Re: openssl3+postfix issue (ca md too weak)

[Manuel Bouyer <bouyer%antioche.eu.org@localhost>]

On Mon, Nov 13, 2023 at 10:56:00PM +0100, Joerg Sonnenberger wrote:
> On Monday, November 13, 2023 8:34:04 PM CET Manuel Bouyer wrote:
> > Hello
> > I'm facing an issue with postfix+openssl3 which may be critical (depending
> > on how it can be fixed).
> > 
> > Now my postfix setup fails to send mails with
> > Nov 13 20:20:53 comore postfix/smtp[6449]: warning: TLS library problem: error:0A00018E:SSL routines::ca md too weak:/usr/src/crypto/external/bsd/openssl/dist/ssl/statem/statem_lib.c:984:
> > 
> > From what I understood, this is the remote certificate which is not accepted:
> > openssl 3 deprecated some signature algorithm, which are no longer accepted
> > with @SECLEVEL=1 (which is the default).
> > In server's certificate chain all but the last one are signed with
> > sha384WithRSAEncryption (which should be OK). The last one (the root
> > certificate) is signed with RSA-SHA1 and I don't think this will change
> > soon:
> >  3 s:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = A
> >  AA Certificate Services
> >    i:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = A
> >  AA Certificate Services
> >    a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA1
> >    v:NotBefore: Jan  1 00:00:00 2004 GMT; NotAfter: Dec 31 23:59:59 2028 GMT
> > 
> > So, as far as I understand, we end up with a postfix installation which
> > can't talk to servers with valid certificates.
> 
> NIST has been sunsetting SHA1 for a long time, 2016 in fact. In many cases, there is a better trust chain
> for Comodo intermediary certificates and admins should be installing those.

My chain is from October, not that old.
Maybe our CA is not completely up to date; I will have to check that.

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--