Unusual TLS setting logged by Postfix

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Unusual TLS setting logged by Postfix

J Doe
Hello,

I am aware that this is not an error on Postfix’s fault, but I found the following entry in one of mail server’s logs confusing.  I am using Postfix 3.3.0:

Oct 21 06:09:51 server postfix/smtpd[31405]: Anonymous TLS connection established from unknown[77.120.120.29]:33126: TLSv1 with cipher AES256-SHA (256/256 bits)

From what I gather, a TLS v1.0 connection was made with AES256 for the symmetric cipher and SHA-1 for integrity, but:

— There is neither DH/DHE/ECDHE at the start.  What public key negotiation was done ?
— There is no mode for AES256 (neither old CBC or newer, recommended GCM).  What mode was used ?

Thanks,

- J
Reply | Threaded
Open this post in threaded view
|

Re: Unusual TLS setting logged by Postfix

Viktor Dukhovni
On Mon, Oct 21, 2019 at 03:48:10PM -0400, J Doe wrote:

> I am aware that this is not an error on Postfix’s fault, but I found the
> following entry in one of mail server’s logs confusing.

It is nevertheless rather ordinary...

> Oct 21 06:09:51 server postfix/smtpd[31405]:
>   Anonymous TLS connection established from unknown[77.120.120.29]:33126:
>   TLSv1 with cipher AES256-SHA (256/256 bits)

    $ openssl ciphers -stdname -s -tls1 -V AES256-SHA
    0x00,0x35 - TLS_RSA_WITH_AES_256_CBC_SHA - AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1

> — There is neither DH/DHE/ECDHE at the start.  What public key negotiation was done ?
> — There is no mode for AES256 (neither old CBC or newer, recommended GCM).  What mode was used ?

See above.

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Unusual TLS setting logged by Postfix

J Doe

> On Oct 22, 2019, at 1:18 AM, Viktor Dukhovni <[hidden email]> wrote:
>
>    $ openssl ciphers -stdname -s -tls1 -V AES256-SHA
>    0x00,0x35 - TLS_RSA_WITH_AES_256_CBC_SHA - AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1

Hi Viktor,

Ah, cool - I did not realize I could use the openssl command to “translate” the string that way.

I see the AES mode, now, but I still can’t see whether DH/DHE/ECDHE was used for negotiation (or am I missing that in the output) ?

Thanks,

- J
Reply | Threaded
Open this post in threaded view
|

Re: Unusual TLS setting logged by Postfix

Viktor Dukhovni
On Tue, Oct 22, 2019 at 05:37:14PM -0400, J Doe wrote:

> > On Oct 22, 2019, at 1:18 AM, Viktor Dukhovni <[hidden email]> wrote:
> >
> >    $ openssl ciphers -stdname -s -tls1 -V AES256-SHA
> >    0x00,0x35 - TLS_RSA_WITH_AES_256_CBC_SHA - AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
>
> Ah, cool - I did not realize I could use the openssl command to “translate”
> the string that way.
>
> I see the AES mode, now, but I still can’t see whether DH/DHE/ECDHE was
> used for negotiation (or am I missing that in the output) ?

You see them not used.  Kx=RSA.  See ciphers(1):

       -v  Verbose output: For each cipher suite, list details as provided by
           SSL_CIPHER_description(3).

SSL_CIPHER_description(3):

    ...

       SSL_CIPHER_get_kx_nid() returns the key exchange NID corresponding to
       the method used by c. If there is no key exchange, then NID_undef is
       returned.  If any appropriate key exchange algorithm can be used (as in
       the case of TLS 1.3 cipher suites) NID_kx_any is returned. Examples
       (not comprehensive):

        NID_kx_rsa
        NID_kx_ecdhe
        NID_kx_dhe
        NID_kx_psk

    ...

       The string returned by SSL_CIPHER_description() consists of several
       fields separated by whitespace:

       <ciphername>
           Textual representation of the cipher name.

       <protocol version>
           The minimum protocol version that the ciphersuite supports, such as
           TLSv1.2.  Note that this is not always the same as the protocol
           version in which the ciphersuite was first defined because some
           ciphersuites are backwards compatible with earlier protocol
           versions.

       Kx=<key exchange>
           Key exchange method such as RSA, ECDHE, etc.

       Au=<authentication>
           Authentication method such as RSA, None, etc.. None is the
           representation of anonymous ciphers.

       Enc=<symmetric encryption method>
           Encryption method, with number of secret bits, such as AESGCM(128).

       Mac=<message authentication code>
           Message digest, such as SHA256.

       Some examples for the output of SSL_CIPHER_description():

        ECDHE-RSA-AES256-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
        RSA-PSK-AES256-CBC-SHA384 TLSv1.0 Kx=RSAPSK   Au=RSA  Enc=AES(256)  Mac=SHA384

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Unusual TLS setting logged by Postfix

J Doe

On Oct 22, 2019, at 9:08 PM, Viktor Dukhovni <[hidden email]> wrote:

You see them not used.  Kx=RSA.  See ciphers(1):

Hi Viktor,

Thank you for sending this - for some reason, I had it in my mind that key distribution was only via DH/DHE/ECDHE and I completely forgot about RSA (as well as a couple of others, which are also helpfully displayed in the TLS article on Wikipedia[1]).

- J