Am Mittwoch, 10. Juli 2013, 18:32:32 schrieb Viktor Dukhovni: > On Wed, Jul 10, 2013 at 05:21:38PM +0200, Stefan Jakobs wrote: > > I attached a full trace with a successful TLS session, an unsuccessful TLS > > session and the following fallback to a clear session. > > The trace looks wrong. I'm not sure I decrypted it proper. > > The capture file includes only the packets to the SMTP server, none > of the replies. So this is not usable. Please capture both sides > of the traffic. If on a multi-homed host, set smtp_bind_address > to the IP address of the interface on which the reply packets will > return.
OK, next try. See attachment.
> > > OpenSSL on your client seems to be 0.9.8, can you report which
> > > version?
> >
> > Yes, you're right. It is: openssl-0.9.8j
>
> This has additional patches from your distribution. What O/S are you
> running?
SUSE Enterprise Linux 11 SP2
[...]
>
> Good, now we're getting the same ciphersuite as with Postfix. Try
> again with SSLv2 disabled, which will enable TLS extensions.
>
> # openssl s_client -no_ssl2 -starttls smtp -state \
> -cipher "ALL:+RC4:@STRENGTH" -connect server.example.com:25
>
> Try a few times and report the results. Session re-use may be a factor
> in this so you may need to enable session caching in s_client, so if the
> above does not trigger any problems, try with:
>
> # openssl s_client -reconnect -no_ssl2 -starttls smtp \
> -state -cipher "ALL:+RC4:@STRENGTH" -connect server.example.com:25
>
> This may explain why Postfix connections sometimes succeed and fail
> at other times (perhaps even alternate between success and failure),
> when handshakes fail, the associated session is flushed from the cache.
$ openssl s_client -no_ssl2 -starttls smtp -state -cipher \
"ALL:+RC4:@STRENGTH" -connect server.example.com:25
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read server session ticket A
SSL_connect:SSLv3 read finished A
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 809 bytes and written 357 bytes
---
New, TLSv1/SSLv3, Cipher is ADH-CAMELLIA256-SHA
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : ADH-CAMELLIA256-SHA
Session-ID:
529930B248631D96104E50F76D4AAF7FCFD8E5124544B833269EE5DFC09344A8
Session-ID-ctx:
Master-Key:
C33D50C6779F9BCD8B0C0E65C2721C14C6ADAEBCFC515E6D5142D76B69A9C288C094E864DEBC7E26E2B7EC9483058DC3
Key-Arg : None
TLS session ticket lifetime hint: 3600 (seconds)
TLS session ticket:
0000 - 96 b2 04 fd 61 08 c8 84-6c 9a b7 1f 1a 72 ce c7 ....a...l....r..
0010 - e8 10 16 bc b8 df a3 3a-df b8 07 89 e6 9d 35 2f .......:......5/
0020 - 6e 57 7f ec 00 c8 9e 46-61 78 17 b0 21 fa e9 f4 nW.....Fax..!...
0030 - d7 e1 e3 78 7c 90 f6 29-91 52 7b aa 85 e3 d4 d0 ...x|..).R{.....
0040 - 85 5e 35 9f 00 80 d1 4b-ef f9 36 7c 78 07 d3 6e .^5....K..6|x..n
0050 - bb 84 5c 5c 8c 95 e8 87-01 19 4b 86 b7 ef 39 3b ..\\......K...9;
0060 - 16 fc 63 ab 80 8b d7 e1-6a 2a 82 41 36 c0 7f e7 ..c.....j*.A6...
0070 - 50 14 53 52 66 45 64 80-05 7e c4 1e 68 86 ed 03 P.SRfEd..~..h...
0080 - a9 24 eb 7c c0 34 35 cc-de 3a 48 b6 5b dd 9c d0 .$.|.45..:H.[...
0090 - 63 8a a8 f5 bd e2 9d 2a-3d 07 46 69 4e 95 ba e0 c......*=.FiN...
