On Tue, Nov 26, 2013 at 11:05:48PM +0000, Viktor Dukhovni wrote:
> > To debug SMTP over TLS, use "openssl s_client".
>
> No need. This is the problem with Exchange on Windows 2003, and
> the broken DES-CBC3-SHA ciphersuite. Work-around in the list
> archives.
$ posttls-finger -c -lmay -Lsummary -o tls_medium_cipherlist=DES-CBC3-SHA
"[66.252.104.194]"
posttls-finger: Connected to 66.252.104.194[66.252.104.194]:25
posttls-finger: Untrusted TLS connection established to
66.252.104.194[66.252.104.194]:25: unknown with cipher DES-CBC3-SHA (168/168
bits)
posttls-finger: warning: TLS library problem: 1748:error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version
number:/home/builds/ab/HEAD/src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:339:
posttls-finger: warning: lost connection while sending QUIT command
Similar problem will happen any time OpenSSL fails to send either
RC4-SHA or RC4-MD5 as the first 64 cipher-suites offered by the
client. This is the default with OpenSSL 1.0.1, since additional
ciphers with TLSv1.2 push RC4 further down the list.
Web browsers apparently perform a fallback to SSLv3 (a built-in
downgrade attack if you like), when TLS handshakes fail.
Postfix falls back to plain-text when STARTTLS or the SSL handshake
fails, but here, the failure is triggered by garbage after the
encrypted EHLO response, which breaks the SSL records containing
MAIL FROM:. We don't fallback to plaintext after the mail transaction
begins.
Perhaps the simplest work-around is to disable 3DES. Generally,
servers other than Microsoft Exhange 2003 support AES. And with
Microsoft Exchage 2003, disabling 3DES means that either we get
RC4 (and succeed) or get no common ciphers and fail early (during
the handshake), and thus fallback to plaintext.
So we could set a default value of "smtp_tls_exclude_ciphers = 3DES".
This won't solve the problem for people who configure explicit
"encrypt" or "secure" policy with such servers as targets, but they
are already doing a manual setup and can easily implement the more
complex work-around from the list archive.
--
Viktor.
