Created attachment 179608 [details] Add debug messages to postfix. Not to be released! Hello, Sorry, it's long and I'm a bit lost trying to fix the auto selection of EC curves. Last version of postfix-current has this default values: "smtpd_tls_eecdh_grade = auto tls_eecdh_auto_curves = X25519 X448 prime256v1 secp521r1 secp384r1" LibreSSL 2.5.1 implements SSL_CTX_set1_curves() so this feature should work. Unfortunaletly, in postfix's log, I'm getting this: "warning: Invalid TLS eecdh grade "auto": EECDH disabled" and when I'm trying to connect to my postfix with: "/usr/local/bin/openssl s_client -starttls smtp -crlf -connect my-server:25", I can find: "Server Temp Key: DH, 2048 bits" In previous postfix version with LibreSSL 2.5.0 (so no EC autodetect feature), I was getting: "Server Temp Key: ECDH, P-256, 256 bits" or "Server Temp Key: ECDH, P-384, 384 bits" To fix this (EECDH disabled), we can use in postfix's main.cf: "smtpd_tls_eecdh_grade = ultra" or "smtpd_tls_eecdh_grade = strong" instead of "auto" (will use secp384r1 or prime256v1) I've also tried to use X25519 with this setup: "smtpd_tls_eecdh_grade = ultra tls_eecdh_ultra_curve = X25519", unfortunately I'm getting this warning: "warning: unable to use curve "X25519": disabling EECDH support" If I try a random name for the curve, like "blahblah", I'm getting this different warning: "warning: unknown curve "blahblah": disabling EECDH support" Meaning X25519 is recognized but not usable for some reasons. Then I tried to make "auto" works... and I've been lost in postfix and libressl source code. I have no idea if the problem comes from postfix or libressl (important: autoselection of EC curves does work with nginx-devel + LibreSSL 2.5.1). So, in this patch https://svnweb.freebsd.org/ports/head/mail/postfix-current/files/patch-src_tls_tls__dh.c?revision=433285&view=markup I changed every "&& !defined(LIBRESSL_VERSION_NUMBER)" to "&& (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x2050100fUL)" I think it's the correct way to detect LibreSSL 2.5.1 without breaking old versions. This way, I'm not getting anymore the: "warning: Invalid TLS eecdh grade "auto": EECDH disabled" message, but I'm still getting: "Server Temp Key: DH, 2048 bits" while trying to connect to my postfix server with LibreSSL. So EECDH support is still silently disabled. I tried to add debug message in "src/tls/tls_dh.c" around line 274, but couldn't find where was the problem. In this piece of code, postfix correctly detect X25519, prime256v1, secp521r1, secp384r1 and ignore X448. If someone want to dig this problem, I've attached my patch which add 3 debug message. Maybe it's an easy fix for someone who know postfix and libressl code well. On my side I don't know how to help more. Best Regards.
Heh, I've come here to create a new PR and someone has already done it :) Just to add my 3 cents: LIBRESSL_VERSION_NUMBER is actually 0x2050100fL, but the behaviour I get from Postfix is exactly the same.
Thanks for your comment! :-) I spent quite a few hours on this problem :-/ Yes, I saw the version was "0x2050100fL", but in the "patch-src_tls_tls__dh.c" file, the tests regarding OPENSSL_VERSION_NUMBER compare with "0x1000200fUL". I thought "UL" meant "unsigned long", but I may be wrong? I'm not sure why it's defined as long and tested as unsigned long. In OpenSSL 1.0.2k, it's "# define OPENSSL_VERSION_NUMBER 0x100020bfL". In LibreSSL 2.5.1, there's: "#define LIBRESSL_VERSION_NUMBER 0x2050100fL" and: "#define OPENSSL_VERSION_NUMBER 0x20000000L"
(In reply to OlivierW from comment #2) LIBRESSL_VERSION_NUMBER doesn't seem to be an issue here. I completely removed the #if #endif blocks mentioning OPENSSL_VERSION_NUMBER >= number of version 1.0.2, making the code in those blocks to be build unconditionally, but ECDHE still doesn't work and there's no message in logs.
Hm, maybe you see the same issue that was reported on the tech@ list https://marc.info/?t=148596023500003&r=1&w=2
(In reply to Olli Hauer from comment #4) It may be possible. I've also compiled the latest Haproxy 1.8 snapshot with support for "curves" setting which can enable X25519 (using the new OpenSSL auto API). However, after I had set it up, ECDHE silently fails (same symptoms as with Postfix). Using the old API works. So it may be that the problem isn't with Postfix, but LibreSSL itself.
Created attachment 179639 [details] patch (In reply to Piotr Kubaj from comment #5) It seems like OpenBSD guys have found the issue: https://github.com/openbsd/ports/blob/master/mail/postfix/snapshot/patches/patch-src_tls_tls_dh_c The patch has to be modified not to break LibreSSL 2.4. I have verified that Postfix does ECDHE with the attached patch.
Hello, Piotr, yes, removing completely the conditionnal directives has the same effect as changing them the way I did when you're using LibreSSL 2.5.1. I just wanted a "clean" modification to still be compatible with old LibreSSL and OpenSSL (I was hoping it was the only easy fix needed... :-( ). You're right, the problem may be in LibreSSL. Or in both Postfix and Haproxy? I've no idea. Can someone test one of this software with OpenSSL 1.0.2? Or I'll try later this week. Olli, I'm not sure it's the same problem. It looks like Andreas used "x25519" instead of "X25519": https://marc.info/?l=openbsd-tech&m=148628961219628&w=2 I also made this same mistake when first setting up nginx... because all others curves are in lowercase. But as I said in my first message, it does work with nginx, in the same way stated in this message: https://marc.info/?l=openbsd-tech&m=148627690217342&w=2 Best Regards.
