posttls-finger

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

posttls-finger

Patrik Båt
Hello!

The fingerprint that posttls-finger is returning, what fingerprint is
this? it doesn’t match the one I'm getting from the certificate using:

openssl x509 -in cert.pem -noout -pubkey | openssl rsa -pubin -outform
DER | openssl dgst -md5 -c

Best regards, Patrik.


signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: posttls-finger

Matthias Schneider
Am 20.11.2014 um 10:07 schrieb Patrik Båt:

> Hello!
>
> The fingerprint that posttls-finger is returning, what fingerprint is
> this? it doesn’t match the one I'm getting from the certificate using:
>
> openssl x509 -in cert.pem -noout -pubkey | openssl rsa -pubin -outform
> DER | openssl dgst -md5 -c
>
> Best regards, Patrik.
>
Hello,

try:
openssl x509 -in cert.pem -fingerprint

on my system the returned SHA1 fingerprint is the same as in posttls-finger

Best regards,
Matthias Schneider
Reply | Threaded
Open this post in threaded view
|

Re: posttls-finger

Patrik Båt
On 2014-11-20 10:18, Matthias Schneider wrote:

> Am 20.11.2014 um 10:07 schrieb Patrik Båt:
>> Hello!
>>
>> The fingerprint that posttls-finger is returning, what fingerprint is
>> this? it doesn’t match the one I'm getting from the certificate using:
>>
>> openssl x509 -in cert.pem -noout -pubkey | openssl rsa -pubin -outform
>> DER | openssl dgst -md5 -c
>>
>> Best regards, Patrik.
>>
> Hello,
>
> try:
> openssl x509 -in cert.pem -fingerprint
>
> on my system the returned SHA1 fingerprint is the same as in
> posttls-finger
>
> Best regards,
> Matthias Schneider
Ah thanks for the heads up, posttls-finger returned sha1, probably
because it runs OpenSSL 1.0.x.
Reply | Threaded
Open this post in threaded view
|

Re: posttls-finger

Patrik Båt
On 2014-11-20 10:27, Patrik Båt wrote:

> On 2014-11-20 10:18, Matthias Schneider wrote:
>> Am 20.11.2014 um 10:07 schrieb Patrik Båt:
>>> Hello!
>>>
>>> The fingerprint that posttls-finger is returning, what fingerprint is
>>> this? it doesn’t match the one I'm getting from the certificate using:
>>>
>>> openssl x509 -in cert.pem -noout -pubkey | openssl rsa -pubin -outform
>>> DER | openssl dgst -md5 -c
>>>
>>> Best regards, Patrik.
>>>
>> Hello,
>>
>> try:
>> openssl x509 -in cert.pem -fingerprint
>>
>> on my system the returned SHA1 fingerprint is the same as in
>> posttls-finger
>>
>> Best regards,
>> Matthias Schneider
> Ah thanks for the heads up, posttls-finger returned sha1, probably
> because it runs OpenSSL 1.0.x.
"The best practice algorithm is now sha1", maybe thats why it is default
in posttls-finger, or what do you say Viktor? :)


signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: posttls-finger

Viktor Dukhovni
In reply to this post by Patrik Båt
On Thu, Nov 20, 2014 at 10:07:26AM +0100, Patrik B?t wrote:

> The fingerprint that posttls-finger is returning, what fingerprint is
> this? it doesn?t match the one I'm getting from the certificate using:

From the manpage for posttls-finger(1):

    $ tar zxf postfix-2.11.3.tar.gz
    $ cd postfix-2.11.3
    $ man -M ./man posttls-finger
      ...

       -d mdalg (default: sha1)
              The message digest algorithm to use for reporting
              remote SMTP server fingerprints and  matching against
              user provided certificate fingerprints (with DANE
              TLSA records the algorithm is specified in the DNS).

The parenthetical text is slightly misleading, while the digest
used to verify the TLSA RRs is taken from the DNS, the digest
reported is still the one from the "-d" option.  So I often
use:

        posttls-finger -d sha256 example.com.

> openssl x509 -in cert.pem -noout -pubkey |
>   openssl rsa -pubin -outform DER |
>   openssl dgst -md5 -c

Note MD5 digests are always 16 octets, SHA-1 digests are 20 octets,
and SHA2-256 digests are 32 octets.  So you should be able to
determine the algorithm from the output length.