Start Time: 1373542887
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
250 DSN
quit
221 2.0.0 Bye
SSL3 alert read:warning:close notify
closed
SSL3 alert write:warning:close notify
$ openssl s_client -no_ssl2 -reconnect -starttls smtp -state -cipher \
"ALL:+RC4:@STRENGTH" -connect server.example.com:25
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read server session ticket A
SSL_connect:SSLv3 read finished A
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 809 bytes and written 357 bytes
---
New, TLSv1/SSLv3, Cipher is ADH-CAMELLIA256-SHA
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : ADH-CAMELLIA256-SHA
Session-ID:
6045DD9D47E47B91DD6B0E4794A26B770B2CBD49FC07941801FCE44B263EDD32
Session-ID-ctx:
Master-Key:
F8A4F1FA9D252189FEA4ACE3CC60AA1525B3FDC84258A578D3373DC48446C50857E34F2AA7947C1BA56169A36D33ADBC
Key-Arg : None
TLS session ticket lifetime hint: 3600 (seconds)
TLS session ticket:
0000 - 96 b2 04 fd 61 08 c8 84-6c 9a b7 1f 1a 72 ce c7 ....a...l....r..
0010 - d9 1f 0d e0 e5 cf 97 d5-cf 57 0c 74 a1 c9 ce 89 .........W.t....
0020 - 62 2a 05 9b de c7 ac 75-22 42 be 4f 1c 08 fe 5d b*.....u"B.O...]
0030 - 8a 6b 81 51 34 08 ae 98-07 11 4c 37 4a a7 37 58 .k.Q4.....L7J.7X
0040 - 46 86 00 f4 11 71 82 74-df 84 b3 56 36 08 98 ed F....q.t...V6...
0050 - d9 65 ea 27 08 3a 76 17-c8 45 9e ea cd e3 c8 fd .e.'.:v..E......
0060 - 39 4b a0 00 38 1e 92 b8-86 c2 ef 69 cb 4d 37 84 9K..8......i.M7.
0070 - 0c c4 83 a0 e9 06 fb 4c-41 c4 0d f6 ae d5 ac df .......LA.......
0080 - ac 0b da 49 f7 c2 d0 89-12 f1 14 8c 3e fa 5e e3 ...I........>.^.
0090 - 72 ea 32 35 84 81 d1 d0-09 99 a7 07 01 51 22 32 r.25.........Q"2
Start Time: 1373542938
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
250 DSN
drop connection and then reconnect
SSL3 alert write:warning:close notify
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL3 alert write:fatal:protocol version
SSL_connect:error in SSLv3 read server hello A
13820:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
number:s3_pkt.c:281:
$ openssl s_client -reconnect -starttls smtp -state -cipher \
"ALL:+RC4:@STRENGTH" -connect server.example.com:25
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 662 bytes and written 399 bytes
---
New, TLSv1/SSLv3, Cipher is ADH-CAMELLIA256-SHA
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : ADH-CAMELLIA256-SHA
Session-ID:
D8F5612DC8223BD03F59499CA8FD077ECD114B0C5789C539FD5A6CEB9F9A1157
Session-ID-ctx:
Master-Key:
A787859EB40241766A031D000C6213608438B83F3DE3B607483CA6522C37ECED299526BA6A33F7C8D06D28CBE06F4489
Key-Arg : None
Start Time: 1373543023
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
250 DSN
drop connection and then reconnect
SSL3 alert write:warning:close notify
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL3 alert write:fatal:protocol version
SSL_connect:error in SSLv3 read server hello A
13869:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
number:s3_pkt.c:281:
> What O/S is the server running? Does it have OpenSSL-0.9.9-dev?
Ubuntu 12.04 LTS
libssl1.0.0 1.0.1-4ubunu5.10
openssl 1.0.1-4ubuntu5.10
Thanks for your help.
Best regards.
Stefan
status-decrypted.pcap
Description: application/gzip
