Re: send to ESP with broken STARTTLS

Thu, 31 Mar 2016 11:18:25 -0700 

On Thu, Mar 31, 2016 at 04:47:10PM +0200, A. Schulze wrote:

> I hit an MX-Server with weak DH:
> 
> # SLES-Host
> # posttls-finger iutax.de
> posttls-finger: Connected to 
> iutax.de.pri-mx.eu0105.smtproutes.com[94.186.192.102]:25

Yes, this server has a 768-bit DH key.

> posttls-finger: < 220 gmy2-mh901.smtproutes.com kath-5.0.3 ESMTP Ready
> posttls-finger: > EHLO idvmailout03.datev.de
> posttls-finger: < 250-gmy2-mh901.smtproutes.com says Hello [193.27.49.129]
> posttls-finger: < 250-8BITMIME
> posttls-finger: < 250-STARTTLS
> posttls-finger: < 250-ENHANCEDSTATUSCODES
> posttls-finger: < 250 OK
> posttls-finger: > STARTTLS
> posttls-finger: < 220 Ready to start TLS
> posttls-finger: SSL_connect error to
> iutax.de.pri-mx.eu0105.smtproutes.com[94.186.192.102]:25: -1
> posttls-finger: warning: TLS library problem: error:14082174:SSL
> routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3338:

The minimum DH strengh has increased to 1024 bits in recent versions
of OpenSSL.  The only way to use TLS with this server is to disable
Diffie-Hellman key exchange.  The below master.cf entry creates an
smtp(8) transport called "nodh" in which finite-field Diffie-Hellman
key exchange is disabled:

    master.cf:
        nodh       unix  -       -       -       -       -       smtp
            -o tls_high_cipherlist=!kDHE:!kEDH:aNULL:-aNULL:HIGH:@STRENGTH
            -o 
tls_medium_cipherlist=!kDHE:!kEDH:aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH
            -o smtp_tls_ciphers=medium

The 1024-bit lower limit is enforced internally by the OpenSSL
library and cannot be reduced.

To test:

    $ opt=$(postconf -d tls_medium_cipherlist):'!kDHE:!kEDH'
    $ posttls-finger -o "$opt" -c -lencrypt -Lsummary iutax.de
    posttls-finger: Untrusted TLS connection established to 
iutax.de.pri-mx.eu0105.smtproutes.com[94.186.192.102]:25: TLSv1.2 with cipher
    AES256-SHA (256/256 bits)

You can then add transport table entries:

    transport:
        iutax.de        nodh
        ...

> I guess first I should know why same postfix version behave different on
> SLES and Debian OS
> -> which settings should I check to find potential different configurations?

The systems have different OpenSSL libraries, and in particular at
least one of them has not deployed all of the most recent OpenSSL
security updates.

-- 
        Viktor.

Reply via email to