The above is a public key MD5 digest, for TLSA records you'll want
a SHA2-256 digest.

    openssl x509 -in cert.pem -noout -pubkey |
        openssl rsa -pubin -outform DER |
        openssl dgst -sha256

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: posttls-finger

Viktor Dukhovni
In reply to this post by Patrik Båt
On Thu, Nov 20, 2014 at 10:42:20AM +0100, Patrik B?t wrote:

> > Ah thanks for the heads up, posttls-finger returned sha1, probably
> > because it runs OpenSSL 1.0.x.
>
> "The best practice algorithm is now sha1", maybe thats why it is default
> in posttls-finger, or what do you say Viktor? :)

That was written when MD5 was still in wide use.  At this point
even SHA-1 is no longer best practice.  Instead, in many cases
SHA2-256 is now preferred.  There are still many cases for which
SHA-1 is quite sufficient, but you have to understand the
context to determine whether this applies.

It seems that as a community, for better or worse, we tend to
abandon crypto algorithms for all use-cases as soon as any use-case
is broken.  Therefore, SHA-1 is also now deprecated, even though
e.g. SHA1-HMAC is still quite safe, and uses that only depend on
2nd-preimage resistance are also IIRC safe at this time.

However, Postfix maintains a backwards-compatible default of md5.
Perhaps now that we have a compatibility level, we could at least
move to sha1 (moving to SHA2-256 would break with very old, but
still supported by Postfix OpenSSL releases).

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: posttls-finger

Patrik Båt
On 2014-11-20 18:21, Viktor Dukhovni wrote:

> On Thu, Nov 20, 2014 at 10:42:20AM +0100, Patrik B?t wrote:
>
>>> Ah thanks for the heads up, posttls-finger returned sha1, probably
>>> because it runs OpenSSL 1.0.x.
>> "The best practice algorithm is now sha1", maybe thats why it is default
>> in posttls-finger, or what do you say Viktor? :)
> That was written when MD5 was still in wide use.  At this point
> even SHA-1 is no longer best practice.  Instead, in many cases
> SHA2-256 is now preferred.  There are still many cases for which
> SHA-1 is quite sufficient, but you have to understand the
> context to determine whether this applies.
>
> It seems that as a community, for better or worse, we tend to
> abandon crypto algorithms for all use-cases as soon as any use-case
> is broken.  Therefore, SHA-1 is also now deprecated, even though
> e.g. SHA1-HMAC is still quite safe, and uses that only depend on
> 2nd-preimage resistance are also IIRC safe at this time.
>
> However, Postfix maintains a backwards-compatible default of md5.
> Perhaps now that we have a compatibility level, we could at least
> move to sha1 (moving to SHA2-256 would break with very old, but
> still supported by Postfix OpenSSL releases).
>
Thanks for the info Viktor, I will move to sha256 and for those with
very old openssl they will need to upgrade, btw do you know from what
version sha2-256 is supported by openssl? or maybe my google skillz can
help me with that. Thanks again Viktor!
Reply | Threaded
Open this post in threaded view
|

Re: posttls-finger

Patrik Båt
On 2014-11-21 09:50, Patrik Båt wrote:

> On 2014-11-20 18:21, Viktor Dukhovni wrote:
>> On Thu, Nov 20, 2014 at 10:42:20AM +0100, Patrik B?t wrote:
>>
>>>> Ah thanks for the heads up, posttls-finger returned sha1, probably
>>>> because it runs OpenSSL 1.0.x.
>>> "The best practice algorithm is now sha1", maybe thats why it is default
>>> in posttls-finger, or what do you say Viktor? :)
>> That was written when MD5 was still in wide use.  At this point
>> even SHA-1 is no longer best practice.  Instead, in many cases
>> SHA2-256 is now preferred.  There are still many cases for which
>> SHA-1 is quite sufficient, but you have to understand the
>> context to determine whether this applies.
>>
>> It seems that as a community, for better or worse, we tend to
>> abandon crypto algorithms for all use-cases as soon as any use-case
>> is broken.  Therefore, SHA-1 is also now deprecated, even though
>> e.g. SHA1-HMAC is still quite safe, and uses that only depend on
>> 2nd-preimage resistance are also IIRC safe at this time.
>>
>> However, Postfix maintains a backwards-compatible default of md5.
>> Perhaps now that we have a compatibility level, we could at least
>> move to sha1 (moving to SHA2-256 would break with very old, but
>> still supported by Postfix OpenSSL releases).
>>
> Thanks for the info Viktor, I will move to sha256 and for those with
> very old openssl they will need to upgrade, btw do you know from what
> version sha2-256 is supported by openssl? or maybe my google skillz can
> help me with that. Thanks again Viktor!
Reply to myself and who cares:

OpenSSL     0.9.8o+ (maybe n aswell)
GNUTLS      1.7.4+