailing list,
uses Sendmail 8.14.5 released 9 years ago, according to their headers.

I'll stick to my ecdsa cert. :)

Thank you for your explanation!

-me