(In reply to Piotr Kubaj from comment #6) Nice find! If I'm not wrong, replacing: "+#if OPENSSL_VERSION_NUMBER < 0x10100000UL || defined(LIBRESSL_VERSION_NUMBER)" with: "+#if OPENSSL_VERSION_NUMBER < 0x10100000UL || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2050100fUL)" should work for all version of LibreSSL.
(In reply to OlivierW from comment #8) Well, in fact the patch may not need to be changed: SSL_CTX_set_ecdh_auto() is defined since at least LibreSSL 2.2.2, the same version which also got LIBRESSL_VERSION_NUMBER. So this patch prevents the use of the new SSL_CTX_set1_curves().
Created attachment 179641 [details] patch Thanks for the info! In that case, I attach the ready patch.
(In reply to Piotr Kubaj from comment #10) Thanks for your patch! I haven't tried it yet. I have a question: is it normal your patch touch several files while I think it should only modify "Makefile" and "patch-src_tls_tls__dh.c"? I may be wrong, I'm quite new in the FreeBSD world. For now I've tried compiling postfix-current with openssl (1.0.2k) and openssl-devel (1.1.0d). With 1.0.2, I could successfully get "Server Temp Key: ECDH, P-256, 256 bits" and "Server Temp Key: ECDH, P-384, 384 bits" with this commands: "/usr/local/bin/openssl s_client -starttls smtp -crlf -connect my-server:25 -groups P-256" "/usr/local/bin/openssl s_client -starttls smtp -crlf -connect my-server:25 -groups P-384" With 1.1.0d, I could get the same result as with 1.0.2k and also: "Server Temp Key: ECDH, X25519, 253 bits" with: "/usr/local/bin/openssl s_client -starttls smtp -crlf -connect my-server:25 -groups X25519"
(In reply to OlivierW from comment #11) I generated the patch using makepatch, which also regenerated other patches. This is completely harmless and doesn't actually change the code (except for the tls_dh.c file).
(In reply to Piotr Kubaj from comment #12) Ah, ok, thanks!
(In reply to Piotr Kubaj from comment #10) I've just tested your patch and I can confirm now Postfix gives the same results as in comment #11. And no more warning in its logs.
Created attachment 180193 [details] patch Updated patch for 3.2-RC1.
Hm, since the patch does only build against libressl-devel it is holding me back at the moment. The time 3.2.0 or 3.2.1 is released it will eventually replace 3.1.4 in the tree and then it should build also against base openssl or libressl to avoid ssl issues on existing systems. Perhaps it is possible to get it work as extra patch if libressl-devel is detected
Created attachment 180229 [details] patch Sure. Please check the attached patch. It builds on 10.3-RELEASE with base OpenSSL or LibreSSL 2.5.1.
Created attachment 180231 [details] patch The corrected patch.
Created attachment 180532 [details] patch Update to stable 3.2.0. Regenerate patches. Fixes build with LibreSSL 2.4. Test builds done on Poudriere with 10.3-RELEASE and base OpenSSL, LibreSSL 2.4.5 and LibreSSL 2.5.1.
(In reply to Piotr Kubaj from comment #19) Hello, Sorry for my late answer, I've been quite busy. Thanks for your new patch, I've just compiled postfix 3.2.0 stable with the new libressl-devel 2.5.2 on FreeBSD 11. It works perfectly! I think there's a small mistake in your patch. You have: +.if ${SSL_DEFAULT:Mlibressl} +EXTRA_PATCHES= ${FILESDIR}/libressl-patch-src_tls_tls__dh.c +.endif but there's no "libressl-patch-src_tls_tls__dh.c", only "libressl-devel-patch-src_tls_tls__dh.c" Best Regards, Olivier
Created attachment 182015 [details] patch Updated patch to support only LibreSSL 2.5 (2.4 is not in ports anymore). Builds fine on Poudriere with 10.3-RELEASE with both base OpenSSL and security/libressl.
Created attachment 182584 [details] svn diff for mail/postfix ``` mail/postfix: Fix x25519 kex with LibreSSL - Add patches for LibreSSL PR: 216790 Obtained from: OpenBSD ports ``` Hi Olli, Please let me know if I should take this. Cheers, Bernard.
Created attachment 182586 [details] svn diff for mail/postfix-current Similar patch but for latest version of postfix-current.
(In reply to Bernard Spil from comment #23) Hello, Thanks a lot Bernard! I've just tested your patch on postfix-current 3.3.20170502,5 compiled with libressl-devel 2.5.4 and it does work. Best Regards.
A commit references this bug: Author: brnrd Date: Sat May 20 18:34:56 UTC 2017 New revision: 441329 URL: https://svnweb.freebsd.org/changeset/ports/441329 Log: mail/postfix: Fix x25519 kex with LibreSSL PR: 216790 Obtained from: OpenBSD ports Approved by: ohauer (maintainer) Changes: head/mail/postfix/files/patch-src_tls_tls.h head/mail/postfix/files/patch-src_tls_tls__dh.c
A commit references this bug: Author: brnrd Date: Sat May 20 18:49:11 UTC 2017 New revision: 441330 URL: https://svnweb.freebsd.org/changeset/ports/441330 Log: mail/postfix-current: Fix x25519 kex with LibreSSL - Add patches for LibreSSL PR: 216790 Obtained from: OpenBSD ports Approved by: ohauer (maintainer) Changes: head/mail/postfix-current/files/patch-src_tls_tls.h head/mail/postfix-current/files/patch-src_tls_tls__dh.c