Re: OpenSSL 1.0.1g and sendmail/postfix TLS handshakes

[Patrick Welche <prlw1%cam.ac.uk@localhost>]

On Wed, Jul 02, 2014 at 09:50:55AM -0400, Greg Troxel wrote:
> 
> Stephen Borrill <netbsd%precedence.co.uk@localhost> writes:
> 
> > The upgrade to OpenSSL 1.0.1g included more than just the Heartbleed
> > fix. A workaround for TLS v1.2 interoperability with F5 load-balancers
> > was sneaked in too. This causes problems with some IronPort email
> > appliances and unfortunately, these seem to be annoying
> > common. Sendmail just fails with TLS handshake failed and does not
> > fall back to plain text.
> >
> > There are a couple of workarounds:
> > 1) Compile OpenSSL with #define TLSEXT_TYPE_padding 21 commented out
> > 2) Build sendmail with -D_FFR_TLS_1 and then use ClientSSLOptions to
> > disable TLS v1.2 (postfix users would need to handle this
> > differently).
> 
> This seems like quite a mess.  As I understand it, the F5 devices are
> buggy, and there's a protocol change to avoid that, and that change
> exposes bugs on the ironport devices (referenced to the older specs,
> which say this new padding extension should be ignored, presumably).
> 
> It seems like the right fix is for sendmail to retry without TLS (if
> it's not configured to require TLS, of course).  Taking the extension
> out of openssl seems reasonable as well, since only buggy peers need it.
> Downgrading TLS for all mail seems less reasonable, as it has a negative
> impact on communications with standards-conforming peers.
> 
> Another idea is to make the openssl use of the extension configurable,
> so that it can be easily disabled without rebuilding.

It seems that this has now been addressed in

http://rt.openssl.org/Ticket/Display.html?id=3336

so "the padding extension is no longer used by default" since 1 June 2014.


I think the padding option should should just be zapped from pkgsrc, and
the next openssl update will make it easy for F5 users to enable the
work around.

Thoughts?

Cheers,

Patrick