We have logged this problem with some of our e-mail correspondents:
Jan 2 11:32:20 mx31 postfix-p25/smtpd[55167]: connect from
rockmx03.rockwool.com[195.191.109.227]
Jan 2 11:32:20 mx31 postfix-p25/smtpd[55167]: SSL_accept error from
rockmx03.rockwool.com[195.191.109.227]: -1
Jan 2 11:32:20 mx31 postfix-p25/smtpd[55167]: lost connection after
STARTTLS from rockmx03.rockwool.com[195.191.109.227]
Jan 2 11:32:20 mx31 postfix-p25/smtpd[55167]: disconnect from
rockmx03.rockwool.com[195.191.109.227] ehlo=1 starttls=0/1
commands=1/2
When I connect to the sender I see this:
openssl s_client -connect rockmx03.rockwool.com:25 -starttls smtp
CONNECTED(00000003)
depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign
Root CA
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization
Validation CA - SHA256 - G2
verify return:1
depth=0 C = DK, ST = Hedehusene, L = Hedehusene, OU = Group IT, O =
Rockwool International A/S, CN = rockmx03.rockwool.com
verify return:1
---
Certificate chain
0 s:C = DK, ST = Hedehusene, L = Hedehusene, OU = Group IT, O =
Rockwool International A/S, CN = rockmx03.rockwool.com
i:C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization
Validation CA - SHA256 - G2
1 s:C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization
Validation CA - SHA256 - G2
i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
. . .
issuer=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization
Validation CA - SHA256 - G2
---
No client certificate CA names sent
Peer signing digest: MD5-SHA1
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3348 bytes and written 492 bytes
Verification: OK
---
New, TLSv1.0, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : ECDHE-RSA-AES256-SHA
Session-ID:
CE4800003053F9E7B2DC6821EE8E9FE2F362B9EDEB4751BB203252D637B32DB1
Session-ID-ctx:
Master-Key:
D217D8A488ED2296FBA5C9889FE88238066B2E1FD50D41F54653CA2D046667F9164CD914C4E75DCAD0C4F0B0FB83E50E
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1577982813
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
250 CHUNKING
QUIT
DONE
We recently were forced by our PCI compliance audit to change our
permissible ciphers. I speculate that this is the source of our
problem. Our revised cipher list is:
# postconf | grep tls | grep cipher
lmtp_tls_ciphers = medium
lmtp_tls_exclude_ciphers =
lmtp_tls_mandatory_ciphers = medium
lmtp_tls_mandatory_exclude_ciphers =
milter_helo_macros = {tls_version} {cipher} {cipher_bits}
{cert_subject} {cert_issuer}
smtp_tls_ciphers = high
smtp_tls_exclude_ciphers = MD5, aDSS, SRP, PSK, aECDH, aDH, SEED,
IDEA, RC2, RC4, RC5, DES, 3DES
smtp_tls_mandatory_ciphers = high
smtp_tls_mandatory_exclude_ciphers =
smtpd_tls_ciphers = high
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK,
aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, KRB5-DES, CBC3-SHA
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers =
tls_export_cipherlist =
aNULL:-aNULL:HIGH:MEDIUM:LOW:EXPORT:+RC4:@STRENGTH
tls_high_cipherlist = aNULL:-aNULL:HIGH:@STRENGTH
tls_low_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:LOW:+RC4:@STRENGTH
tls_medium_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH
tls_null_cipherlist = eNULL:!aNULL
tls_preempt_cipherlist = no
tls_session_ticket_cipher = aes-256-cbc
tlsproxy_tls_ciphers = $smtpd_tls_ciphers
tlsproxy_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
tlsproxy_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers
tlsproxy_tls_mandatory_exclude_ciphers =
$smtpd_tls_mandatory_exclude_ciphers
If I try to connect to our MX using ECDHE-RSA-AES256-SHA this succeeds:
openssl s_client -cipher ECDHE-RSA-AES256-SHA -connect
mx31.harte-lyne.ca:25 -starttls smtp -CAfile
/usr/local/etc/pki/tls/certs/ca-bundle.crt
CONNECTED(00000003)
. . .
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 8146 bytes and written 383 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
250 SMTPUTF8
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
. . .
I do not understand what the problem is; or rather how to fix the
STARTTLS negotiation issue.
I point out that this problem is affects very few of our
correspondents (two at the moment) and both are located in the EU.
I would appreciate any guidance as to how to correct this issue
without running afoul of the PCI DSS.
Thanks,
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:byrn...@harte-lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
