Bug#912818: getmail: socket error ([SSL: WRONG_SIGNATURE_TYPE] wrong signature type (_ssl.c:726))

Sat, 03 Nov 2018 21:34:11 -0700 

On Sun 2018-11-04 11:26:26 +1100, Dmitry Smirnov wrote:
> Package: getmail
> Version: 5.6-1
> Severity: normal
>
> getmail no longer works after dist-upgrade to Buster:
>
> ~~~~
> SimplePOP3SSLRetriever:{USER}@iinet.net...@mail.iinet.net.au:995:
> {USER}@iinet.net.au: socket error ([SSL: WRONG_SIGNATURE_TYPE] wrong 
> signature type (_ssl.c:726))
> ~~~~
>
> I tried version 5.7-3 from "unstable" but it fails in the same way...

The problem here is with the behavior of the remote server, so i'm
closing this bug report.  If you think my analysis below is wrong, feel
free to reopen the bug report and explain why!

You can replicate the failure on buster with:

    openssl s_client -connect mail.iinet.net.au:993

In particular, the client is offering in its TLS 1.2 ClientHello a
"signature_algorithms" extension that does *not* list rsa_pkcs1_sha1
(0x0201) -- but the server goes ahead and uses that particular signature
algorithm in its ServerKeyExchange method.

The reason this is excluded is that OpenSSL 1.1.1 is more aggressive
about deprecating known-weak cryptographic algorithsm, and in 2018 that
includes SHA1.  I actually can't even get openssl to offer to accept
SHA1 any longer, and that's good :)

    openssl s_client -sigalgs RSA+SHA1:RSA+SHA256 -connect mail.iinet.net.au:993

only offers Signature Algorithm: rsa_pkcs1_sha256 (0x0401), despite
having listed RSA+SHA1!

However, you can see the same misbehavior by the server with gnutls-cli,
depending on whether you ask it to accept SHA1 signatures or not.
compare this failing command:

    gnutls-cli --priority=NORMAL:-SIGN-RSA-SHA1 mail.iinet.net.au:995

with this succeeding command:

    gnutls-cli --priority=NORMAL:+SIGN-RSA-SHA1 mail.iinet.net.au:995

So the server operator is offering TLS 1.2 without respecting the
client's signature_algorithms extension.

Feel free to forward this report to the server operator.  And they are
welcome to follow up here (whether or not we reopen the bug report) if
they want to ask questions or suggest clarifications.

Regards,

        --dkg

Attachment: signature.asc
Description: PGP signature

Reply via email to