Loading ...
Sorry, an error occurred while loading the content.
Skip to search.
 

TLS library problem after updating "openssl"

Expand Messages
  • Jerry
    System: FreeBSD 8.2-STABLE amd64 I just updated to openssl-1.0.1 on my machine. The machine went trough a complete reboot so I would assume that everything
    Message 1 of 11 , Apr 22, 2012
      System: FreeBSD 8.2-STABLE amd64

      I just updated to "openssl-1.0.1" on my machine. The machine went
      trough a complete reboot so I would assume that everything was started
      correctly. I did rebuild Postfix after updating "openssl". I am using
      the "postfix-current" port supplied by FreeBSD which currently reports:
      Postfix (2.10-20120308) as the version in use.

      Since the update, I have noticed these error messages in the "maillog"

      Apr 22 09:53:40 scorpio postfix/smtpd[28788]: connect from localhost[127.0.0.1]
      Apr 22 09:53:40 scorpio postfix/smtpd[28788]: 3VbC2D60J4z2CG5l: client=localhost[127.0.0.1], sasl_method=CRAM-MD5, sasl_username=**SECRET**
      Apr 22 09:53:40 scorpio postfix/smtpd[28781]: disconnect from localhost[127.0.0.1]
      Apr 22 09:53:40 scorpio postfix/cleanup[28784]: 3VbC2D60J4z2CG5l: message-id=<20120422095340.4fb91a01@scorpio>
      Apr 22 09:53:40 scorpio postfix/qmgr[5971]: 3VbC2D60J4z2CG5l: from=<**SENDER**>, size=1550, nrcpt=1 (queue active)
      Apr 22 09:53:40 scorpio postfix/smtpd[28788]: disconnect from localhost[127.0.0.1]
      Apr 22 09:53:41 scorpio postfix/smtp[28789]: warning: TLS library problem: 28789:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:340:
      Apr 22 09:53:41 scorpio postfix/smtp[28789]: 3VbC2D60J4z2CG5l: to=<**RECIPIENT>, relay=smtp.live.com[65.55.162.200]:25, delay=0.48, delays=0.11/0.03/0.34/0, dsn=4.4.2, status=deferred (lost connection with smtp.live.com[65.55.162.200] while performing the EHLO handshake)

      I am assuming that this is because of the update to "openssl-1.0.1";
      however, it does not happen with any other client. Has anyone else
      experienced this problem or have a possible solution?

      --
      Jerry ✌
      postfix-user@...
      _____________________________________________________________________
      TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
      TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
    • Bradley Giesbrecht
      ... I have experienced many broken packages after upgrading to openssl 1.0.1 that upgrading to openssl 1.0.1a appears to have fixed. Regards, Bradley
      Message 2 of 11 , Apr 22, 2012
        On Apr 22, 2012, at 7:16 AM, Jerry wrote:

        > System: FreeBSD 8.2-STABLE amd64
        >
        > I just updated to "openssl-1.0.1" on my machine.


        I have experienced many broken packages after upgrading to "openssl 1.0.1" that upgrading to "openssl 1.0.1a" appears to have fixed.

        Regards,
        Bradley Giesbrecht
      • Julien Vehent
        ... On other system, I have noticed that openssl-1.0.1 uses TLS1.2 by default and that seemed to break a bunch of connections. Try opening connections with
        Message 3 of 11 , Apr 22, 2012
          On 2012-04-22 10:16, Jerry wrote:
          > System: FreeBSD 8.2-STABLE amd64
          >
          > I just updated to "openssl-1.0.1" on my machine. The machine went
          > trough a complete reboot so I would assume that everything was started
          > correctly. I did rebuild Postfix after updating "openssl". I am using
          > the "postfix-current" port supplied by FreeBSD which currently reports:
          > Postfix (2.10-20120308) as the version in use.
          >
          > Since the update, I have noticed these error messages in the "maillog"
          >
          > ...
          >
          > I am assuming that this is because of the update to "openssl-1.0.1";
          > however, it does not happen with any other client. Has anyone else
          > experienced this problem or have a possible solution?

          On other system, I have noticed that openssl-1.0.1 uses TLS1.2 by default
          and that seemed to break a bunch of connections.
          Try opening connections with different TLS versions and see which ones
          break:

          openssl s_client -connect server:25 -starttls smtp -tls1_2
          openssl s_client -connect server:25 -starttls smtp -tls1_1
          openssl s_client -connect server:25 -starttls smtp -tls1
          openssl s_client -connect server:25 -starttls smtp -ssl3

          --
          Julien Vehent - http://1nw.eu/!j
        • Jerry
          On Sun, 22 Apr 2012 12:25:05 -0400 ... I am wondering if openssl 1.0.1a corrects this problem. I am going to install it later today and see what happens. On
          Message 4 of 11 , Apr 22, 2012
            On Sun, 22 Apr 2012 12:25:05 -0400
            Julien Vehent articulated:

            >On other system, I have noticed that openssl-1.0.1 uses TLS1.2 by
            >default and that seemed to break a bunch of connections.
            >Try opening connections with different TLS versions and see which ones
            >break:
            >

            Both fail:
            >openssl s_client -connect server:25 -starttls smtp -tls1_2
            >openssl s_client -connect server:25 -starttls smtp -tls1_1

            Successful connection:
            >openssl s_client -connect server:25 -starttls smtp -tls1
            >openssl s_client -connect server:25 -starttls smtp -ssl3

            I am wondering if "openssl 1.0.1a" corrects this problem. I am going to
            install it later today and see what happens.

