tech-crypto archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: openssl3+postfix issue (ca md too weak)



On Mon, Nov 13, 2023 at 10:24:56PM +0100, Steffen Nurpmeso wrote:
> Manuel Bouyer wrote in
>  <ZVJ6LIrEPxlCEbNB%antioche.eu.org@localhost>:
>  |Hello
>  |I'm facing an issue with postfix+openssl3 which may be critical (depending
>  |on how it can be fixed).
>  |
>  |Now my postfix setup fails to send mails with
>  |Nov 13 20:20:53 comore postfix/smtp[6449]: warning: TLS library problem: \
>  |error:0A00018E:SSL routines::ca md too weak:/usr/src/crypto/external/bsd\
>  |/openssl/dist/ssl/statem/statem_lib.c:984:
>  |
>  |>From what I understood, this is the remote certificate which is not \
>  |>accepted:
>  |openssl 3 deprecated some signature algorithm, which are no longer accepted
>  |with @SECLEVEL=1 (which is the default).
>  |In server's certificate chain all but the last one are signed with
>  |sha384WithRSAEncryption (which should be OK). The last one (the root
>  |certificate) is signed with RSA-SHA1 and I don't think this will change
>  |soon:
>  | 3 s:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, \
>  | CN = A
>  | AA Certificate Services
>  |   i:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, \
>  |   CN = A
>  | AA Certificate Services
>  |   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA1
>  |   v:NotBefore: Jan  1 00:00:00 2004 GMT; NotAfter: Dec 31 23:59:59 \
>  |   2028 GMT
>  |
>  |So, as far as I understand, we end up with a postfix installation which
>  |can't talk to servers with valid certificates.
>  |
>  |The solution (from google) would be to force @SECLEVEL=0 but I didn't find
>  |a way to do this for postfix. The solutions I've seen were for openvpn or
>  |curl, but nothing about postfix :(
> 
> Isn't that just postfix config.

It's possible; but I didn't find anything relevant in the postfix docs

> Btw *i* have no problem with
> 
>   smtpd_tls_ask_ccert = no
>   smtpd_tls_auth_only = yes
>   smtpd_tls_loglevel = 1
>   #SMART The next is usually nice but when using client certificates
>   smtpd_tls_received_header = no
>   smtpd_tls_fingerprint_digest = sha256
>   smtpd_tls_mandatory_protocols = >=TLSv1.2
>   smtpd_tls_protocols = $smtpd_tls_mandatory_protocols
>   # super modern, forward secrecy TLSv1.2 / TLSv1.3 selection..
>   tls_high_cipherlist = EECDH+AESGCM:EECDH+AES256:EDH+AESGCM:CHACHA20
>   smtpd_tls_mandatory_ciphers = high
>   smtpd_tls_mandatory_exclude_ciphers = TLSv1
> 
> ^ This works in practice without any noticeable trouble.
> (But then i again i do not have to make money from that or my
> customers who must talk to ten year old refrigerators.)

this is only server-side configuration; my problem is with client-side
rejecting the server's certificate

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--


Home | Main Index | Thread Index | Old Index