Open HLFH opened 1 year ago
@aeris It works with Hardenize but not with Cryptcheck. https://www.hardenize.com/report/dhautefeuille.eu/1688641166#email_tls
Hello, I try to debug this issue but currently don't understand very well the root cause. Seems analysis starts correctly, but at some point a handshake explode for no reason.
Analysis starts well, but then crash for no reason during curve checking… :thinking:
I probably get these errors:
juil. 07 13:04:00 arch-server postfix/smtpd[229081]: connect from unknown[...]
juil. 07 13:04:00 arch-server postfix/smtpd[229081]: setting up TLS connection from unknown[...]
juil. 07 13:04:00 arch-server postfix/smtpd[229081]: unknown[...]: TLS cipher list "aNULL:-aNULL:HIGH:MEDIUM:!SEED:!IDEA:!3DES:!RC2:!RC4:!RC5:!kDH:!kECDH:!aDSS:!MD5:+RC4:@S>
juil. 07 13:04:00 arch-server postfix/smtpd[229081]: SSL_accept:before SSL initialization
juil. 07 13:04:00 arch-server postfix/smtpd[229081]: SSL_accept:before SSL initialization
juil. 07 13:04:00 arch-server postfix/smtpd[229081]: SSL3 alert write:fatal:handshake failure
juil. 07 13:04:00 arch-server postfix/smtpd[229081]: SSL_accept:error in error
juil. 07 13:04:00 arch-server postfix/smtpd[229081]: SSL_accept error from unknown[...]: -1
juil. 07 13:04:00 arch-server postfix/smtpd[229081]: warning: TLS library problem: error:0A0000C1:SSL routines::no shared cipher:ssl/statem/statem_srvr.c:2220:
juil. 07 13:04:00 arch-server postfix/smtpd[229081]: lost connection after STARTTLS from unknown[...]
juil. 07 13:04:00 arch-server postfix/smtpd[229081]: disconnect from unknown[...] ehlo=1 starttls=0/1 commands=1/2
juil. 07 13:04:00 arch-server postfix/smtpd[229081]: connect from unknown[...]
juil. 07 13:04:00 arch-server postfix/smtpd[229081]: setting up TLS connection from unknown[...]
juil. 07 13:04:00 arch-server postfix/smtpd[229081]: unknown[...]: TLS cipher list "aNULL:-aNULL:HIGH:MEDIUM:!SEED:!IDEA:!3DES:!RC2:!RC4:!RC5:!kDH:!kECDH:!aDSS:!MD5:+RC4:@S>
juil. 07 13:04:00 arch-server postfix/smtpd[229081]: SSL_accept:before SSL initialization
juil. 07 13:04:00 arch-server postfix/smtpd[229081]: SSL_accept:before SSL initialization
juil. 07 13:04:00 arch-server postfix/smtpd[229081]: SSL3 alert write:fatal:handshake failure
juil. 07 13:04:00 arch-server postfix/smtpd[229081]: SSL_accept:error in error
juil. 07 13:04:00 arch-server postfix/smtpd[229081]: SSL_accept error from unknown[...]: -1
juil. 07 13:04:00 arch-server postfix/smtpd[229081]: warning: TLS library problem: error:0A0000C1:SSL routines::no shared cipher:ssl/statem/statem_srvr.c:2220:
juil. 07 13:04:00 arch-server postfix/smtpd[229081]: lost connection after STARTTLS from unknown[...]
juil. 07 13:04:00 arch-server postfix/smtpd[229081]: disconnect from unknown[...] ehlo=1 starttls=0/1 commands=1/2
Might be related to an openssl bug: https://github.com/openssl/openssl/issues/21346.
I may need to wait for openssl
3.2 release...
Hi, @aeris
Currently testing SMTP TLS encryption with Cryptcheck. https://cryptcheck.fr/smtp/dhautefeuille.eu
I am getting an error:
Not sure why since everything seems correct.
Not sure if the time is correct on Cryptcheck service as well?
Any required logs or conf to submit (postfix, dovecot, openssl, ssldump...)?
➜ postconf mail_version mail_version = 3.8.1 ➜ dovecot --version 2.3.20 (80a5ac675d) ➜ openssl version OpenSSL 3.1.1 30 May 2023 (Library: OpenSSL 3.1.1 30 May 2023) ➜ certbot --version certbot 2.6.0
Using the latest versions available of these packages on Arch Linux.
Some of the postfix conf. I have:
And for Dovecot:
The whole Mail SNI is set up.