-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Thank you very much for finding that.
I have been having the same issue for months now, and was beginning to think I might have to resort to writing a patch to the SNI code which was seemingly not inspecting deep enough into the certificates (i.e. if you had more than one hostname in the TLS cert - as in the case of a letsencrypt wildcard cert - only first name was being matched). Turns out I was wrong, but I hadn't had the time to sit down and properly debug the issue. I had the "smtpd_tls_eecdh_grade" set to "strong", after removing it from the main.cf file and letting it default I can verify that the starttls sni all works on my servers. On Tue, 2020-06-09 at 19:22 -0400, Viktor Dukhovni wrote: > > On Jun 9, 2020, at 1:07 PM, Viktor Dukhovni <postfix-us...@dukhovni.org > > > wrote: > > > > > May 26 22:38:58 myserver postfix/smtpd[72379]: warning: key at index > > > 1 in SNI data for smtp.myserver.eu does not match next certificate > > > May 26 22:38:58 myserver postfix/smtpd[72379]: warning: TLS library > > > problem: error:1426D121:SSL routines:ssl_set_cert_and_key:not > > > replacing certificate:../ssl/ssl_rsa.c:1107: > > > > The second message is the real problem, OpenSSL believes it already has > > a certificate loaded for that algorithm, which should not be the case. > > The new key then does not match the already installed certificate. But > > there shouldn't be one already loaded. > > Amazingly enough the issue seems to be caused by an obsolete, and > seemingly unrelated setting in the OP's main.cf file: > > smtpd_tls_eecdh_grade = ultra > > This predates support for automatic negotiated EC curve selection > in OpenSSL, and is now just a bad idea. The default "auto" setting > is the only correct one to use. That said, how this breaks loading > of RSA certificate chains is rather a deep mystery I shall pursue > with the OpenSSL team. > > The OP also has other excessive fine-tuning of the TLS stack that > is somewhat counter-productive. > > * 4096 bit RSA cert > * TLS 1.0 disabled > * Overly specific cipherlist > * ... > > For SMTP, try to have modest, but broadly interoperable expectations > of security that raise the ceiling rather than the floor. > > https://tools.ietf.org/rfc7435 > - -- Nikolai Lusan <niko...@lusan.id.au> -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEVfd4GW6z4nsBxdLo4ZaDRV2VL6QFAl7jnRAACgkQ4ZaDRV2V L6QovQ/9GhBj69ncJVApi6vKtGUvY5lxe/Epff5knj49LTh1c+s1gN3VWMowvYwz hmXkZQeeA5s/5m1Lp3W+3ZAeyIjoGqP4MQNfrNjQB+HtK6sdq/eVD55saRBAn8Lx mIRCmfvEK0HeojL2PEVpW3SI/39Hzs9DqyNkFBu4l1d8x1GFf2abSgewBBGye9Zo J+nORi6Hf1jBHCj/euuFGrr5N1nSNKq/lpP4bGXJxTKH0nwEEazIAhp+C8xdbgry UOZyLJvmuwMIQk/MUb7q4NU/XdjLW95GAugkg+8pFdcdkF08c+TO2ARwNuJPzQRm XNgd+VyV8uhrP4+DoVc0aL+76tmSu3lchap8HYLSxq+H+WhgOdKTCrBsQl1rw9od vUJ62BqI9a/7lskYu6yT1tjhgGjle4S8stDXln1efKQfTLuX/q17xqjLR0RRCHod gaoDERDsYJAOriMlG3KzTO96kTDNtqJT41LPIG188XUb6zQ9r+0vpoyU65HKugNx Lv0HApEsvEo25BIWSsMbTALX2mr62IJQ7K3AqyafZYDGdg+H06aOhBj5dQRlr6QF 0Pys7yp4KMJoy/kqwanQI9Rd1EtDW5+L97qyARmqtQ2TdOmxOL8ayte5spF/c9Ks 4SWCcMMFifSJ34xfZ48nwtZCampOAM/3aHlb3LweN+FB6bQaaIA= =o4N+ -----END PGP SIGNATURE-----
