On Sun, Jan 22, 2006 at 11:20:10PM +0100, Martin Sebald wrote:
>
> I tried it after Yari wrote again (I attached his mail at the bottom of
> this mail). And it works. I also do not think it is the best solution but I
> think it is a workaround until the bug in OpenSSL is fixed.
The default cipher list used by openssl is:
$ openssl ciphers
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:DHE-DSS-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:RC4-64-MD5:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-CBC-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-RC4-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5
Or:
$ openssl ciphers 'ALL:!ADH:+RC4:@STRENGTH'
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:DHE-DSS-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:RC4-64-MD5:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-CBC-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-RC4-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5
The suggested workaround by Yari gives:
$ openssl ciphers 'SSLv2:-LOW:-EXPORT:RC4+RSA'
DES-CBC3-MD5:RC2-CBC-MD5:RC4-MD5:EXP1024-RC4-SHA:EXP1024-RC4-MD5:RC4-SHA:RC4-MD5:EXP-RC4-MD5:RC4-64-MD5:EXP-RC4-MD5
Order by stregth:
$ openssl ciphers 'SSLv2:-LOW:-EXPORT:RC4+RSA:@STRENGTH'
DES-CBC3-MD5:RC2-CBC-MD5:RC4-MD5:RC4-SHA:RC4-MD5:RC4-64-MD5:EXP1024-RC4-SHA:EXP1024-RC4-MD5:EXP-RC4-MD5:EXP-RC4-MD5
Restricting it to only tls1:
openssl ciphers -tls1 'SSLv2:-LOW:-EXPORT:RC4+RSA'
EXP1024-RC4-SHA:EXP1024-RC4-MD5:RC4-SHA:RC4-MD5:EXP-RC4-MD5
The default restricted to tls1:
openssl ciphers -tls1
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:DHE-DSS-RC4-SHA:RC4-SHA:RC4-MD5:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-CBC-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-RC4-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5
You might also want to add a -v to that if you want to know more
about them, and see man ciphers(1) for more.
When trying a connection to the server with the default, I get
this:
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
When using it on the server side (as his suggestion), I get:
SSL-Session:
Protocol : TLSv1
Cipher : RC4-SHA
With Yari's suggestion on the client side get:
SSL-Session:
Protocol : TLSv1
Cipher : EXP1024-RC4-SHA
After ordering it by strength on the client side I get this
again:
SSL-Session:
Protocol : TLSv1
Cipher : RC4-SHA
The ciphers:
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
EXP1024-RC4-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export
Some more fun trying things:
If it's using -no_ssl2 on the client, it will end up with using
compression, not using -no_ssl2 will not give compression, so
will result in a connection that works. I really can't recommend
using ssl2, so -no_ssl2 is actually a good option.
In my case wether using the -no_ssl2 option or not, both end up
with TLSv1 connection.
Using the -no_tls1 options on either client or server also
generates a working connection, using SSLv3 in my case. So using
-no_ssl2 and -no_tls1 on the server side would also be an option.
This even generates a compressed link that works if the client is
also using -no_ssl2.
I think the -no_tls1 in combination with -no_ssl2 on the
server side might actually be the best workaround. I don't know
if you can do something like that in the postfix configuration
though.
If I use Yari's cipher list on the server side, I also get a
working TLSv1 connection, just with a different cipher as shown
above. When the client uses -no_ssl2 it's with compression.
I'm not sure why sometimes using compression is a problem and
sometimes not. I guess in those cases it's not at sequence 0
anymore so it works.
Kurt
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
