On Fri, May 05, 2023 at 08:28:48PM -0400, Viktor Dukhovni via Postfix-users wrote:
> If your system is a RHEL or recent Fedora or similar system, or perhaps > by now other distributions have joined the club, then you'll to find the > relevant crypto policy file and dial it down a bit (on an MTA doing > opportunistic TLS, RSA with SHA1 is better than cleartext). This is looking increasingly likely, setting the crypto policy on Fedora 36 to "DEFAULT:NO-SHA1", and disabling the anon-DH ciphers, I observe: $ /usr/sbin/posttls-finger -c -Lsummary,ssl-debug -o tls_medium_cipherlist='DEFAULT:@SECLEVEL=0' -lmay -p TLSv1 "[$(uname -n)]" posttls-finger: SSL_connect:before SSL initialization posttls-finger: SSL_connect:SSLv3/TLS write client hello posttls-finger: SSL_connect:SSLv3/TLS write client hello posttls-finger: SSL_connect:SSLv3/TLS read server hello posttls-finger: SSL_connect:SSLv3/TLS read server certificate posttls-finger: SSL3 alert write:fatal:internal error posttls-finger: SSL_connect:error in error posttls-finger: SSL_connect error to ... -1 posttls-finger: warning: TLS library problem: error:03000098:digital envelope routines::invalid digest:crypto/evp/m_sigver.c:343: posttls-finger: warning: TLS library problem: error:0A080006:SSL routines::EVP lib:ssl/statem/statem_clnt.c:2284: The default setting of "tls_medium_cipherlist" enables and prefers "aNULL" ciphers, for which the key exchange is not signed (with a combined SHA1, MD5 PRF in TLS 1.0, IIRC), and the handshake succeeds. In terms of decoupling Postfix from unfit for purpose system-wide crypto policies, the below patch appears to be minimally sufficient, but a more systematic fix would be to make the configuration file selectable (none or an explicit choice), and for various "SSL_CONF" settings to be accessible via suitable main.cf overrides. I had hoped to do that circa Postfix 3.6, but did not find the requisite cycles. -- Viktor. --- src/tls/tls_client.c +++ src/tls/tls_client.c @@ -682,6 +682,11 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props) */ tls_check_version(); + /* + * Opt out of default system-wide configuration settings + */ + OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL); + /* * Create an application data index for SSL objects, so that we can * attach TLScontext information; this information is needed inside --- src/tls/tls_server.c +++ src/tls/tls_server.c @@ -420,6 +420,11 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) */ tls_check_version(); + /* + * Opt out of default system-wide configuration settings + */ + OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL); + /* * First validate the protocols. If these are invalid, we can't continue. */ _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org