On Mon, May 31, 2021 at 01:44:39PM +0200, Marcin Gryszkalis via Exim-users wrote:
> exim's cipher list is wide
> ALL:!EXPORT:!DES:!RC2:!RC4:!MD5:!PSK:!aNULL:!eNULL:!EXP:!SRP:!DSS:!DHE:!3DES
What is the reason for disabling DHE ciphers? And though in modern
OpenSSL releases there are no longer any "LOW" ciphers, for some reason
you've left those potentially enabled, while making extra sure to delete
the export ones twice. The "PSK" and "SRP" ciphers are harmless, since
they're off by default anyway, without appropriate configuration.
This cipher list looks rather kludgey. Try "DEFAULT".
> 40884 openssl option, adding to 03104000: 02000000 (no_sslv3 +no_sslv2 +cipher_server_preference)
> 40884 openssl option, adding to 03104000: 01000000 (no_sslv2 +cipher_server_preference)
> 40884 openssl option, adding to 03104000: 00400000 (cipher_server_preference)
> 40884 setting SSL CTX options: 0x3504000
> 40884 Diffie-Hellman initialized from default with 2048-bit prime
> 40884 ECDH OpenSSL 1.0.2+ temp key parameter settings: autoselection
> 40884 tls_certificate file '/letsencrypt/certs/mail.domain.com/fullchain.pem'
> 40884 tls_privatekey file '/letsencrypt/certs/mail.domain.com/privkey.pem'
> 40884 Initialized TLS
> 40884 required ciphers: ALL:!EXPORT:!DES:!RC2:!RC4:!MD5:!PSK:!aNULL:!eNULL:!EXP:!SRP:!DSS:!DHE:!3DES
> 40884 host in tls_verify_hosts? no (option unset)
> 40884 host in tls_try_verify_hosts? no (end of list)
> 40884 SMTP>> 220 TLS go ahead
> 40884 Calling SSL_accept
> 40884 SSL_accept: before/accept initialization
> 40884 SSL3 alert write:fatal:handshake failure
That rather looks like your own server is initiating the handshake
failure. It is writing the alert, not reading a remote alert.
> 40884 SSL_accept: error in error
> 40884 SSL_accept: error in error
I haven't seen that one much. Perhaps an issue in the Exim OpenSSL glue
code.
> 40884 TLS error '(SSL_accept): error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher'
>
> 40884 LOG: MAIN
> 40884 TLS error on connection from mail.externaldomain.com [1.2.3.4]
> I=[192.168.1.3]:25 (SSL_accept): error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
> 40884 TLS failed to start
The server does not believe it has any shared ciphers available. You
should also check the system-wide "openssl.cnf" file for any vendor
configured protocol or cipher restrictions.
>
> wireshark dump from client hello
This does not look like the entire client hello message.
>
> Cipher Suites Length: 24
> Cipher Suites (12 suites)
> Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
> Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
> Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
> Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
> Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
> Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
> Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
> Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
> Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
> Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
> Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
> Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
> Compression Methods Length: 1
> Compression Methods (1 method)
> Compression Method: null (0)
> Extensions Length: 51
> Extension: supported_groups (len=4)
> Type: supported_groups (10)
> Length: 4
> Supported Groups List Length: 2
> Supported Groups (1 group)
> Supported Group: secp256r1 (0x0017)
> Extension: ec_point_formats (len=2)
> Type: ec_point_formats (11)
> Length: 2
> EC point formats Length: 1
> Elliptic curves point formats (1)
> EC point format: uncompressed (0)
> Extension: signature_algorithms (len=20)
> Type: signature_algorithms (13)
> Length: 20
> Signature Hash Algorithms Length: 18
> Signature Hash Algorithms (9 algorithms)
> Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
> Signature Hash Algorithm Hash: SHA256 (4)
> Signature Hash Algorithm Signature: RSA (1)
> Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
> Signature Hash Algorithm Hash: SHA384 (5)
> Signature Hash Algorithm Signature: RSA (1)
> Signature Algorithm: rsa_pkcs1_sha1 (0x0201)
> Signature Hash Algorithm Hash: SHA1 (2)
> Signature Hash Algorithm Signature: RSA (1)
> Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
> Signature Hash Algorithm Hash: SHA256 (4)
> Signature Hash Algorithm Signature: ECDSA (3)
> Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
> Signature Hash Algorithm Hash: SHA384 (5)
> Signature Hash Algorithm Signature: ECDSA (3)
> Signature Algorithm: ecdsa_sha1 (0x0203)
> Signature Hash Algorithm Hash: SHA1 (2)
> Signature Hash Algorithm Signature: ECDSA (3)
> Signature Algorithm: SHA1 DSA (0x0202)
> Signature Hash Algorithm Hash: SHA1 (2)
> Signature Hash Algorithm Signature: DSA (2)
> Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
> Signature Hash Algorithm Hash: SHA512 (6)
> Signature Hash Algorithm Signature: RSA (1)
> Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)
> Signature Hash Algorithm Hash: SHA512 (6)
> Signature Hash Algorithm Signature: ECDSA (3)
> Extension: session_ticket (len=0)
> Type: session_ticket (35)
> Length: 0
> Data (0 bytes)
> Extension: extended_master_secret (len=0)
> Type: extended_master_secret (23)
> Length: 0
> Extension: renegotiation_info (len=1)
> Type: renegotiation_info (65281)
> Length: 1
> Renegotiation Info extension
> Renegotiation info extension length: 0
And where's the server's reply (HELLO or alert?)?
--
Viktor.
