On Wed, Jul 10, 2013 at 05:21:38PM +0200, Stefan Jakobs wrote:
> I attached a full trace with a successful TLS session, an unsuccessful TLS
> session and the following fallback to a clear session.
> The trace looks wrong. I'm not sure I decrypted it proper.
The capture file includes only the packets to the SMTP server, none
of the replies. So this is not usable. Please capture both sides
of the traffic. If on a multi-homed host, set smtp_bind_address
to the IP address of the interface on which the reply packets will
return.
> > OpenSSL on your client seems to be 0.9.8, can you report which
> > version?
>
> Yes, you're right. It is: openssl-0.9.8j
This has additional patches from your distribution. What O/S are you
running?
> > > postfix/smtp[4527]: Untrusted TLS connection established to
> > > server.example.com[a.b.c.d]:25: TLSv1 with cipher ADH-CAMELLIA256-SHA
> > > (256/256 bits)
> >
> > Rather odd that CAMELLIA got chosen over AES.
> >
> > What happens when you use the Postfix client cipherlist?
> >
> > ALL:+RC4:@STRENGTH
> >
> > # openssl s_client -state -cipher "ALL:+RC4:@STRENGTH" \
> > -starttls smtp -connect server.example.com:25
> >
> > Try it a few times, ... add "-msg" if the failure is observed, but the
> > reason is not more apparent.
>
> I tried it many times, but I can't produce that SSL error. I always get the
> following:
>
> # openssl s_client -starttls smtp -state -cipher "ALL:+RC4:@STRENGTH"
> -connect server.example.com:25
> CONNECTED(00000003)
> SSL_connect:before/connect initialization
> SSL_connect:SSLv2/v3 write client hello A
> SSL_connect:SSLv3 read server hello A
> SSL_connect:SSLv3 read server key exchange A
> SSL_connect:SSLv3 read server done A
> SSL_connect:SSLv3 write client key exchange A
> SSL_connect:SSLv3 write change cipher spec A
> SSL_connect:SSLv3 write finished A
> SSL_connect:SSLv3 flush data
> SSL_connect:SSLv3 read finished A
> ---
> New, TLSv1/SSLv3, Cipher is ADH-CAMELLIA256-SHA
Good, now we're getting the same ciphersuite as with Postfix. Try
again with SSLv2 disabled, which will enable TLS extensions.
# openssl s_client -no_ssl2 -starttls smtp -state \
-cipher "ALL:+RC4:@STRENGTH" -connect server.example.com:25
Try a few times and report the results. Session re-use may be a factor
in this so you may need to enable session caching in s_client, so if the
above does not trigger any problems, try with:
# openssl s_client -reconnect -no_ssl2 -starttls smtp \
-state -cipher "ALL:+RC4:@STRENGTH" -connect server.example.com:25
This may explain why Postfix connections sometimes succeed and fail
at other times (perhaps even alternate between success and failure),
when handshakes fail, the associated session is flushed from the cache.
What O/S is the server running? Does it have OpenSSL-0.9.9-dev?
--
Viktor.
