On Thu, Oct 02, 2014 at 01:48:10PM +0200, Per Thorsheim wrote: > Mozilla and others have reported on old web clients that doesn't support > the use of new SHA-256 signed SSL certificates on websites. In a recent > thread at Mozilla > https://bugzilla.mozilla.org/show_bug.cgi?id=1064387#c6, there's a > reference to Qualys:
The SMTP MTA world has a substantially different mix of TLS software than what one sees in browers and web servers. And, most importantly, most MTA to MTA SMTP is opportunistic TLS with no authentication. Therefore certificate signature errors often don't cause any problems, the certificate can be not verified for all kinds of reasons, all of which are ignored. > "At this time, a site could use two certificates: ECDSA+SHA256 for > modern clients and RSA+SHA1 for older clients." > https://community.qualys.com/blogs/securitylabs/2014/09/09/sha1-deprecation-what-you-need-to-know > A feature supported by Apache at least. Postfix supports exactly one certificate/private key pair per public-key algorithm: smtpd_tls_cert_{key,file} smtpd_tls_dcert_{key,file} smtpd_tls_eccert_{key,file} Due to limitations in currenly released OpenSSL versions the intermediate certificates from the last of these that is loaded, set the intermediate certificates for all algorithms. Therefore, you need to put all the CAs from any of the certificates in all the certificate chain files. > Is this something Postfix can do as well for STARTTLS support? Yes. As above. Though you should note that if you're not publishing DANE TLSA records, generally nobody cares whether your certificate signature is valid. There well be no reason to bother. > Eventually any other ideas or experiences with using SHA-256 > certificates that have caused problems for STARTTLS, or ex. appliances > that doesn't support it? I've not heard of any problems. > I already know that Cisco Ironport and Barracuda appliances only > supports up to and including TLSv1, haven't found any info there for > SHA-256 certificates yet. There are now many domains with MX hosts that have SHA256 certs only. I don't recall any problems reported on this list relating to such a configuration. -- Viktor.
