On Wed, Aug 16, 2023 at 06:22:28PM -0400, pgnd via Postfix-users wrote:

> not exactly the same issue to my read, but there may be more to it?

As suspected, the OP has an incomplete DANE TLSA RRset that fails to
match the system's RSA certificate (the additional ECDSA certifcate does
match, but Microsoft's outbound servers negotiate RSA).

See:

    https://mail.sys4.de/pipermail/dane-users/2017-August/000417.html
    https://mail.sys4.de/pipermail/dane-users/2017-August/000416.html

So far, the pattern of Microsoft's outbound systems disconnecting
immediately after a completed TLS handshake strongly correlates with a
broken TLSA setup.

In this case, one that would not be found by the DANE survey, because
the code currently prefers ECDSA, but I should perhaps implement a
random client-side preference to have a better chance of detecting this
issue (or just prefer RSA over ECDSA on odd day numbers since the
epoch).  That would still fail to find problem systems that ignore the
client preference order and only expose the second algorithm's
certificate when it is the only one supported by the client.

Problem found via:

    danesmtp ()
    {
        local host=$1;
        shift;
        local opts=(-starttls smtp -connect "$host:25" -verify 9 
-verify_return_error -dane_ee_no_namechecks -dane_tlsa_domain "$host");
        set -- $(dig +short +nosplit -t tlsa "_25._tcp.$host" | egrep -i '^[23] 
[01] [012] [0-9a-f]+$');
        while [ $# -ge 4 ]; do
            opts=("${opts[@]}" "-dane_tlsa_rrdata" "$1 $2 $3 $4");
            shift 4;
        done;
        ( sleep 1;
        printf "QUIT\r\n" ) | openssl s_client -tls1_2 -cipher 'aRSA:aECDSA' 
"${opts[@]}"
    }

Possible choices for "-cipher" are:

    - aRSA:aECDSA
    - aECDSA:aRSA
    - aECDSA
    - aRSA

If any fail with a certificate verification problem due to a mismatched
TLSA record (rather than failure to find a common ciphersuite), you have
a TLSA misconfiguration.

Always simplest to stick to just one widely supported algorithm, for
now, in most cases a vanilla RSA cert with a 2048-bit key.

Though perhaps all SMTP clients capable of doing DANE are sufficiently
bleeding edge to also be expected to support ECDSA (P256).

-- 
    Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to