TLS problem: no shared cipher?

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

TLS problem: no shared cipher?

Roland Freikamp
Hi,

I recently upgraded my mailserver-linux-system, which also upgraded Postfix
from 3.4.6 to 3.4.9, and renewed the TLS-certificates (Let's Encrypt).
The Postfix-configuration did not change.
Since then, some mails could not be delivered to my server, because it
seems that the mailservers could not agree on a TLS algorithm:

postfix/smtpd[17880]: connect from ...[...]
postfix/smtpd[17880]: SSL_accept error from ...[...]: -1
postfix/smtpd[17880]: warning: TLS library problem: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:2282:
postfix/smtpd[17880]: lost connection after STARTTLS from ...[...]
postfix/smtpd[17880]: disconnect from ...[...] ehlo=1 starttls=0/1 commands=1/2

Setting "smtpd_tls_ciphers = low" did not help; the only way to receive
the mails was disabling TLS completely ("smtpd_tls_security_level = none").
But I would like to enable TLS again.

Do you know what the reason could be and how it could be fixed?
(Change in Postfix default configuration? Bad certificate? Bad TLS library?
Bad TLS on other mailserver?)


thanks,
Roland
Reply | Threaded
Open this post in threaded view
|

Re: TLS problem: no shared cipher?

Wietse Venema
Roland Freikamp:

> Hi,
>
> I recently upgraded my mailserver-linux-system, which also upgraded Postfix
> from 3.4.6 to 3.4.9, and renewed the TLS-certificates (Let's Encrypt).
> The Postfix-configuration did not change.
> Since then, some mails could not be delivered to my server, because it
> seems that the mailservers could not agree on a TLS algorithm:
>
> postfix/smtpd[17880]: connect from ...[...]
> postfix/smtpd[17880]: SSL_accept error from ...[...]: -1
> postfix/smtpd[17880]: warning: TLS library problem: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:2282:
> postfix/smtpd[17880]: lost connection after STARTTLS from ...[...]
> postfix/smtpd[17880]: disconnect from ...[...] ehlo=1 starttls=0/1 commands=1/2
>
> Setting "smtpd_tls_ciphers = low" did not help; the only way to receive
> the mails was disabling TLS completely ("smtpd_tls_security_level = none").
> But I would like to enable TLS again.
>
> Do you know what the reason could be and how it could be fixed?
> (Change in Postfix default configuration? Bad certificate? Bad TLS library?
> Bad TLS on other mailserver?)

The crystal ball isn't working. What is the output from:
postconf -nf | grep tls
postconf -P | grep tls

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: TLS problem: no shared cipher?

Roland Freikamp
On 2020-05-15 12:56:18 -0400, Wietse Venema wrote:

> Roland Freikamp:
> > Hi,
> >
> > I recently upgraded my mailserver-linux-system, which also upgraded Postfix
> > from 3.4.6 to 3.4.9, and renewed the TLS-certificates (Let's Encrypt).
> > The Postfix-configuration did not change.
> > Since then, some mails could not be delivered to my server, because it
> > seems that the mailservers could not agree on a TLS algorithm:
> >
> > postfix/smtpd[17880]: connect from ...[...]
> > postfix/smtpd[17880]: SSL_accept error from ...[...]: -1
> > postfix/smtpd[17880]: warning: TLS library problem: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:2282:
> > postfix/smtpd[17880]: lost connection after STARTTLS from ...[...]
> > postfix/smtpd[17880]: disconnect from ...[...] ehlo=1 starttls=0/1 commands=1/2
> >
> > Setting "smtpd_tls_ciphers = low" did not help; the only way to receive
> > the mails was disabling TLS completely ("smtpd_tls_security_level = none").
> > But I would like to enable TLS again.
> >
> > Do you know what the reason could be and how it could be fixed?
> > (Change in Postfix default configuration? Bad certificate? Bad TLS library?
> > Bad TLS on other mailserver?)
>
> The crystal ball isn't working. What is the output from:
> postconf -nf | grep tls
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_ciphers = medium
smtp_tls_exclude_ciphers = aNULL,eNULL,CAMELLIA
smtp_tls_loglevel = 1
smtp_tls_mandatory_ciphers = medium
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /var/lib/acme/srv04.k-facility.de/fullchain.pem
smtpd_tls_dh1024_param_file = /var/lib/dhparams/postfix.pem
smtpd_tls_key_file = /var/lib/acme/srv04.k-facility.de/key.pem
smtpd_tls_loglevel = 1
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
tls_preempt_cipherlist = yes
tls_ssl_options = NO_COMPRESSION

> postconf -P | grep tls
submission/inet/smtpd_tls_security_level = encrypt

I've now set "smtpd_tls_loglevel = 2" -- hopefully this can tell me
more.


thanks
Roland
Reply | Threaded
Open this post in threaded view
|

Re: TLS problem: no shared cipher?

