On Wed, Aug 19, 2015 at 06:30:43PM +0200, Michael Grimm wrote:
> This is postfix 3.0.2 and FreeBSD-10.2/STABLE. I switched from OpenSLL to
> LibreSSL some month ago.
LibreSSL is not tested with Postfix, and so not officially supported.
> My relevant SSL/TLS settings for receiving mail didn't change ever since that
> time (postconf -n | grep tls | grep smtpd)
> smtpd_use_tls = yes
Obsolete.
> smtpd_tls_auth_only = yes
> smtpd_tls_security_level = may
> smtpd_tls_loglevel = 1
> smtpd_tls_cert_file = /path-to-pem/my-server.pem
> smtpd_tls_key_file = /path-to-pem/my-server.pem
> smtpd_tls_security_level = may
> smtpd_tls_protocols = !SSLv2 !SSLv3
> smtpd_tls_ciphers = medium
> smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
> smtpd_tls_mandatory_ciphers = high
> smtpd_tls_dh1024_param_file = /path-to-pem/dh-2048.pem
> smtpd_tls_dh512_param_file = /path-to-pem/dh-512.pem
Looks good.
> After my recent upgrade of LibreSSL to 2.2.2 some servers fail to deliver
> mail.
Check the LibreSSL release notes.
> Previous LibreSSL 2.2.1: *all* those servers delivered their mail as
> reported by logwatch; example:
>
> 16 Anonymous: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
> 1 1.2.3.4 xxx.xxx
Well, LibreSSL 2.2.2 must have broken something. If you want more
help, you'll need to disclose the IP address of your server.
The servers in question must be doing something more exotic than you
report (or I am testing the wrong server):
$ posttls-finger -c -p TLSv1 -lsecure -Lsummary \
-o "tls_medium_cipherlist=DHE-RSA-AES256-SHA" \
odo.in-berlin.de
mx1.enfer-du-nord.net[87.98.149.189]:25: TLSv1 with cipher
DHE-RSA-AES256-SHA (256/256 bits)
> In the release notes of LibreSSL 2.2.2
> (http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.2-relnotes.txt) I
> do find:
> * Removed SSLv3 support from openssl(1)
But the previous connections where TLS 1.0, not SSL 3.0. And they
did not remove the "SSL 3.0" ciphers, that are needed for TLS 1.0
support.
> But I do find SSLv3 protocol entries:
> mail> openssl version
> LibreSSL 2.2.2
> mail> openssl ciphers -v | grep ^DHE-RSA-AES256-SHA
> DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256)
> Mac=SHA256
> DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
That's not SSL 3.0 protocol support. That's a cipher suite that
was introduced with SSL 3.0 and is also used for TLS 1.0 through
TLS 1.2.
> Sigh, I do have to admit that crypto configuration isn't well understood
> by myself, thus I feel lost here. But every hint is highly appreciated.
Postfix default settings strive to free users of the burden of
becoming experts at cryptography. Use largely default settings,
or overrides recommended as sensible alternatives in the documentation.
Plus the settings in my recent post on best practice TLS configuration.
> (BTW: is this off-topic for that list? If so, tell me then. I will move
> to a recommended ML.)
No, this is on topic.
--
Viktor.
