Loading ...
Sorry, an error occurred while loading the content.

291297Re: TLS Library Problem? Postfix 2.9.6

Expand Messages
  • Viktor Dukhovni
    Feb 11, 2013
    • 0 Attachment
      On Mon, Feb 11, 2013 at 11:58:07PM +0100, weber@... wrote:

      > on my backup relay server i find these lines in the logs.
      > i rebuild openssl and postfix.
      > i am on gentoo linux.
      >
      > openssl 1.0.1c

      Gentoo builds software from source, are you sure you built OpenSSL
      1.0.1c and not the troubled 1.0.1d?

      > Feb 11 22:52:52 fallbackhost postfix/smtp[18823]: warning: TLS
      > library problem: 18823:error:04075070:rsa routines:RSA_sign:digest
      > too big for rsa key:rsa_sign.c:127:
      > Feb 11 22:52:52 fallbackhost postfix/smtp[18823]: warning: TLS
      > library problem: 18823:error:14099006:SSL
      > routines:SSL3_SEND_CLIENT_VERIFY:EVP lib:s3_clnt.c:2983:

      This is only possible when the client and server are using TLSv1.2
      and the client presents its own certificate. Do you have a client
      cert? If so, can you post the output of:

      $ openssl x509 -in clientcert.pem

      Also the output of:

      $ postconf -n | egrep '^(smtp_)?tls_'

      > any ideas? what causes these errors?

      The TLSv1.2 digest algorithm negotiated with the server is reportedly
      "too big" for your client certificate. If so, this feels like an
      implementation bug. The client should not present a certificate
      for which it can't generate a signature using the agreed digest.

      https://tools.ietf.org/html/rfc5246#section-7.4.8

      The hash and signature algorithms used in the signature MUST be
      one of those present in the supported_signature_algorithms field
      of the CertificateRequest message. In addition, the hash and
      signature algorithms MUST be compatible with the key in the
      client's end-entity certificate. RSA keys MAY be used with any
      permitted hash algorithm, subject to restrictions in the
      certificate, if any.

      You can retry the s_client command with the same client certificate
      configured with Postfix,

      $ openssl s_client \
      -cert clientcert.pem -key clientkey.pem \
      -state -debug -msg -starttls smtp -connect mail.zbfmail.de:25

      I'm only able to reproduce your problem when I generate and use an
      insecure 512-bit RSA client certificate (not a good plan).

      SSL_connect:SSLv3 write client key exchange A
      SSL_connect:error in SSLv3 write certificate verify A
      SSL_connect:error in SSLv3 write certificate verify A
      140735152091612:error:04075070:rsa routines:RSA_sign:digest too big for rsa key:rsa_sign.c:127:
      140735152091612:error:14099006:SSL routines:SSL3_SEND_CLIENT_VERIFY:EVP lib:s3_clnt.c:2983:

      When I specify a 1024-bit key, the handshake completes normally.
      Whatever motivated you to configure a client certificate, and
      particularly a pointlessly weak one that is well short of 1024-bits,
      was probably the result of a particularly delirious nightmare.

      Just relax and set:

      main.cf:
      smtp_tls_cert_file =
      smtp_tls_key_file =

      as documented in:

      http://www.postfix.org/TLS_README.html#client_cert_key

      --
      Viktor.
    • Show all 8 messages in this topic