On Fri, Dec 27, 2013 at 09:39:52PM +0000, Viktor Dukhovni wrote: > On Fri, Dec 27, 2013 at 03:28:46PM -0600, Bobber wrote: > > > >=== TLS started w/ cipher DES-CBC3-SHA > > >=== TLS peer subject DN="/C=US/ST=Missouri/L=Saint Louis/O=The > > >Lawrence Group/OU=IT/OU=Terms of use at www.verisign.com/rpa > > >(c)05/CN=mail.thelawrencegroup.com" > > There's your problem! This server (likely Exchange 2003) has a > broken implementation of 3DES CBC padding (search Postfix users > archives for my posts on the subject), and your cipher list is > either long enough to cause it to not see RC4-SHA and RC4-MD5 or > you've disabled RC4 (directly, or by only enabling HIGH grade > ciphers). > > Exchange 2003 servers can't do better than RC4-SHA.
Confirmed, this server has the Exchange 2003 cipher-count limit problem. When RC4-SHA and RC4-MD5 are too low on the cipher-list, TLS breaks. If your MTA allows you configure a custom set of cipher suites for a given set of destinations, then configure this set of cipher suites for mail sent to Exchange 2003 machines (cipherlist setting for Postfix "transport", Exim "router", Sendmail "mailer", etc): aRSA+AES128+kEECDH:aRSA+AES128+kEDH:aRSA+AES128+kRSA:RC4-SHA:@STRENGTH This cipherlist allows for the possibility of eventual upgrades that yield AES128 support, but otherwise falls back to RC4-SHA. The list if matching ciphers is well short of the 64 limit. In OpenSSL 1.0.1e it comes to: $ openssl ciphers -v \ 'aRSA+AES128+kEECDH:aRSA+AES128+kEDH:aRSA+AES128+kRSA:RC4-SHA:@STRENGTH' ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org