Re: [exim-dev] pgsql lookup TLS access broken in 4.82 RC2 ?

Top Page
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-dev
Subject: Re: [exim-dev] pgsql lookup TLS access broken in 4.82 RC2 ?
On Mon, Oct 07, 2013 at 06:56:29PM +0200, Axel Rau wrote:

> Am 07.10.2013 um 18:01 schrieb Axel Rau <Axel.Rau@???>:
>
> > ?DEFER: PGSQL connection failed: SSL error: tlsv1 alert unknown ca
> On the pgsql server side, I have:
> ---
> ssl_ciphers = 'kEDH:HIGH:!aNULL:!MD5'    #!#


This is a mistake. You probably meant:

    kEDH+HIGH:!eNULL:!aNULL:!MD5:@STRENGTH


which is the properly sorted intersection of kEDH and HIGH, instead
you're getting the union of kEDH and HIGH without sensible sorting,
which include for example:

EDH-RSA-DES-CBC-SHA     SSLv3 Kx=DH       Au=RSA  Enc=DES(56)   Mac=SHA1
EDH-DSS-DES-CBC-SHA     SSLv3 Kx=DH       Au=DSS  Enc=DES(56)   Mac=SHA1
EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=RSA  Enc=DES(40)   Mac=SHA1 export
EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=DSS  Enc=DES(40)   Mac=SHA1 export


Such subtleties are the reason that the raw OpenSSL cipher
specification syntax should not be exposed directly to end-users.
PgSQL should provide a higher level interface defined in terms
of monotone cipher-suite grades.

Had you also included kEECDH, you'd even pick up some NULL ciphers:

ECDHE-RSA-NULL-SHA      SSLv3 Kx=ECDH     Au=RSA  Enc=None      Mac=SHA1
ECDHE-ECDSA-NULL-SHA    SSLv3 Kx=ECDH     Au=ECDSA Enc=None      Mac=SHA1


which authenticate, but don't encrypt. To allow EECDH safely, you need:

    kEECDH+HIGH:kEDH+HIGH:!eNULL:!aNULL:!MD5:@STRENGTH


(and perhaps settings for DH and EECDH parameters if PgSQL does
not provide apropriate defaults).

-- 
    Viktor.