On Mon, Oct 03, 2022 at 06:08:58PM +0100, Jeremy Harris via Exim-users wrote:
> > Presumably it'll work for you if you connect to:
> >
> > [dnssec-stats.ant.isi.edu]:25
>
> It does.
Ok, so the client side is not the problem...
> > So the barrier is some interaction between Exim and OpenSSL that makes
> > TLS 1.0 and 1.1 unavailable.
>
> Yes, or the system my test server is running on forcing no TLSv1.1 support
> (do/can they do that?)
Yes, in the "openssl.cnf" file located in the directory reported by
$ openssl version -d
OPENSSLDIR: "/etc/pki/tls"
On my Fedora 36 system this has:
[ ssl_module ]
system_default = crypto_policy
[ crypto_policy ]
.include = /etc/crypto-policies/back-ends/opensslcnf.config
Which in turn has:
CipherString = @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:kRSAPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256
TLS.MinProtocol = TLSv1.2
TLS.MaxProtocol = TLSv1.3
DTLS.MinProtocol = DTLSv1.2
DTLS.MaxProtocol = DTLSv1.2
SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
[openssl_init]
alg_section = evp_properties
[evp_properties]
rh-allow-sha1-signatures = yes
The default configuration of Postfix 3.6 explicitly overrides the TLS minimum
version:
$ postconf -d smtpd_tls_protocols
smtpd_tls_protocols = >=TLSv1
Perhaps Exim has no such facility, or does not use it by default.
https://github.com/vdukhovni/postfix/blob/ae9d7a6a631f4b164702a55c7674c50afc610f75/postfix/src/tls/tls_server.c#L572-L577
https://github.com/vdukhovni/postfix/blob/ae9d7a6a631f4b164702a55c7674c50afc610f75/postfix/src/tls/tls_server.c#L422-L428
> Could the min/max protocol stuff mentioned in
> https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html
> be affecting it?
Yes.
> Exim has no SSL_CONF_* calls currently; probably never has in it's
> history.
Right, but the openssl.cnf file does set various parameters. You don't
have to support the "stringy" SSL_CONF API, you can set the min/max
protocol versions directly if that's preferred.
One option is to allow the administrator to specify a non-default
configuration file, and perform explicit library initialisation early,
before doing anything with OpenSSL. That config file can be more
liberal than what's found in the default system-wide file.
> I'm not sure how to debug. Does OpenSSL offer detailed internal
> debug the way that GnuTLS does?
You can enable protocol message debugging, but support for debugging
internal configuration actions is mostly not there. In particular,
SSL_CONF command processing is silent.
--
Viktor.
