[csw-maintainers] OpenSSL problem after upgrade

Yann Rouillard yann at pleiades.fr.eu.org
Thu Apr 25 21:03:28 CEST 2013


I still don't reproduce the bug.

I do:
$ openssl s_client -cipher ECDHE-RSA-AES256-SHA -connect localhost:465
or
$ openssl s_client -cipher ECDHE-RSA-AES256-SHA -connect localhost:25
-starttls smtp


And it seems to work fine:
Apr 25 23:01:19 solaris11-vm postfix/smtps/smtpd[1466]: [ID 197553 mail.info]
Anonymous TLS connection established from
solaris11-vm.pleiades.fr.eu.org[127.0.0.1]:
TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)

Apr 25 23:02:02 solaris11-vm postfix/smtpd[1448]: [ID 197553 mail.info]
Anonymous TLS connection established from
solaris11-vm.pleiades.fr.eu.org[127.0.0.1]:
TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)

ECDHE-RSA-AES256-SHA use the SHA1 algorithm.


What is the client used to trigger the problem ?

Yann





2013/4/25 Juraj Lutter <wilbury at opencsw.org>

> On 04/25/2013 05:45 PM, Yann Rouillard wrote:
> > Hi Juraj,
> >
> > sha1 seems to be available:
> > $ openssl dgst -sha1 /tmp/file
> > SHA1(/tmp/file)= da39a3ee5e6b4b0d3255bfef95601890afd80709
> >
> > I don't reproduce your bug.
> > Can you send me your postfix configuration ?
>
> Relevant lines are:
>
> smtpd_tls_security_level = may
> smtpd_tls_auth_only = no
> smtpd_tls_key_file =  /etc/opt/ows/postfix/ssl1/mailhub.ltc.sk.key
> smtpd_tls_cert_file = /etc/opt/ows/postfix/ssl1/mailhub.ltc.sk.crt
> smtpd_tls_CApath = /etc/opt/csw/ssl/certs
> smtpd_tls_loglevel = 1
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_timeout = 3600s
> smtpd_tls_cipherlist =  ALL:!aNULL:!eNULL:!LOW:!SSLv2:TLSv1:SSLv3:+EXP
> smtpd_tls_ask_ccert = yes
> smtpd_tls_req_ccert = no
> smtpd_tls_protocols = !SSLv2,SSLv3,TLSv1
> relay_clientcerts = dbm:/etc/opt/ows/postfix/relay_clientcerts
> tls_random_source = dev:/dev/urandom
>
> it's been working FOR YEARS, until yesterday when I've upgraded OpenSSL.
>
> :-(
>
> >
> >
> > Yann
> >
> >
> >
> >
> >
> >
> > 2013/4/25 Juraj Lutter <wilbury at opencsw.org <mailto:wilbury at opencsw.org
> >>
> >
> >     Hi,
> >
> >     after recent OpenSSL upgrade, my postfix started to yield following:
> >
> >     Apr 25 10:09:31 filesrv1 postfix-ltc-ssl/smtpd[24885]: [ID 947731
> >     mail.warning] warning: Digest algorithm "sha1" not found: disabling
> TLS
> >     support
> >
> >
> >     Have anyone of you also encountered this kind of behaviour?
> >
> >     Thanks.
> >
> >     --
> >     Juraj Lutter
> >     URL:  http://www.wilbury.sk/
> >     XMPP: juraj at lutter.sk <mailto:juraj at lutter.sk>
> >     Pekny, mily a usmievavy webhosting a serverhousing:
> http://www.nic.sk/
> >
> >     _______________________________________________
> >     maintainers mailing list
> >     maintainers at lists.opencsw.org <mailto:maintainers at lists.opencsw.org>
> >     https://lists.opencsw.org/mailman/listinfo/maintainers
> >     .:: This mailing list's archive is public. ::.
> >
> >
> >
> >
> > _______________________________________________
> > maintainers mailing list
> > maintainers at lists.opencsw.org
> > https://lists.opencsw.org/mailman/listinfo/maintainers
> > .:: This mailing list's archive is public. ::.
> >
>
>
> --
> Juraj Lutter <wilbury at opencsw.org>
> _______________________________________________
> maintainers mailing list
> maintainers at lists.opencsw.org
> https://lists.opencsw.org/mailman/listinfo/maintainers
> .:: This mailing list's archive is public. ::.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opencsw.org/pipermail/maintainers/attachments/20130425/34ee026f/attachment.html>


More information about the maintainers mailing list