On Mon, Sep 07, 2020 at 06:14:37PM +0200, Axel Rau via Exim-users wrote:
> testing my TLSA setup here
> https://www.huque.com/bin/danecheck
> fails always with the ec cert, while the rsa cert succeeds:
Are you sure you're interpreting the results correctly?
> DNS TLSA RRset:
> qname: _25._tcp.tmx3.lrau.net.
> 3 0 1 0b3eae57d593d773cf6582d5e59f26681716678fd86535fef867dec1708e45b2
> 3 0 1 de449278a5c30ab0e50a3ed89d31e6625847cd884247b40230f8c866a2d65120
Forcing RSA with TLSA 1.3 via RSA-only sigalgs shows the RSA TLSA RR
matching:
$ openssl s_client -starttls smtp -connect tmx3.lrau.net:25 -verify 9 -brief
-dane_tlsa_domain tmx3.lrau.net \
-dane_tlsa_rrdata "3 0 1 de449278a5c30ab0e50a3ed89d31e6625847cd884247b40230f8c866a2d65120" \
-dane_tlsa_rrdata "3 0 1 0b3eae57d593d773cf6582d5e59f26681716678fd86535fef867dec1708e45b2" \
-sigalgs rsa_pkcs1_sha256:rsa_pkcs1_sha384:rsa_pkcs1_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512
verify depth is 9
CONNECTION ESTABLISHED
Protocol version: TLSv1.3
Ciphersuite: TLS_AES_256_GCM_SHA384
Peer certificate: CN = tmx3.lrau.net
Hash used: SHA256
Signature type: RSA-PSS
Verification: OK
Verified peername: tmx3.lrau.net
DANE TLSA 3 0 1 ...4247b40230f8c866a2d65120 matched EE certificate at depth 0
Server Temp Key: X25519, 253 bits
250 HELP
quit
221 tmx3.lrau.net closing connection
Forcing ECDSA with TLSA 1.3 via RSA-only sigalgs shows the ECDSA TLSA RR
matching:
$ openssl s_client -starttls smtp -connect tmx3.lrau.net:25 -verify 9 -brief \
-dane_tlsa_domain tmx3.lrau.net \
-dane_tlsa_rrdata "3 0 1 de449278a5c30ab0e50a3ed89d31e6625847cd884247b40230f8c866a2d65120" \
-dane_tlsa_rrdata "3 0 1 0b3eae57d593d773cf6582d5e59f26681716678fd86535fef867dec1708e45b2" \
-sigalgs ecdsa_secp256r1_sha256:ecdsa_secp384r1_sha384:ecdsa_secp521r1_sha512
verify depth is 9
CONNECTION ESTABLISHED
Protocol version: TLSv1.3
Ciphersuite: TLS_AES_256_GCM_SHA384
Peer certificate: CN = tmx3.lrau.net
Hash used: SHA384
Signature type: ECDSA
Verification: OK
Verified peername: tmx3.lrau.net
DANE TLSA 3 0 1 ...d86535fef867dec1708e45b2 matched EE certificate at depth 0
Server Temp Key: X25519, 253 bits
250 HELP
quit
221 tmx3.lrau.net closing connection
> ## Checking tmx3.lrau.net 2a05:bec0:26:18::91 port 25
> DANE TLSA 3 0 1 [0b3eae57..]: FAIL did not match EE certificate
> DANE TLSA 3 0 1 [de449278..]: OK matched EE certificate
Presumably because only RSA was negotiated (mind you in my tests I get
ECDSA by default, and have to go out of my way to get RSA, but that does
not matter so much).
> I tried without tls_require_ciphers or with
> tls_require_ciphers = ECDSA:RSA:HIGH:!MD5:!SHA1:!COMPLEMENTOFDEFAULT
> but all fails.
These ciphers have no effect on TLS 1.3, which uses a completely
different cipher selection mechanism.
However, enabling multiple algorithms is an advanced use-case, you're
probably better off with just RSA for now. See:
https://mail.sys4.de/pipermail/dane-users/2017-August/000417.html
--
Viktor.