Wietse Venema
Roland Freikamp:

> On 2020-05-15 12:56:18 -0400, Wietse Venema wrote:
> > Roland Freikamp:
> > > Hi,
> > >
> > > I recently upgraded my mailserver-linux-system, which also upgraded Postfix
> > > from 3.4.6 to 3.4.9, and renewed the TLS-certificates (Let's Encrypt).
> > > The Postfix-configuration did not change.
> > > Since then, some mails could not be delivered to my server, because it
> > > seems that the mailservers could not agree on a TLS algorithm:
> > >
> > > postfix/smtpd[17880]: connect from ...[...]
> > > postfix/smtpd[17880]: SSL_accept error from ...[...]: -1
> > > postfix/smtpd[17880]: warning: TLS library problem: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:2282:
> > > postfix/smtpd[17880]: lost connection after STARTTLS from ...[...]
> > > postfix/smtpd[17880]: disconnect from ...[...] ehlo=1 starttls=0/1 commands=1/2
> > >
> > > Setting "smtpd_tls_ciphers = low" did not help; the only way to receive
> > > the mails was disabling TLS completely ("smtpd_tls_security_level = none").
> > > But I would like to enable TLS again.
> > >
> > > Do you know what the reason could be and how it could be fixed?
> > > (Change in Postfix default configuration? Bad certificate? Bad TLS library?
> > > Bad TLS on other mailserver?)
> >
> > The crystal ball isn't working. What is the output from:
> > postconf -nf | grep tls

grepp'ed with 'ciphers':
> smtp_tls_ciphers = medium
> smtp_tls_exclude_ciphers = aNULL,eNULL,CAMELLIA
> smtp_tls_mandatory_ciphers = medium
> tls_preempt_cipherlist = yes

Before asking for help, try removing those settings.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: TLS problem: no shared cipher?

Wietse Venema
Wietse Venema:

> Roland Freikamp:
> > On 2020-05-15 12:56:18 -0400, Wietse Venema wrote:
> > > Roland Freikamp:
> > > > Hi,
> > > >
> > > > I recently upgraded my mailserver-linux-system, which also upgraded Postfix
> > > > from 3.4.6 to 3.4.9, and renewed the TLS-certificates (Let's Encrypt).
> > > > The Postfix-configuration did not change.
> > > > Since then, some mails could not be delivered to my server, because it
> > > > seems that the mailservers could not agree on a TLS algorithm:
> > > >
> > > > postfix/smtpd[17880]: connect from ...[...]
> > > > postfix/smtpd[17880]: SSL_accept error from ...[...]: -1
> > > > postfix/smtpd[17880]: warning: TLS library problem: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:2282:
> > > > postfix/smtpd[17880]: lost connection after STARTTLS from ...[...]
> > > > postfix/smtpd[17880]: disconnect from ...[...] ehlo=1 starttls=0/1 commands=1/2
> > > >
> > > > Setting "smtpd_tls_ciphers = low" did not help; the only way to receive
> > > > the mails was disabling TLS completely ("smtpd_tls_security_level = none").
> > > > But I would like to enable TLS again.
> > > >
> > > > Do you know what the reason could be and how it could be fixed?
> > > > (Change in Postfix default configuration? Bad certificate? Bad TLS library?
> > > > Bad TLS on other mailserver?)
> > >
> > > The crystal ball isn't working. What is the output from:
> > > postconf -nf | grep tls
>
> grepp'ed with 'ciphers':
> > smtp_tls_ciphers = medium
> > smtp_tls_exclude_ciphers = aNULL,eNULL,CAMELLIA
> > smtp_tls_mandatory_ciphers = medium
> > tls_preempt_cipherlist = yes
>
> Before asking for help, try removing those settings.

The first three don't affect RECEIVING email, but the last one
may affect the cipher that is chosen. If changing that does not
make a difference then it is possible that the sender has some
exclusive cipher requirements.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: TLS problem: no shared cipher?

Roland Freikamp
In reply to this post by Wietse Venema
> grepp'ed with 'ciphers':
> > smtp_tls_ciphers = medium
> > smtp_tls_exclude_ciphers = aNULL,eNULL,CAMELLIA
> > smtp_tls_mandatory_ciphers = medium
> > tls_preempt_cipherlist = yes
>
> Before asking for help, try removing those settings.
I've removed them; it did not change anything.

