On Mon, Nov 07, 2016 at 10:30:06AM -0500, Bill Cole wrote:
> >Nov 7 15:03:29 blueberry postfix/smtpd[18091]:
> >mail-ve1eur01hn032d.outbound.protection.outlook.com[2a01:111:f400:fe1f::32d]:
> >TLS cipher list "aNULL:-aNULL:HIGH:@STRENGTH:!aNULL"
>
> This is probably your problem. The austere cipher list is the result of this
> setting, shown in your postconf output:
>
> smtpd_tls_ciphers = high
Let's not speculate, ... It is almost certain that the problem
lies elsewhere, and even with the OP's SSL library half-broken
("unknown state") that's also likely not the problem, but just in
case:
http://dilbert.com/strip/1995-06-24
The outlook.com email servers are fully able to support modern TLS
ciphersuites, and do not object to my self-signed cert.
Nov 7 16:34:41 amnesiac postfix/smtpd[6205]: connect from
mail-by2nam01on0058.outbound.protection.outlook.com[104.47.34.58]
Nov 7 16:34:42 amnesiac postfix/smtpd[6205]: Anonymous TLS connection
established from
mail-by2nam01on0058.outbound.protection.outlook.com[104.47.34.58]:
TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)
Nov 7 16:34:42 amnesiac postfix/smtpd[6205]: A59CF284B0A:
client=mail-by2nam01on0058.outbound.protection.outlook.com[104.47.34.58]
Nov 7 16:34:42 amnesiac postfix/cleanup[26419]: A59CF284B0A: ...
Nov 7 16:34:43 amnesiac postfix/qmgr[16255]: A59CF284B0A: from=<...>,
size=130131, nrcpt=1 (queue active)
Nov 7 16:34:43 amnesiac postfix/virtual[29503]: A59CF284B0A:
to=<...>, orig_to=<...>, relay=virtual, delay=1.1, delays=1/0/0/0.03,
dsn=2.0.0, status=sent (delivered to maildir)
Nov 7 16:34:43 amnesiac postfix/qmgr[16255]: A59CF284B0A: removed
The real issue, mentioned on this list previously IIRC, is the
over-aggressive way in which Microsoft deprecated MD5. They
needlessly (and unfortunately) apply the MD5 restriction to the
self-signatures of root CAs, and even in the context of STARTTLS,
where they happily deliver in cleartext or to self-signed certs,
so failing with weak signatures is noticeably lame.
The OP just happens one of the unlucky ones who goes way overboard
with 4096-bit RSA keys and SHA512 signatures (don't do that it's
futile), but uses a root CA whose self-signature is with MD5:
$ posttls-finger -cC floppy.org |
openssl crl2pkcs7 -nocrl -certfile /dev/stdin |
openssl pkcs7 -noout -print_certs -text |
perl -lne '
print "" if /^Cert/;
print $1 if m{(?:Signature Algorithm|Subject|Issuer):\s*(.*)}
'
sha512WithRSAEncryption
O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing
Authority/emailAddress=supp...@cacert.org
CN=blueberry.post-peine.de
sha512WithRSAEncryption
md5WithRSAEncryption
O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing
Authority/emailAddress=supp...@cacert.org
O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing
Authority/emailAddress=supp...@cacert.org
md5WithRSAEncryption
A suitable 2048-bit self-signed certificate will work much better.
--
Viktor.
