On Fri, May 05, 2023 at 08:28:48PM -0400, Viktor Dukhovni via Postfix-users
wrote:
> If your system is a RHEL or recent Fedora or similar system, or perhaps
> by now other distributions have joined the club, then you'll to find the
> relevant crypto policy file and dial it down a bit (on an MTA doing
> opportunistic TLS, RSA with SHA1 is better than cleartext).
This is looking increasingly likely, setting the crypto policy on
Fedora 36 to "DEFAULT:NO-SHA1", and disabling the anon-DH ciphers,
I observe:
$ /usr/sbin/posttls-finger -c -Lsummary,ssl-debug -o
tls_medium_cipherlist='DEFAULT:@SECLEVEL=0' -lmay -p TLSv1 "[$(uname -n)]"
posttls-finger: SSL_connect:before SSL initialization
posttls-finger: SSL_connect:SSLv3/TLS write client hello
posttls-finger: SSL_connect:SSLv3/TLS write client hello
posttls-finger: SSL_connect:SSLv3/TLS read server hello
posttls-finger: SSL_connect:SSLv3/TLS read server certificate
posttls-finger: SSL3 alert write:fatal:internal error
posttls-finger: SSL_connect:error in error
posttls-finger: SSL_connect error to ... -1
posttls-finger: warning: TLS library problem: error:03000098:digital
envelope routines::invalid digest:crypto/evp/m_sigver.c:343:
posttls-finger: warning: TLS library problem: error:0A080006:SSL
routines::EVP lib:ssl/statem/statem_clnt.c:2284:
The default setting of "tls_medium_cipherlist" enables and prefers
"aNULL" ciphers, for which the key exchange is not signed (with a
combined SHA1, MD5 PRF in TLS 1.0, IIRC), and the handshake succeeds.
In terms of decoupling Postfix from unfit for purpose system-wide crypto
policies, the below patch appears to be minimally sufficient, but a more
systematic fix would be to make the configuration file selectable (none
or an explicit choice), and for various "SSL_CONF" settings to be
accessible via suitable main.cf overrides. I had hoped to do that circa
Postfix 3.6, but did not find the requisite cycles.
--
Viktor.
--- src/tls/tls_client.c
+++ src/tls/tls_client.c
@@ -682,6 +682,11 @@ TLS_APPL_STATE *tls_client_init(const
TLS_CLIENT_INIT_PROPS *props)
*/
tls_check_version();
+ /*
+ * Opt out of default system-wide configuration settings
+ */
+ OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL);
+
/*
* Create an application data index for SSL objects, so that we can
* attach TLScontext information; this information is needed inside
--- src/tls/tls_server.c
+++ src/tls/tls_server.c
@@ -420,6 +420,11 @@ TLS_APPL_STATE *tls_server_init(const
TLS_SERVER_INIT_PROPS *props)
*/
tls_check_version();
+ /*
+ * Opt out of default system-wide configuration settings
+ */
+ OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL);
+
/*
* First validate the protocols. If these are invalid, we can't continue.
*/
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
