[Bug 216790] mail/postfix-current smtpd_tls_eecdh_grade = auto and X25519 not working with LibreSSL 2.5.1

Sat Feb 4 19:24:12 UTC 2017

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216790

            Bug ID: 216790
           Summary: mail/postfix-current smtpd_tls_eecdh_grade = auto and
                    X25519 not working with LibreSSL 2.5.1
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ohauer at FreeBSD.org
          Reporter: olivierw1+bugzilla-freebsd at hotmail.com
             Flags: maintainer-feedback?(ohauer at FreeBSD.org)
          Assignee: ohauer at FreeBSD.org

Created attachment 179608
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=179608&action=edit
Add debug messages to postfix. Not to be released!

Hello,

Sorry, it's long and I'm a bit lost trying to fix the auto selection of EC
curves.

Last version of postfix-current has this default values:
"smtpd_tls_eecdh_grade = auto
tls_eecdh_auto_curves = X25519 X448 prime256v1 secp521r1 secp384r1"

LibreSSL 2.5.1 implements SSL_CTX_set1_curves() so this feature should work.

Unfortunaletly, in postfix's log, I'm getting this: "warning: Invalid TLS eecdh
grade "auto": EECDH disabled" and when I'm trying to connect to my postfix
with:
"/usr/local/bin/openssl s_client -starttls smtp -crlf -connect my-server:25",
I can find: "Server Temp Key: DH, 2048 bits"

In previous postfix version with LibreSSL 2.5.0 (so no EC autodetect feature),
I was getting:
"Server Temp Key: ECDH, P-256, 256 bits"
or
"Server Temp Key: ECDH, P-384, 384 bits"

To fix this (EECDH disabled), we can use in postfix's main.cf:
"smtpd_tls_eecdh_grade = ultra" or "smtpd_tls_eecdh_grade = strong" instead of
"auto" (will use secp384r1 or prime256v1)

I've also tried to use X25519 with this setup:
"smtpd_tls_eecdh_grade = ultra
tls_eecdh_ultra_curve = X25519",
unfortunately I'm getting this warning:
"warning: unable to use curve "X25519": disabling EECDH support"

If I try a random name for the curve, like "blahblah", I'm getting this
different warning:
"warning: unknown curve "blahblah": disabling EECDH support"
Meaning X25519 is recognized but not usable for some reasons.

Then I tried to make "auto" works... and I've been lost in postfix and libressl
source code. I have no idea if the problem comes from postfix or libressl
(important: autoselection of EC curves does work with nginx-devel + LibreSSL
2.5.1).

So, in this patch
https://svnweb.freebsd.org/ports/head/mail/postfix-current/files/patch-src_tls_tls__dh.c?revision=433285&view=markup
I changed every "&& !defined(LIBRESSL_VERSION_NUMBER)" to "&&
(!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x2050100fUL)"

I think it's the correct way to detect LibreSSL 2.5.1 without breaking old
versions.

This way, I'm not getting anymore the: "warning: Invalid TLS eecdh grade
"auto": EECDH disabled" message, but I'm still getting: "Server Temp Key: DH,
2048 bits" while trying to connect to my postfix server with LibreSSL.
So EECDH support is still silently disabled.

I tried to add debug message in "src/tls/tls_dh.c" around line 274, but
couldn't find where was the problem. In this piece of code, postfix correctly
detect X25519, prime256v1, secp521r1, secp384r1 and ignore X448.

If someone want to dig this problem, I've attached my patch which add 3 debug
message.

Maybe it's an easy fix for someone who know postfix and libressl code well. On
my side I don't know how to help more.

Best Regards.

-- 
You are receiving this mail because:
You are the assignee for the bug.