            On another note, is there a setting that would force Postfix to NOT use
            "tls1_2 or tls1_1"? I am sure that it is listed somewhere in the
            documentation so I just have to get my ass in gear and read up on it.

            --
            Jerry ✌
            postfix-user@...
            _____________________________________________________________________
            TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
            TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
          • Viktor Dukhovni
            ... Please post the results. ... The OpenSSL API does not provide an interface to allow older programs to disable new protocol versions defined in later
            Message 5 of 11 , Apr 22, 2012
              On Sun, Apr 22, 2012 at 12:47:41PM -0400, Jerry wrote:

              > I am wondering if "openssl 1.0.1a" corrects this problem. I am going to
              > install it later today and see what happens.

              Please post the results.

              > On another note, is there a setting that would force Postfix to NOT use
              > "tls1_2 or tls1_1"? I am sure that it is listed somewhere in the
              > documentation so I just have to get my ass in gear and read up on it.

              The OpenSSL API does not provide an interface to allow older programs
              to disable new protocol versions defined in later versions of the API.

              Therefore, to disable TLS 1.1 or 1.2 one has to add code that uses
              the new constants introduced with OpenSSL 1.0.1.

              Proposed patch attached.

              --
              Viktor.
            • Wietse Venema
              ... That will be a solution for Postfix 2.10. Meanwhile, for earlier Postfix releases, how much of the problem can be solved by changing from:
              Message 6 of 11 , Apr 22, 2012
                Viktor Dukhovni:
                > The OpenSSL API does not provide an interface to allow older programs
                > to disable new protocol versions defined in later versions of the API.
                >
                > Therefore, to disable TLS 1.1 or 1.2 one has to add code that uses
                > the new constants introduced with OpenSSL 1.0.1.
                >
                > Proposed patch attached.

                That will be a solution for Postfix 2.10.

                Meanwhile, for earlier Postfix releases, how much of the problem
                can be solved by changing from:

                mumble_tls_mandatory_protocols = SSLv3, TLSv1

                (i.e. the current default) to:

                mumble_tls_mandatory_protocols = !SSLv2

                I don't mind that the older Postfix versions would not be able to
                turn on/off protocols that didn't exist at the time Postfix was
                released.

                Wietse
              • Viktor Dukhovni
                ... The two defaults are equivalent when the protocols known to Postfix are just SSLv2, SSLv3 and TLSv1 (even if the SSL library implements additional
                Message 7 of 11 , Apr 22, 2012
                  On Sun, Apr 22, 2012 at 03:12:26PM -0400, Wietse Venema wrote:

                  > > Proposed patch attached.
                  >
                  > That will be a solution for Postfix 2.10.
                  >
                  > Meanwhile, for earlier Postfix releases, how much of the problem
                  > can be solved by changing from:
                  >
                  > mumble_tls_mandatory_protocols = SSLv3, TLSv1
                  >
                  > (i.e. the current default) to:
                  >
                  > mumble_tls_mandatory_protocols = !SSLv2

                  The two defaults are equivalent when the protocols known to Postfix
                  are just SSLv2, SSLv3 and TLSv1 (even if the SSL library implements
                  additional protocols). Either way, Postfix sets the SSL_OP_NO_SSLv2
                  flag.

                  This default, would however also disable TLSv1_1 and TLSv1_2 in
                  with the 2.10 patch that adds knowledge of those protocols to Postfix,
                  so it made sense to change the default to be "!SSLv2", which is what
                  it really means.

                  So, sure, we can change the default to the equivalent "!SSLv2" in
                  earlier releases if that simplifies documentation, or otherwise
                  aids in clarity of "postconf" output.

                  --
                  Viktor.
                • Wietse Venema
                  ... Why do we need to have (expr & TLS_KNOWN_PROTOCOLS) in the code in the first place? If we get rid of it, then we don t have to rush out patches each time
                  Message 8 of 11 , Apr 22, 2012
                    Viktor Dukhovni:
                    > On Sun, Apr 22, 2012 at 03:12:26PM -0400, Wietse Venema wrote:
                    >
                    > > > Proposed patch attached.
                    > >
                    > > That will be a solution for Postfix 2.10.
                    > >
                    > > Meanwhile, for earlier Postfix releases, how much of the problem
                    > > can be solved by changing from:
                    > >
                    > > mumble_tls_mandatory_protocols = SSLv3, TLSv1
                    > >
                    > > (i.e. the current default) to:
                    > >
                    > > mumble_tls_mandatory_protocols = !SSLv2
                    >
                    > The two defaults are equivalent when the protocols known to Postfix
                    > are just SSLv2, SSLv3 and TLSv1 (even if the SSL library implements
                    > additional protocols). Either way, Postfix sets the SSL_OP_NO_SSLv2
                    > flag.
                    >
                    > This default, would however also disable TLSv1_1 and TLSv1_2 in
                    > with the 2.10 patch that adds knowledge of those protocols to Postfix,
                    > so it made sense to change the default to be "!SSLv2", which is what
                    > it really means.

