Bug#338006: [Pkg-openssl-devel] Bug#338006: Postfix problem still there

Kurt Roeckx kurt at roeckx.be
Mon Jan 23 00:18:41 UTC 2006 

On Sun, Jan 22, 2006 at 11:20:10PM +0100, Martin Sebald wrote:
> 
> I tried it after Yari wrote again (I attached his mail at the bottom of
> this mail). And it works. I also do not think it is the best solution but I
> think it is a workaround until the bug in OpenSSL is fixed.

The default cipher list used by openssl is:
$ openssl ciphers
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:DHE-DSS-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:RC4-64-MD5:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-CBC-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-RC4-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5

Or:
$ openssl ciphers 'ALL:!ADH:+RC4:@STRENGTH'
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:DHE-DSS-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:RC4-64-MD5:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-CBC-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-RC4-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5

The suggested workaround by Yari gives:
$ openssl ciphers 'SSLv2:-LOW:-EXPORT:RC4+RSA'
DES-CBC3-MD5:RC2-CBC-MD5:RC4-MD5:EXP1024-RC4-SHA:EXP1024-RC4-MD5:RC4-SHA:RC4-MD5:EXP-RC4-MD5:RC4-64-MD5:EXP-RC4-MD5

Order by stregth:
$ openssl ciphers 'SSLv2:-LOW:-EXPORT:RC4+RSA:@STRENGTH'
DES-CBC3-MD5:RC2-CBC-MD5:RC4-MD5:RC4-SHA:RC4-MD5:RC4-64-MD5:EXP1024-RC4-SHA:EXP1024-RC4-MD5:EXP-RC4-MD5:EXP-RC4-MD5

Restricting it to only tls1:
openssl ciphers -tls1 'SSLv2:-LOW:-EXPORT:RC4+RSA'
EXP1024-RC4-SHA:EXP1024-RC4-MD5:RC4-SHA:RC4-MD5:EXP-RC4-MD5

The default restricted to tls1:
openssl ciphers -tls1
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:DHE-DSS-RC4-SHA:RC4-SHA:RC4-MD5:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-CBC-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-RC4-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5

You might also want to add a -v to that if you want to know more
about them, and see man ciphers(1) for more.

When trying a connection to the server with the default, I get
this:
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA

When using it on the server side (as his suggestion), I get:
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-SHA

With Yari's suggestion on the client side get:
SSL-Session:
    Protocol  : TLSv1
    Cipher    : EXP1024-RC4-SHA

After ordering it by strength on the client side I get this
again:
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-SHA

The ciphers:
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
EXP1024-RC4-SHA         SSLv3 Kx=RSA(1024) Au=RSA  Enc=RC4(56)   Mac=SHA1 export

Some more fun trying things:
If it's using -no_ssl2 on the client, it will end up with using
compression, not using -no_ssl2 will not give compression, so
will result in a connection that works.  I really can't recommend
using ssl2, so -no_ssl2 is actually a good option.

In my case wether using the -no_ssl2 option or not, both end up
with TLSv1 connection.

Using the -no_tls1 options on either client or server also
generates a working connection, using SSLv3 in my case.  So using
-no_ssl2 and -no_tls1 on the server side would also be an option.
This even generates a compressed link that works if the client is
also using -no_ssl2.

I think the -no_tls1 in combination with -no_ssl2 on the
server side might actually be the best workaround.  I don't know
if you can do something like that in the postfix configuration
though.

If I use Yari's cipher list on the server side, I also get a
working TLSv1 connection, just with a different cipher as shown
above.  When the client uses -no_ssl2 it's with compression.

I'm not sure why sometimes using compression is a problem and
sometimes not.  I guess in those cases it's not at sequence 0
anymore so it works.


Kurt

More information about the Pkg-openssl-devel mailing list