does 'permit_tls_clientcerts' work with self-signed certificates?
hey, i am trying to set up a postfix 3.5.13 server as a destination for multiple null-clients, but am failing with verifying the client's self-signed client certificate. are self-signed certificates prohibited from this kind of verification? TLS_README does'n help me with this issue. greetings... # postconf -n compatibility_level = 3.5 local_recipient_maps = proxy:unix:passwd.byname $alias_maps local_transport = lmtp:unix:private/dovecot-lmtp mydestination = domain.tld mydomain = domain.tld mynetworks = 127.0.0.1/32 10.0.1.0/24 relay_clientcerts = hash:/etc/postfix/relay_clientcerts_md5 smtpd_client_restrictions = permit_inet_interfaces, permit_tls_clientcerts, reject smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_loglevel = 2 smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_protocols = TLSv1.3 smtpd_tls_req_ccert = yes smtpd_tls_security_level = encrypt # cat /etc/postfix/relay_clientcerts_md5 01:23:45:67:89:AB:CD:EF:01:23:45:67:89:AB:CD:EF postfix-client.domain.tld FE:DC:BA:98:76:54:32:10:FE:DC:BA:98:76:54:32:10 postfix-client.domain.tld /var/log/mail.log: Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: initializing the server-side TLS engine Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: connect from postfix-client.domain.tld[10.0.1.157] Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: setting up TLS connection from postfix-client.domain.tld[10.0.1.157] Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: postfix-client.domain.tld[10.0.1.157]: TLS cipher list "aNULL:-aNULL:HIGH:@STRENGTH:!aNULL" Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: SSL_accept:before SSL initialization Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: SSL_accept:before SSL initialization Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: SSL_accept:SSLv3/TLS read client hello Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: SSL_accept:SSLv3/TLS write server hello Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: SSL_accept:SSLv3/TLS write change cipher spec Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: SSL_accept:TLSv1.3 write encrypted extensions Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: SSL_accept:SSLv3/TLS write certificate request Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: SSL_accept:SSLv3/TLS write certificate Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: SSL_accept:TLSv1.3 write server certificate verify Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: SSL_accept:SSLv3/TLS write finished Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: SSL_accept:TLSv1.3 early data Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: SSL_accept:TLSv1.3 early data Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: postfix-client.domain.tld[10.0.1.157]: depth=0 verify=0 subject=/CN=postfix-client.domain.tld Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: postfix-client.domain.tld[10.0.1.157]: depth=0 verify=1 subject=/CN=postfix-client.domain.tld Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: SSL_accept:SSLv3/TLS read client certificate Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: SSL_accept:SSLv3/TLS read certificate verify Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: SSL_accept:SSLv3/TLS read finished Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: postfix-client.domain.tld[10.0.1.157]: Issuing session ticket, key expiration: 1664898410 Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: SSL_accept:SSLv3/TLS write session ticket Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: subject=/CN=postfix-client.domain.tld Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: issuer=/CN=postfix-client.domain.tld Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: postfix-client.domain.tld[10.0.1.157]: subject_CN=postfix-client.domain.tld, issuer=postfix-client.domain.tld, fingerprint=FE:DC:BA:98:76:54:32:10:FE:DC:BA:98:76:54:32:10, pkey_fingerprint=01:23:45:67:89:AB:CD:EF:01:23:45:67:89:AB:CD:EF Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: certificate verification failed for postfix-client.domain.tld[10.0.1.157]: self-signed certificate Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: Untrusted TLS connection established from postfix-client.domain.tld[10.0.1.157]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256 Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: NOQUEUE: abort: TLS from postfix-client.domain.tld[10.0.1.157]: Client certificate not trusted Oct 4 17:16:51 postfix-server postfix/smtpd[109679]: disconnect from postfix-client.domain.tld[10.0.1.157] ehlo=1 starttls=1 commands=2
Re: does 'permit_tls_clientcerts' work with self-signed certificates?
On 2022-10-04 at 12:00:55 UTC-0400 (Tue, 04 Oct 2022 18:00:55 +0200) Michael is rumored to have said: hey, i am trying to set up a postfix 3.5.13 server as a destination for multiple null-clients, but am failing with verifying the client's self-signed client certificate. are self-signed certificates prohibited from this kind of verification? Yes, definitionally. "Verification" means auditing the trust chain to reach a trusted root certificate. Unless you add the self-signed cert to your set of trusted roots, you cannot verify it. TLS_README does'n help me with this issue. From that file... To verify a remote SMTP client certificate, the Postfix SMTP server needs to trust the certificates of the issuing Certification Authorities. These certificates in "PEM" format can be stored in a single $smtpd_tls_CAfile or in] multiple files, one CA per file in the $smtpd_tls_CApath directory. If you use a directory, don't forget to create the necessary "hash" links with: # $OPENSSL_HOME/bin/c_rehash /path/to/directory The $smtpd_tls_CAfile contains the CA certificates of one or more trusted CAs. The file is opened (with root privileges) before Postfix enters the optional chroot jail and so need not be accessible from inside the chroot jail. Additional trusted CAs can be specified via the $smtpd_tls_CApath directory, in which case the certificates are read (with $mail_owner privileges) from the files in the directory when the information is needed. Thus, the $smtpd_tls_CApath directory needs to be accessible inside the optional chroot jail. When you configure the Postfix SMTP server to request client certificates, the DNs of Certification Authorities in $smtpd_tls_CAfile are sent to the client, in order to allow it to choose an identity signed by a CA you trust. If no $smtpd_tls_CAfile is specified, no preferred CA list is sent, and the client is free to choose an identity signed by any CA. Many clients use a fixed identity regardless of the preferred CA list and you may be able to reduce TLS negotiation overhead by installing client CA certificates mostly or only in $smtpd_tls_CApath. In the latter case you need not specify a $smtpd_tls_CAfile. Note, that unless client certificates are used to allow greater access to TLS authenticated clients, it is best to not ask for client certificates at all, as in addition to increased overhead some clients (notably in some cases qmail) are unable to complete the TLS handshake when client certificates are requested. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
Re: does 'permit_tls_clientcerts' work with self-signed certificates?
