Re: [exim] OpenSSL IOT woes

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Viktor Dukhovni
Dátum:  
Címzett: exim-users
Tárgy: Re: [exim] OpenSSL IOT woes
On Mon, Oct 03, 2022 at 06:08:58PM +0100, Jeremy Harris via Exim-users wrote:

> > Presumably it'll work for you if you connect to:
> >
> >      [dnssec-stats.ant.isi.edu]:25

>
> It does.


Ok, so the client side is not the problem...

> > So the barrier is some interaction between Exim and OpenSSL that makes
> > TLS 1.0 and 1.1 unavailable.
>
> Yes, or the system my test server is running on forcing no TLSv1.1 support
> (do/can they do that?)


Yes, in the "openssl.cnf" file located in the directory reported by

    $ openssl version -d
    OPENSSLDIR: "/etc/pki/tls"


On my Fedora 36 system this has:

    [ ssl_module ]
    system_default = crypto_policy


    [ crypto_policy ]
    .include = /etc/crypto-policies/back-ends/opensslcnf.config


Which in turn has:

    CipherString = @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:kRSAPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
    Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256
    TLS.MinProtocol = TLSv1.2
    TLS.MaxProtocol = TLSv1.3
    DTLS.MinProtocol = DTLSv1.2
    DTLS.MaxProtocol = DTLSv1.2
    SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224


    [openssl_init]
    alg_section = evp_properties


    [evp_properties]
    rh-allow-sha1-signatures = yes


The default configuration of Postfix 3.6 explicitly overrides the TLS minimum
version:

    $ postconf -d smtpd_tls_protocols
    smtpd_tls_protocols = >=TLSv1


Perhaps Exim has no such facility, or does not use it by default.

    https://github.com/vdukhovni/postfix/blob/ae9d7a6a631f4b164702a55c7674c50afc610f75/postfix/src/tls/tls_server.c#L572-L577
    https://github.com/vdukhovni/postfix/blob/ae9d7a6a631f4b164702a55c7674c50afc610f75/postfix/src/tls/tls_server.c#L422-L428


> Could the min/max protocol stuff mentioned in
> https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html
> be affecting it?


Yes.

> Exim has no SSL_CONF_* calls currently; probably never has in it's
> history.


Right, but the openssl.cnf file does set various parameters. You don't
have to support the "stringy" SSL_CONF API, you can set the min/max
protocol versions directly if that's preferred.

One option is to allow the administrator to specify a non-default
configuration file, and perform explicit library initialisation early,
before doing anything with OpenSSL. That config file can be more
liberal than what's found in the default system-wide file.

> I'm not sure how to debug. Does OpenSSL offer detailed internal
> debug the way that GnuTLS does?


You can enable protocol message debugging, but support for debugging
internal configuration actions is mostly not there. In particular,
SSL_CONF command processing is silent.

-- 
    Viktor.