Re: [mailop] ECC Certificate for SMTP TLS

Mon, 18 Nov 2024 14:41:32 -0800 

On Mon, Nov 18, 2024 at 05:16:44PM +0100, Geert Hendrickx via mailop wrote:

> I think most of those, at least including gmail.com, use dual (ECC+RSA)
> certs, typically with preference for ECC, so "support ECC" doesn't mean
> "not support RSA".

Indeed I have little visibility on dual cert servers that ignore client
cipher/group preference, and choose the server's most preferred
certificate public-key algorithm.  A few servers do honour client prefs,
which I alternate between and within daily survey runs, so a few servers
alternate between RSA and ECDSA every other day.  A handful have DANE TLSA
records that work for only one of the two algorithms:

    $ danesmtp -s rsa mail.pistam.eu
    CONNECTION ESTABLISHED
    Protocol version: TLSv1.3
    Ciphersuite: TLS_AES_256_GCM_SHA384
    Peer certificate: C = SI, ST = Osrednjeslovenjska, L = Domzale, O = Pistam 
d.o.o., OU = IT, CN = Ernesto Pistamiglio, emailAddress = i...@pistam.eu
    Hash used: SHA256
    Signature type: RSA-PSS
    Verification: OK
    DANE TLSA 3 0 1 ...575a7c1fd8aa63ac8044c963 matched EE certificate at depth 0
    Server Temp Key: X25519, 253 bits
    250 CHUNKING
    DONE

    $ danesmtp -s ecdsa mail.pistam.eu
    depth=0 C = SI, ST = Osrednjeslovenjska, L = Domzale, O = Pistam d.o.o., OU 
= IT, CN = Ernesto Pistamiglio, emailAddress = i...@pistam.eu
    verify error:num=65:no matching DANE TLSA records
    004ED09A227F0000:error:0A000086:SSL 
routines:tls_post_process_server_certificate:certificate verify 
failed:ssl/statem/statem_clnt.c:1889:

Ernesto has not been responsive to the initial batch of notices sent,
and the survey is not bothering him about this anymore.

> From sniffing TLS handshakes in SMTP connections for supported ciphers,
> the ones supporting only RSA were mostly banks...

Sniffing TLS handshakes will confirm *client* support for a ciphersuite,
which can perhaps help one feel more confident that deploying dual certs
won't break important/frequent clients.  It does not surface dual cert
servers, for that one needs to try separate connections to the server
some with *only* RSA, and others with *only* ECDSA.  I leave such
invasive probing to Shodan and the like, the DANE survey strives to
be a good citizen, and make as few connections as possible, roughtly
one connection per MX host (that has TLSA records) IP address per day.

-- 
    Viktor.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Reply via email to