On Mon, Oct 21, 2013 at 09:43:50PM +0200, li...@rhsoft.net wrote:
> postfix/smtp[7411]: warning: TLS library problem:
> 7411:error:100AE081:elliptic curve
> routines:EC_GROUP_new_by_curve_name:unknown group:ec_curve.c:316
>
> maybe relevant to "only ECC NIST Suite B curves support"?
> postfix was compiled against exactly this openssl build
> as far as i can see fallback to unecrypted connection
>
> http://koji.fedoraproject.org/koji/buildinfo?buildID=471781
> * Wed Oct 16 2013 Tom?? Mr?z <tm...@redhat.com> 1.0.1e-28
> - only ECC NIST Suite B curves support
> - drop -fips subpackage
>
> * Mon Oct 14 2013 Tom Callaway <s...@fedoraproject.org>
> - 1.0.1e-27
> - resolve bugzilla 319901 (phew! only took 6 years & 9 days)
Until recently, there was no ECC support in RedHat (and Fedora)
OpenSSL packages. It seems that a few weeks ago they finally
enabled ECC, but could not resist the urge to cripple it a bit. :-)
Instead of improving the world by finally supporting EC, they've
made things worse! Previously clients negotiated something other
than EECDH key exchange, now they negotiate it and fail! Sorry to
say so, but the RedHat engineers need adult supervision.
What site was your SMTP client connecting to? IIRC Suite B supports
prime256v1 (aka secp256r1) and secp384r1. Perhaps the SMTP server
decided to live on the bleeding edge with "secp521r1".
An Exim server with GnuTLS? A Postfix administrator who did not
believe my advice?
tls_eecdh_strong_curve (default: prime256v1)
The elliptic curve used by the Postfix SMTP server for
sensibly strong ephemeral ECDH key exchange. This curve is
used by the Postfix SMTP server when "smtpd_tls_eecdh_grade
= strong". The phrase "sensibly strong" means approximately
128-bit security based on best known attacks. The selected
curve must be implemented by OpenSSL (as reported by
ecparam(1) with the "-list_curves" option) and be one of
the curves listed in Section 5.1.1 of RFC 4492. You should
not generally change this setting.
tls_eecdh_ultra_curve (default: secp384r1)
The elliptic curve used by the Postfix SMTP server for
maximally strong ephemeral ECDH key exchange. This curve
is used by the Postfix SMTP server when "smtpd_tls_eecdh_grade
= ultra". The phrase "maximally strong" means approximately
192-bit security based on best known attacks. This additional
strength comes at a significant computational cost, most
users should instead set "smtpd_tls_eecdh_grade = strong".
The selected curve must be implemented by OpenSSL (as
reported by ecparam(1) with the "-list_curves" option) and
be one of the curves listed in Section 5.1.1 of RFC 4492.
You should not generally change this setting.
On an "improved" RedHat system you may be better off with kEECDH
ciphers disabled on the client side:
smtp_tls_exclude_ciphers = kEECDH
--
Viktor.
