Re: openssl3+postfix issue (ca md too weak)

[Joerg Sonnenberger <joerg%bec.de@localhost>]

On Monday, November 13, 2023 8:34:04 PM CET Manuel Bouyer wrote:
> Hello
> I'm facing an issue with postfix+openssl3 which may be critical (depending
> on how it can be fixed).
> 
> Now my postfix setup fails to send mails with
> Nov 13 20:20:53 comore postfix/smtp[6449]: warning: TLS library problem: error:0A00018E:SSL routines::ca md too weak:/usr/src/crypto/external/bsd/openssl/dist/ssl/statem/statem_lib.c:984:
> 
> From what I understood, this is the remote certificate which is not accepted:
> openssl 3 deprecated some signature algorithm, which are no longer accepted
> with @SECLEVEL=1 (which is the default).
> In server's certificate chain all but the last one are signed with
> sha384WithRSAEncryption (which should be OK). The last one (the root
> certificate) is signed with RSA-SHA1 and I don't think this will change
> soon:
>  3 s:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = A
>  AA Certificate Services
>    i:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = A
>  AA Certificate Services
>    a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA1
>    v:NotBefore: Jan  1 00:00:00 2004 GMT; NotAfter: Dec 31 23:59:59 2028 GMT
> 
> So, as far as I understand, we end up with a postfix installation which
> can't talk to servers with valid certificates.

NIST has been sunsetting SHA1 for a long time, 2016 in fact. In many cases, there is a better trust chain
for Comodo intermediary certificates and admins should be installing those.

Joerg