Re: openssl3+postfix issue (ca md too weak)

[Manuel Bouyer <bouyer%antioche.eu.org@localhost>]

On Tue, Nov 14, 2023 at 02:39:53AM +0000, Taylor R Campbell wrote:
> [trimming tech-crypto from cc because this is a policy and
> configuration issue, not a cryptography issue]
> 
> > Date: Mon, 13 Nov 2023 20:34:04 +0100
> > From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
> > 
> > I'm facing an issue with postfix+openssl3 which may be critical (depending
> > on how it can be fixed).
> > 
> > Now my postfix setup fails to send mails with
> > Nov 13 20:20:53 comore postfix/smtp[6449]: warning: TLS library problem: error:0A00018E:SSL routines::ca md too weak:/usr/src/crypto/external/bsd/openssl/dist/ssl/statem/statem_lib.c:984:
> 
> 1. This says `warning'; does the mail actually fail to go through, or
>    are you just alarmed by the warning?

it fails:
Nov 13 20:21:48 comore postfix/smtp[4182]: warning: TLS library problem: error:0A00018E:SSL routines::ca md too weak:/usr/src/crypto/external/bsd/openssl/dist/ssl/statem/statem_lib.c:984:
Nov 13 20:21:48 comore postfix/smtp[4182]: D2EF31805C: to=<bouyer%lip6.fr@localhost>, relay=mail.soc.lip6.fr[132.227.86.2]:465, delay=1441, delays=1441/0.05/0.02/0, dsn=4.7.5, status=deferred (Cannot start TLS: handshake failure)


> 
> 2. Can you describe your mail topology?

This is a simple mail client (my laptop); outgoing emails go through
2 mails servers (depending on the from, and a relay map). Both mail
servers requires SMTP AUTH (which is why I enforce
smtp_tls_security_level = verify), configured as:
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/home/bouyer/.postfix/sasl_passwd
smtp_sasl_security_options = noanonymous

> 
> 3. Can you describe the postfix configuration on every node involved
>    in the topology?

the mails servers this client talks to are both running sendmail,
on netbsd-9

> 4. Can you share master.cf on every node involved if it's not the
>    default?

on the client master.cf is the default, with this additional line:
relay-smtps unix -      -       n       -       -       smtp
        # Client-side SMTPS requires "encrypt" or stronger.
	-o smtp_tls_security_level=verify
	-o smtp_tls_wrappermode=yes
	-o smtp_starttls_timeout=60
	-o smtp_helo_timeout=60
> 
> 5. If you connect to the server with `openssl s_client', what happens?

It works:
openssl s_client -connect mail.soc.lip6.fr:465 -verify_return_error
[...]
    Start Time: 1699948718
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
220 asim.lip6.fr ESMTP Sendmail 8.15.2/8.15.2; Tue, 14 Nov 2023 08:58:37 +0100 (MET)

Also, tnftp talking to a web server with the exact same certificate and
certificate chain has no problem either

This is one of the thing I have a hard time to understand: why can't I
reproduce this error with other TLS client ?

> 
> > So, as far as I understand, we end up with a postfix installation which
> > can't talk to servers with valid certificates.
> 
> Unless anything has changed in the past couple years, I don't think
> there is any widespread deployment of SMTP TLS server authentication
> that means anything for general MTAs -- at best, TLS in SMTP serves as
> opportunistic encryption to defend against passive eavesdroppers.

There is actually, for SMTP AUTH
And I don't think using an MTA for SMTP AUTH is that unusual

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--