The debug-log now says:

postfix/smtpd[12259]: connect from ...[...]
postfix/smtpd[12259]: setting up TLS connection from ...[...]
postfix/smtpd[12259]: ...[...]: TLS cipher list "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH"
postfix/smtpd[12259]: SSL_accept:before SSL initialization
postfix/smtpd[12259]: SSL_accept:before SSL initialization
postfix/smtpd[12259]: SSL3 alert write:fatal:handshake failure
postfix/smtpd[12259]: SSL_accept:error in error
postfix/smtpd[12259]: SSL_accept error from ...[...]: -1
postfix/smtpd[12259]: warning: TLS library problem: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:2282:
postfix/smtpd[12259]: lost connection after STARTTLS from ...[...]
postfix/smtpd[12259]: disconnect from ...[...] ehlo=1 starttls=0/1 commands=1/2

Does that mean that the other server only supports SSL3?
Or could it be that my certificate is ECDSA, but the other server
maybe only supports RSA?


thanks,
Roland
Reply | Threaded
Open this post in threaded view
|

Re: TLS problem: no shared cipher?

Wietse Venema
Roland Freikamp:

> > grepp'ed with 'ciphers':
> > > smtp_tls_ciphers = medium
> > > smtp_tls_exclude_ciphers = aNULL,eNULL,CAMELLIA
> > > smtp_tls_mandatory_ciphers = medium
> > > tls_preempt_cipherlist = yes
> >
> > Before asking for help, try removing those settings.
> I've removed them; it did not change anything.
>
> The debug-log now says:
>
> postfix/smtpd[12259]: connect from ...[...]
> postfix/smtpd[12259]: setting up TLS connection from ...[...]
> postfix/smtpd[12259]: ...[...]: TLS cipher list "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH"
> postfix/smtpd[12259]: SSL_accept:before SSL initialization
> postfix/smtpd[12259]: SSL_accept:before SSL initialization
> postfix/smtpd[12259]: SSL3 alert write:fatal:handshake failure
> postfix/smtpd[12259]: SSL_accept:error in error
> postfix/smtpd[12259]: SSL_accept error from ...[...]: -1
> postfix/smtpd[12259]: warning: TLS library problem: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:2282:
> postfix/smtpd[12259]: lost connection after STARTTLS from ...[...]
> postfix/smtpd[12259]: disconnect from ...[...] ehlo=1 starttls=0/1 commands=1/2
>
> Does that mean that the other server only supports SSL3?
> Or could it be that my certificate is ECDSA, but the other server
> maybe only supports RSA?

If it means that there is a certificate problem then a) that is a
misleading error message and b) I O leave this thread.

(a web search shows that 'no shared cipher' may be reported for
certificate/key related errors, and OpenSSL is not part of the code
that I support).

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: TLS problem: no shared cipher?

Viktor Dukhovni
In reply to this post by Roland Freikamp
On Fri, May 15, 2020 at 10:09:18PM +0200, Roland Freikamp wrote:

> > > smtp_tls_ciphers = medium
> > > smtp_tls_exclude_ciphers = aNULL,eNULL,CAMELLIA
> > > smtp_tls_mandatory_ciphers = medium
> > > tls_preempt_cipherlist = yes
> >
> > Before asking for help, try removing those settings.
> I've removed them; it did not change anything.
>
> The debug-log now says:
>
> postfix/smtpd[12259]: connect from ...[...]
> postfix/smtpd[12259]: setting up TLS connection from ...[...]
> postfix/smtpd[12259]: ...[...]: TLS cipher list "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH"
> postfix/smtpd[12259]: SSL_accept:before SSL initialization
> postfix/smtpd[12259]: SSL_accept:before SSL initialization
> postfix/smtpd[12259]: SSL3 alert write:fatal:handshake failure
> postfix/smtpd[12259]: SSL_accept:error in error
> postfix/smtpd[12259]: SSL_accept error from ...[...]: -1
> postfix/smtpd[12259]: warning: TLS library problem: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:2282:
> postfix/smtpd[12259]: lost connection after STARTTLS from ...[...]
> postfix/smtpd[12259]: disconnect from ...[...] ehlo=1 starttls=0/1 commands=1/2
>
> Does that mean that the other server only supports SSL3?

No.

> Or could it be that my certificate is ECDSA, but the other server
> maybe only supports RSA?

That's quite plausible, and would have been my guess even before you
mentioned this.  For interop, you need an RSA cert, and then you can
*also* have an ECDSA cert.  It gets even more fun with DANE "3 1 1",
when you then need multiple TLSA RRs matching each chain, and multiple
versions of each during key rollover.

--
    Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: TLS problem: no shared cipher?

Roland Freikamp
On 2020-05-15 16:55:50 -0400, Viktor Dukhovni wrote:
> > Or could it be that my certificate is ECDSA, but the other server
> > maybe only supports RSA?
>
> That's quite plausible, and would have been my guess even before you
> mentioned this.  For interop, you need an RSA cert, and then you can
> *also* have an ECDSA cert.
That actually was the reason.
I've created a new RSA cert, and it works again.

