On Mon, Oct 21, 2013 at 11:49:48PM +0200, li...@rhsoft.net wrote: > >> since you sound very knowledgeable about SSL may you consider > >> to make a comment there? > >> > >> https://bugzilla.redhat.com/show_bug.cgi?id=1019251 > > > > I have enough fish to fry. The problem is obvious, client promises > > EECDH support, server sends a standard curve name and the client > > promptly fails because its list of supported curves is incomplete. > > > > Of course you should capture a session with wireshark and see what > > curve the server sends back to confirm this obvious interpretation. > > looking at the logs where ECDHE worked fine with the intermediate openssl > and started to fail to "mx00.gmx.net" after the crippleded update I > think the situation is clear
What is less clear is what EC curve gmx.de actually sends down the wire. Is it something exotic, that few sites would support, or is it something more vanilla like secp521r1 which RedHat seem to have deliberately left out of their implementation. > >> fine: http://koji.fedoraproject.org/koji/buildinfo?buildID=471397 > >> crippled: http://koji.fedoraproject.org/koji/buildinfo?buildID=471781 > >> > >> with the first build no single error > > > > I think you know what to do... > > maintain openssl at my own is above my scope i fear :-( No, you report the bug. You're running their software, you can reproduce failure cases. Make it clear to them that half-implementing EC support is worse than not implementing EC support. > i hate it to ask but is there any change postfix avoids ECDHE for such > destinations > in case of this situation and continues to use DHE if the requested curve is > not > available in the linked openssl library? Postfix allows you to skip EECDH and ECDSA globally or for selected sites via smtp_tls_policy_maps. main.cf: # SMTP client only: smtp_tls_exclude_ciphers = ECDH tls_policy: example.com encrypt exclude=ECDH protocols=!SSLv2,!SSLv3 If you disable SSLv3 (as well as SSLv2) your SMTP client will send the list of supported EC curves to the server via a suitable TLSv1 extension. Some servers may be able to make use of this to choose a compatible curve. Postfix is not among these yet, as OpenSSL does not yet (before the unreleased 1.0.2 version) expose the requisite API functions to allow server applications to register multiple curves or leave the choice to OpenSSL. So mostly, you lose, until RedHat fixes the bug. > > When I test connections to this host, I always get "AES256-SHA", > > and no EDH or kEECDH ciphers are accepted. Did gmx.de change their > > configuration to work around this? Can you build posttls-finger (from 2.11) > > and test with: > > > > $ posttls-finger -t30 -T 180 -p TLSv1.2 -Ldebug \ > > -o tls_medium_cipherlist='kEECDH:kEDH:kRSA' \ > > "[213.165.67.99]" > > > > do you get handshake failures? > > no "posttls-finger" here but the logs below are a clear language i think The idea is to compile it from 2.11 snapshot sources. -- Viktor.