                    Why do we need to have (expr & TLS_KNOWN_PROTOCOLS) in the code
                    in the first place? If we get rid of it, then we don't have to
                    rush out patches each time the OpenSSL team comes out with a
                    new incompatible protocol.

                    Wietse

                    > So, sure, we can change the default to the equivalent "!SSLv2" in
                    > earlier releases if that simplifies documentation, or otherwise
                    > aids in clarity of "postconf" output.
                    >
                    > --
                    > Viktor.
                    >
                  • Viktor Dukhovni
                    ... The TLS_KNOWN_PROTOCOLS bits are a Postfix tls.h feature, there is no OpenSSL feature that tells us which of the option bits are protocols, and which are
                    Message 9 of 11 , Apr 22, 2012
                      On Sun, Apr 22, 2012 at 03:28:43PM -0400, Wietse Venema wrote:

                      > Why do we need to have (expr & TLS_KNOWN_PROTOCOLS) in the code
                      > in the first place? If we get rid of it, then we don't have to
                      > rush out patches each time the OpenSSL team comes out with a
                      > new incompatible protocol.

                      The "TLS_KNOWN_PROTOCOLS" bits are a Postfix tls.h feature, there
                      is no OpenSSL feature that tells us which of the option bits are
                      protocols, and which are bug work-arounds, ...

                      I can't turn off TLSv1_3, without predicting which option bit will
                      be selected for SSL_OP_NO_TLSv1_3, I don't own that crystal ball. :-)

                      There are various API design warts in OpenSSL, using the same
                      bitmask for both bug-workarounds and protocol selection is just
                      one of the unfortunate "optimizations".

                      --
                      Viktor.
                    • Wietse Venema
                      ... Yes, but do we need this? Otherwise I ll rip this out and avoid the need to rush out five inter-operability patches each time that the OpenSSL team
                      Message 10 of 11 , Apr 22, 2012
                        Viktor Dukhovni:
                        > On Sun, Apr 22, 2012 at 03:28:43PM -0400, Wietse Venema wrote:
                        >
                        > > Why do we need to have (expr & TLS_KNOWN_PROTOCOLS) in the code
                        > > in the first place? If we get rid of it, then we don't have to
                        > > rush out patches each time the OpenSSL team comes out with a
                        > > new incompatible protocol.
                        >
                        > The "TLS_KNOWN_PROTOCOLS" bits are a Postfix tls.h feature, there

                        Yes, but do we need this? Otherwise I'll rip this out and avoid
                        the need to rush out five inter-operability patches each time
                        that the OpenSSL team enriches our lives with another protocol.

                        Wietse
                      • Viktor Dukhovni
                        ... When OpenSSL adds new protocols we still need new code to support exclusion of new protocols. Nothing in TLS_KNOWN_PROTOCOLS changes that. The
                        Message 11 of 11 , Apr 22, 2012
                          On Sun, Apr 22, 2012 at 04:13:03PM -0400, Wietse Venema wrote:

                          > > On Sun, Apr 22, 2012 at 03:28:43PM -0400, Wietse Venema wrote:
                          > >
                          > > > Why do we need to have (expr & TLS_KNOWN_PROTOCOLS) in the code
                          > > > in the first place? If we get rid of it, then we don't have to
                          > > > rush out patches each time the OpenSSL team comes out with a
                          > > > new incompatible protocol.
                          > >
                          > > The "TLS_KNOWN_PROTOCOLS" bits are a Postfix tls.h feature, there
                          >
                          > Yes, but do we need this? Otherwise I'll rip this out and avoid
                          > the need to rush out five inter-operability patches each time
                          > that the OpenSSL team enriches our lives with another protocol.

                          When OpenSSL adds new protocols we still need new code to support
                          exclusion of new protocols. Nothing in "TLS_KNOWN_PROTOCOLS" changes
                          that.

                          The "TLS_KNOWN_PROTOCOLS" bitmask supports conversion of:

                          smtp_tls_protocols = TLSv1

                          to the equivalent (for Postfix 2.9 or earlier)

                          smtp_tls_protocols = !SSLv2, !SSLv3

                          With Postfix 2.10 (patched as proposed), the equivalent exclusion
                          form is:

                          smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1_1, !TLSv1_2

                          so the mapping from a set to its complement, naturally depends on
                          the universal set at hand.

                          Dropping the inclusion syntax creates a backwards compatibility
                          problem.

                          I am not sure why you feel there is an imperative to drop it. If
                          we don't want to implement features to disable new protocols, we
                          don't need to make any code changes. If we do want to allow
                          control over new protocols, we need new code, with our without
                          TLS_KNOWN_PROTOCOLS.

                          --
                          Viktor.
                        Your message has been successfully submitted and would be delivered to recipients shortly.