Re: no shared cipher revisited

Wed, 28 Sep 2022 10:23:19 -0700 


Quoting Viktor Dukhovni <postfix-us...@dukhovni.org>:


On Wed, Sep 28, 2022 at 06:47:39PM +0200, Lists Nethead wrote:


>> smtpd_tls_protocols = >=TLSv1.2
>
> That's not the default setting.
>
>> smtpd_tls_exclude_ciphers = aNULL
>
> This is only appeases clueless auditors, in reality it is silly.
>
>> From what I can see, this is what they want:
>> TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128
>
> What certificate did you deploy?  What is the name of the server,
> would I be able to connect to it?

Hm, what is the default then?


The default is to allow TLS 1.0 or higher.  If you want to be broadly
interoperable, this is the recommended setting.  There is no actual risk
in SMTP from leaving TLS 1.0 enabled.  When you support TLS 1.2, and
the client does too, there is no known downgrade attack to TLS 1.0.


Yes, nh1.nethead.se and vrt.nethead.se


Your server defaults to an ECDSA P-384 certificate, the client may not
support ECDSA at all, or may not support P-384 (P-256 is a more broadly
supported choice):

    $ posttls-finger -c -lmay -Lsummary "[nh1.nethead.se]"
    posttls-finger: Untrusted TLS connection established
        to nh1.nethead.se[5.150.237.137]:25:
        TLSv1.3 with
            cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
            key-exchange X25519
            server-signature ECDSA (P-384)
            server-digest SHA384

There appears to be no additional RSA certificate configured:


    $ posttls-finger -p TLSv1.2 -o tls_medium_cipherlist="aRSA" -c  
-lmay -Lsummary "[nh1.nethead.se]"

    posttls-finger: SSL_connect error to nh1.nethead.se[5.150.237.137]:25: -1

    posttls-finger: warning: TLS library problem: error:14094410:SSL  
routines:ssl3_read_bytes:sslv3 alert handshake  
failure:ssl/record/rec_layer_s3.c:1544:SSL alert number 40:



    $ posttls-finger -p TLSv1.2 -o tls_medium_cipherlist="aECDSA" -c  
-lmay -Lsummary "[nh1.nethead.se]"
    posttls-finger: Untrusted TLS connection established to  
nh1.nethead.se[5.150.237.137]:25: TLSv1.2 with cipher  
ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)


Your choice of private key (ECDSA P-384) is likely the problem.


Thanks Viktor, that is exactly where my suspicions laid. Now on to fix it.

Thanks again,
Per























					Reply via email to