Re: [exim] Can't do TLS between two exim 4.80

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Marc MERLIN
Datum:  
To: Andreas Metzler, Cyborg, Evgeniy Berdnikov, Viktor Dukhovni
CC: exim-users
Betreff: Re: [exim] Can't do TLS between two exim 4.80
On Sat, Nov 09, 2013 at 05:17:32PM -0800, Marc MERLIN wrote:
> Mmmh, but unfortunately upgrading this and restarting exim4 didn't help, I still get
> SMTP<< 220 TLS go ahead
> LOG: MAIN
> TLS error on connection to 209.81.13.136 [209.81.13.136] (gnutls_handshake): A TLS packet with unexpected length was received.
> LOG: MAIN
>
> I'm assuming it's not broken for everyone on debian, what other packages do you think
> might be broken/out of date/missing?
>
> I know I can recompile exim4 to use openssl, but I would much rather
> stick to the stock debian packages.
>
> Currently I have
> ii exim4-daemon-heavy 4.80-6


A bit more data, shown from the server side if that helps:
'Could not negotiate a supported cipher suite.'

gnutls-cli-debug (below) says that my gnutls does not support TLS 1.2. Considering I have the latest
package and I'd rather not start maintaining this from source separately from debian.
Is there a way to tell exim4 not to try to use TLS 1.2?
I read http://www.exim.org/exim-html-current/doc/html/spec_html/ch-encrypted_smtp_connections_using_tlsssl.html
but didn't really see anything relevant.

the server says:
17:56:59 30310 250-STARTTLS
17:56:59 30310 250 HELP
17:56:59 30310 SMTP<< STARTTLS
17:56:59 30310 using ACL "check_tls"
17:56:59 30310 processing "accept"
17:56:59 30310 accept: condition test succeeded in ACL "check_tls"
17:56:59 30310 initialising GnuTLS as a server
17:56:59 30310 GnuTLS global init required.
17:56:59 30310 initialising GnuTLS server session
17:56:59 30310 Expanding various TLS configuration options for session credentials.
17:56:59 30310 certificate file = /etc/ssl/certs/mail1.merlins.org_cert.pem
17:56:59 30310 key file = /etc/ssl/certs/mail1.merlins.org_cert.pem
17:56:59 30310 TLS: cert/key registered
17:56:59 30310 TLS: tls_verify_certificates not set or empty, ignoring
17:56:59 30310 Initialising GnuTLS server params.
17:56:59 30310 Loading default hard-coded DH params
17:56:59 30310 Loaded fixed standard D-H parameters
17:56:59 30310 GnuTLS using default session cipher/priority "NORMAL"
17:56:59 30310 host in tls_verify_hosts? no (option unset)
17:56:59 30310 host in tls_try_verify_hosts? no (option unset)
17:56:59 30310 TLS: a client certificate will not be requested.
17:56:59 30310 SMTP>> 220 TLS go ahead
17:56:59 30310 TLS: no SNI presented in handshake.
17:56:59 30310 LOG: MAIN
17:56:59 30310 TLS error on connection from 66-44-62-160.c3-0.129-ubr2.lnh-129.md.cable.rcn.com (gandalfthegreat.merlins.org) [66.44.62.160]:60911 I=[209.81.13.136]:587 (gnutls_handshake): Could not negotiate a supported cipher suite.
17:56:59 30310 TLS failed to start

So I tried:
gandalfthegreat:~$ gnutls-cli-debug -p 465 magic.merlins.org
Resolving 'magic.merlins.org'...
Connecting to '209.81.13.136:465'...
Checking for SSL 3.0 support... yes
Checking whether %COMPAT is required... no
Checking for TLS 1.0 support... yes
Checking for TLS 1.1 support... yes
Checking fallback from TLS 1.1 to... N/A
Checking for TLS 1.2 support... no
Checking whether we need to disable TLS 1.0... N/A
Checking for Safe renegotiation support... yes
Checking for Safe renegotiation support (SCSV)... yes
Checking for HTTPS server name... not checked
Checking for version rollback bug in RSA PMS... no
Checking for version rollback bug in Client Hello... no
Checking whether the server ignores the RSA PMS version... no
Checking whether the server can accept Hello Extensions... yes
Checking whether the server can accept small records (512 bytes)... no
Checking whether the server can accept cipher suites not in SSL 3.0 spec... yes
Checking whether the server can accept a bogus TLS record version in the client hello... yes
Checking for certificate information... N/A
Checking for trusted CAs... N/A
Checking whether the server understands TLS closure alerts... no
Checking whether the server supports session resumption... no
Checking for export-grade ciphersuite support... no
Checking RSA-export ciphersuite info... N/A
Checking for anonymous authentication support... no
Checking anonymous Diffie-Hellman group info... N/A
Checking for ephemeral Diffie-Hellman support... yes
Checking ephemeral Diffie-Hellman group info... N/A
Checking for ephemeral EC Diffie-Hellman support... no
Checking ephemeral EC Diffie-Hellman group info... N/A
Checking for AES-GCM cipher support... no
Checking for AES-CBC cipher support... yes
Checking for CAMELLIA cipher support... yes
Checking for 3DES-CBC cipher support... yes
Checking for ARCFOUR 128 cipher support... yes
Checking for ARCFOUR 40 cipher support... no
Checking for MD5 MAC support... yes
Checking for SHA1 MAC support... yes
Checking for SHA256 MAC support... no
Checking for ZLIB compression support... no
Checking for max record size... no
Checking for OpenPGP authentication support... no

Sure enough, TLS 1.2 isn't supported, but how can I tell which TLS my client is trying to use?
18:21:21 20156 initialising GnuTLS client session
18:21:21 20156 Expanding various TLS configuration options for session credentials.
18:21:21 20156 TLS: no client certificate specified; okay
18:21:21 20156 TLS: tls_verify_certificates not set or empty, ignoring
18:21:21 20156 GnuTLS using default session cipher/priority "NORMAL"
18:21:21 20156 Setting D-H prime minimum acceptable bits to 1024
18:21:21 20156 TLS: server certificate verification not required
18:21:21 20156 LOG: MAIN
18:21:21 20156 TLS error on connection to 209.81.13.136 [209.81.13.136] (gnutls_handshake): A TLS packet with unexpected length was received.

Thanks,
Marc
-- 
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/                         | PGP 1024R/763BE901