Re: TLS library problem: error:141FC044 after enabling TLS

Thu, 09 Jun 2022 13:56:25 -0700 

Viktor Dukhovni wrote in
 <yqi2nswo3hb+g...@straasha.imrryr.org>:
 |On Thu, Jun 09, 2022 at 07:54:56PM +0200, Bastian Blank wrote:
 |> On Thu, Jun 09, 2022 at 07:05:24PM +0200, Steffen Nurpmeso wrote:
 |>> [also there is
 |>>   smtpd_tls_mandatory_exclude_ciphers =
 |>>       aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH,
 |>>       EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES,
 |>>       CBC3-SHA
 |>> but i definetely should put more care into this one!]
 |> 
 |> Could you explain, why you exclude aNULL?  Esp, as you seem to use if
 |> for non-mandatory settings as well?
 |
 |Some people do it just to quiet red marks on misguided security scanner
 |scores.  I actually recommend enabling aNULL, though the ability to do
 |that is still missing in TLS 1.3 (the crypto maximalists are winning):
 |
 |    https://datatracker.ietf.org/doc/html/rfc7672#section-8.2
 |
 |with mandatory authenticated TLS aNULL ciphers are automatically
 |disabled in the Postfix SMTP client.

Oh, i am very far from Viktor's TLS expertise, which is good
enough to stand on the standard creator's side.
For me this roots in openssl-ciphers(1ssl) reading:

   aNULL
       The cipher suites offering no authentication. This is currently the
       anonymous DH algorithms and anonymous ECDH algorithms. These cipher
       suites are vulnerable to "man in the middle" attacks and so their
       use is discouraged.  These are excluded from the DEFAULT ciphers,
       but included in the ALL ciphers.  Be careful when building
       cipherlists out of lower-level primitives such as kDHE or AES as
       these do overlap with the aNULL ciphers.  When in doubt, include
       !aNULL in your cipherlist.

.. But .. in fact postfix's TLS configuration regarding CAfile
made me appear so foolish i kept

  # That one is for client certificates!
  #smtpd_tls_CAfile = /etc/dovecot/cert.pem

in my configuration.  I cannot tell no more what i expected.
I think it would be that _CAfile points to the usual crypto lib
(or .. you know) delivered CA-certificates aka trusted CAs, and that client
certificates are treated specially.  (Like the former via, hm,
SSL_CTX_load_verify_locations(), but then making a difference for
permit_tls_clientcerts.  I really had to look very deeply now for
whether this is realizable like that.)

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

Reply via email to