Re: Verisign Problem with smtp tls

Fri, 27 Dec 2013 14:21:39 -0800 

On Fri, Dec 27, 2013 at 09:39:52PM +0000, Viktor Dukhovni wrote:

> On Fri, Dec 27, 2013 at 03:28:46PM -0600, Bobber wrote:
> 
> > >=== TLS started w/ cipher DES-CBC3-SHA
> > >=== TLS peer subject DN="/C=US/ST=Missouri/L=Saint Louis/O=The
> > >Lawrence Group/OU=IT/OU=Terms of use at www.verisign.com/rpa
> > >(c)05/CN=mail.thelawrencegroup.com"
> 
> There's your problem!  This server (likely Exchange 2003) has a
> broken implementation of 3DES CBC padding (search Postfix users
> archives for my posts on the subject), and your cipher list is
> either long enough to cause it to not see RC4-SHA and RC4-MD5 or
> you've disabled RC4 (directly, or by only enabling HIGH grade
> ciphers).
> 
> Exchange 2003 servers can't do better than RC4-SHA.

Confirmed, this server has the Exchange 2003 cipher-count limit
problem.  When RC4-SHA and RC4-MD5 are too low on the cipher-list,
TLS breaks.

If your MTA allows you configure a custom set of cipher suites for
a given set of destinations, then configure this set of cipher
suites for mail sent to Exchange 2003 machines (cipherlist setting
for Postfix "transport", Exim "router", Sendmail "mailer", etc):

    aRSA+AES128+kEECDH:aRSA+AES128+kEDH:aRSA+AES128+kRSA:RC4-SHA:@STRENGTH

This cipherlist allows for the possibility of eventual upgrades
that yield AES128 support, but otherwise falls back to RC4-SHA.
The list if matching ciphers is well short of the 64 limit.  In
OpenSSL 1.0.1e it comes to:

$ openssl ciphers -v \
    'aRSA+AES128+kEECDH:aRSA+AES128+kEDH:aRSA+AES128+kRSA:RC4-SHA:@STRENGTH'
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1

-- 
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to