Thanks!

Roland
Reply | Threaded
Open this post in threaded view
|

Re: TLS problem: no shared cipher?

@lbutlr
In reply to this post by Roland Freikamp


> On 15 May 2020, at 10:18, Roland Freikamp <[hidden email]> wrote:
>
> Hi,
>
> I recently upgraded my mailserver-linux-system, which also upgraded Postfix
> from 3.4.6 to 3.4.9, and renewed the TLS-certificates (Let's Encrypt).
> The Postfix-configuration did not change.
> Since then, some mails could not be delivered to my server, because it
> seems that the mailservers could not agree on a TLS algorithm:
>
> postfix/smtpd[17880]: connect from ...[...]
> postfix/smtpd[17880]: SSL_accept error from ...[...]: -1
> postfix/smtpd[17880]: warning: TLS library problem: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:2282:
> postfix/smtpd[17880]: lost connection after STARTTLS from ...[...]
> postfix/smtpd[17880]: disconnect from ...[...] ehlo=1 starttls=0/1 commands=1/2

Are you requiring that mailservers connect only with TLS?

That is generally not recommended.

I suspect you are, and that you new upgrade has removed support for the EOLed TLSv1.0 and TLSv1.1.

Normally, a failed negotiation of TLS on smtpd will result in the connection continuing with no encryption.

You should probably have:
smtpd_tls_security_level = may


> Setting "smtpd_tls_ciphers = low”

Do not do that, as a general rule.

> did not help; the only way to receive
> the mails was disabling TLS completely ("smtpd_tls_security_level = none").
> But I would like to enable TLS again.

Then your setting should almost certainly be ‘may’ if you want to receive mail from this server.

> Do you know what the reason could be and how it could be fixed?

You made this a bit harder my eliding most of the log lines, but the failure to establish starttls (starttls=0/1) indicates a failure to negotiate acceptable security between the machines.

The first question is, is the server in question one you WANT to receive mail from? It is pretty rare for me to have a TLS warning anymore, and it is almost always a domain I’ve never heard of. (Today it is starttls-everywhere.org, a 2 year old domain I’ve never heard of). Most of these warnings in my logs are servers that look like spammer domains.

# bzgrep "SSL_accept error from" /var/log/mail.log | awk '{print $9}' | sort -u
171-103-165-86.static.asianet.co.th[171.103.165.86]:
mx-ll-183.88.243-6.dynamic.3bb.co.th[183.88.243.6]:
starttls-everywhere.org[178.128.188.40]:
unknown[102.46.179.30]:
unknown[116.107.125.225]:
unknown[14.187.41.12]:

And then thousands of “unknown” following.

I don’t care about any of these senders.

> (Change in Postfix default configuration? Bad certificate? Bad TLS library?
> Bad TLS on other mailserver?)

Spammer scum, most likely.



--
Beware of geeks bearing .GIF’s


Reply | Threaded
Open this post in threaded view
|

Re: TLS problem: no shared cipher?

Roland Freikamp
On 2020-05-17 12:07:29 -0600, @lbutlr wrote:
> > postfix/smtpd[17880]: connect from ...[...]
> > postfix/smtpd[17880]: SSL_accept error from ...[...]: -1
> > postfix/smtpd[17880]: warning: TLS library problem: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:2282:
> > postfix/smtpd[17880]: lost connection after STARTTLS from ...[...]
> > postfix/smtpd[17880]: disconnect from ...[...] ehlo=1 starttls=0/1 commands=1/2
>
> Are you requiring that mailservers connect only with TLS?
No.

> I suspect you are, and that you new upgrade has removed support for the EOLed TLSv1.0 and TLSv1.1.
No, TLSv1.0 and v1.1 are still active; the problem was the
non-RSA-certificate.

> Normally, a failed negotiation of TLS on smtpd will result in the connection continuing with no encryption.
Unfortunately, not in this case.
It looks like if the other mailserver does not know the
certificate-type, it does not retry without encryption.

> You should probably have:
> smtpd_tls_security_level = may
As I wrote before: I have.

> > did not help; the only way to receive
> > the mails was disabling TLS completely ("smtpd_tls_security_level = none").
> > But I would like to enable TLS again.
>
> Then your setting should almost certainly be ‘may’ if you want to receive mail from this server.
I have tested this, and that does not help here.

> > (Change in Postfix default configuration? Bad certificate? Bad TLS library?
> > Bad TLS on other mailserver?)
>
> Spammer scum, most likely.
No, definitely not.
The problem were incompatible certificate-types (ec384, which were not
supported by the other mailserver). Switching to RSA certificates, and
everything worked again.


Roland