On Mon, Sep 11, 2023 at 09:30:27PM -0400, Alex via Postfix-users wrote: > I have a postfix-3.7.4 server with openssl-3.0.9 on fedora38 and > receiving the following errors in my logs: > > Sep 11 14:19:51 cipher postfix/smtps/smtpd[3992923]: warning: TLS library > problem: error:0A0000C1:SSL routines::no shared > cipher:ssl/statem/statem_srvr.c:2220: > > What kind of clients is this impacting?
Almost surely none. There are constant probes of submission servers by shodan and similar TLS security scans. They likely tested some outdated ciphers your server does not support. Nothing to see here, move along. [ I assume the client IP (not posted) is not one your recognise or expect to be using your submission servvice. ] > I found this post that says I can add ECDHE-RSA-AES256-SHA384 to the cipher > list to fix this. > https://encryp.ch/blog/amazon-ses-encryption-misconfiguration/ Don't believe most of the noise on the Internet, and even if generally true applicability to a particular context is often questionable. > # postconf -n|grep -E 'cipher|protocol' > smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1 > smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1 > smtpd_tls_exclude_ciphers = MD5, RC4, 3DES, IDEA, SEED, aNULL > smtpd_tls_mandatory_ciphers = high > smtpd_tls_mandatory_protocols = >=TLSv1.2 > smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1 > tls_preempt_cipherlist = yes You don't have to make any changes. I do however recommend that you don't exclude aNULL ciphers in the SMTP server. You gain nothing by doing that. https://datatracker.ietf.org/doc/html/rfc7672#section-8.2 Also the asymmetry between the server mandatory protocol syntax and that for the reset of the protocol parameters is odd, why not also the preferred, more robust, form: smtp_tls_mandatory_protocols = >=TLSv1.2 smtp_tls_protocols = >=TLSv1.2 smtpd_tls_protocols = >=TLSv1.2 Of course, I'd also allow TLS 1.0 for the non mandatory cases, since whatever else you feel might be imperfect about TLS 1.0 (little of practical relevance to SMTP), it is definitely not weaker than fallback to cleartext. And in that spirit, it is more compelling to drop obsolete ciphers in the SMTP client when TLS is mandatory than in the SMTP server on port 25 where TLS is optionally used by clients: In summary: smtp_tls_mandatory_exclude_ciphers = MD5, RC4, 3DES, IDEA, SEED smtp_tls_mandatory_protocols = >=TLSv1.2 # Let the defaults stand, by removing from main.cf: # smtp_tls_protocols = >=TLSv1 # smtpd_tls_protocols = >=TLSv1 With a sufficiently recent Postfix build, some of the exclusions are now included by default, for ciphers that I believe are essentially no longer used in practice, and whose absence is extremely unlikely to lead to cleartext fallback. The tls_{medium,high}_cipherlist parameters now include: !SEED:!IDEA:!3DES:!RC2:!RC4:!RC5:!kDH:!kECDH:!aDSS:!MD5 Which covers all the non-aNULL cases you've configured. Hope this helps. -- Viktor. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