On Tue, Oct 04, 2022 at 06:00:55PM +0200, Michael wrote: > I am trying to set up a postfix 3.5.13 server as a destination for > multiple null-clients, but am failing with verifying the client's > self-signed client certificate. Are self-signed certificates > prohibited from this kind of verification? Sure, but not with smtpd_tls_req_ccert = yes which requires that the client-certficate pass verification up to a known trust-anchor, instead set: smtpd_tls_ask_ccert = yes and then refuse connections that are not permitted by a certificate check. > compatibility_level = 3.5 The major.minor syntax was introduced with Postfix 3.6, for Postfix 3.5 use "3". > relay_clientcerts = hash:/etc/postfix/relay_clientcerts_md5 > smtpd_client_restrictions = permit_inet_interfaces, permit_tls_clientcerts, > reject This will do, but I would advise SHA256 at this point: http://www.postfix.org/postconf.5.html#smtpd_tls_fingerprint_digest smtpd_tls_fingerprint_digest = sha256 and of course use sha256 keys in the table. -- Viktor.
Re: does 'permit_tls_clientcerts' work with self-signed certificates?
On Tue, Oct 04, 2022 at 12:27:25PM -0400, Bill Cole wrote: > > are self-signed certificates prohibited from this kind of > > verification? > > Yes, definitionally. "Verification" means auditing the trust chain to > reach a trusted root certificate. Unless you add the self-signed cert to > your set of trusted roots, you cannot verify it. But not from certificate-based access checks, which is what the OP is really asking. -- Viktor.
Re: does 'permit_tls_clientcerts' work with self-signed certificates?
Viktor Dukhovni: > > compatibility_level = 3.5 > > The major.minor syntax was introduced with Postfix 3.6, for Postfix 3.5 > use "3". To make forward and reverse migrations easier, the new compatibility_level syntax has been backported in postfix-3.5.11, postfix-3.4.21 and postfix-3.3.18. Distributions may have picked up these. Wietse
compat_level syntax backport (Thanks)
On Tue, Oct 04, 2022 at 02:36:14PM -0400, Wietse Venema wrote: > Viktor Dukhovni: > > > compatibility_level = 3.5 > > > > The major.minor syntax was introduced with Postfix 3.6, for Postfix 3.5 > > use "3". > > To make forward and reverse migrations easier, the new compatibility_level > syntax has been backported in postfix-3.5.11, postfix-3.4.21 and > postfix-3.3.18. Distributions may have picked up these. Thanks for the correction/reminder, that change didn't register for me at the time: postfix-3.5.11 --- a/postfix/HISTORY +++ b/postfix/HISTORY +20210612 + + Support for Postfix 3.6 compatibility_level syntax, to avoid + fatal runtime errors when rolling back from Postfix 3.6 to + an earlier supported version, or when sharing Postfix 3.6 + configuration files with an earlier supported Postfix + version. File: global/mail_params.c. -- Viktor.
Re: no shared cipher revisited
On 2/10/2022 10:51 pm, Matus UHLAR - fantomas wrote: yes, Let's Encrypt clients generate 4096 keys by default, which is silly because intermediate R3 certificate is only 2048-bit. I configure let's encrypt clients to create 2048 keys. AFAICT Certbot still uses 2048-bit keys by default. Nick.
Re: no shared cipher revisited
Nick Tait wrote in : |On 2/10/2022 10:51 pm, Matus UHLAR - fantomas wrote: |> yes, Let's Encrypt clients generate 4096 keys by default, which is |> silly because intermediate R3 certificate is only 2048-bit. |> |> I configure let's encrypt clients to create 2048 keys. | |AFAICT Certbot still uses 2048-bit keys by default. dehydrated uses 4096 by default (since 2016). OpenBSD used a 4096 bits one on top of Let's Encrypt, at least once this came up last... on June 15th this year. So please a little bit of respect for such decisions. (I do too, but do not ask me no questions.) --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
