** Changed in: gnutls28 (Debian)
       Status: Unknown => Fix Released

You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnutls26 in Ubuntu.

  Unable to use TLSv1.1 or 1.2 with OpenSSL compat layer

Status in gnutls26 package in Ubuntu:
Status in gnutls28 package in Ubuntu:
Status in ssmtp package in Ubuntu:
Status in gnutls28 package in Debian:
  Fix Released

Bug description:
  sSMTP is limited to using TLSv1.0 and the "old" ciphers that come with
  it. Here's a packet capture when ssmtp connects to
  smtp.sdeziel.info:587 that offers TLSv1.0 and higher:

  $ tshark -ta -Vr submission.pcap | sed -n '/^Frame 14:/,/^Frame 15:/ p' | 
grep -E '^[[:space:]]+(Version|Cipher|Handshake Protocol)'
          Version: TLS 1.0 (0x0301)
          Handshake Protocol: Client Hello
              Version: TLS 1.0 (0x0301)
              Cipher Suites Length: 30
              Cipher Suites (15 suites)
                  Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
                  Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
                  Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)
                  Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)
                  Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
                  Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
                  Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
                  Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)
                  Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)
                  Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
                  Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
                  Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
                  Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)
                  Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)
                  Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)

  I would expect ssmtp to use TLSv1.2 and a recent cipher like the
  openssl s_client is able to do:

  $ echo | openssl s_client -connect smtp.sdeziel.info:587 -starttls smtp 
2>/dev/null | grep -E '^[[:space:]]+(Protocol|Cipher)'
      Protocol  : TLSv1.2
      Cipher    : ECDHE-RSA-AES128-GCM-SHA256

  Additional information:

  $ lsb_release -rd
  Description:  Ubuntu 16.04.3 LTS
  Release:      16.04
  $ apt-cache policy ssmtp libgnutls-openssl27
    Installed: 2.64-8ubuntu1
    Candidate: 2.64-8ubuntu1
    Version table:
   *** 2.64-8ubuntu1 500
          500 http://archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
          100 /var/lib/dpkg/status
    Installed: 3.4.10-4ubuntu1.3
    Candidate: 3.4.10-4ubuntu1.3
    Version table:
   *** 3.4.10-4ubuntu1.3 500
          500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 
          500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 
          100 /var/lib/dpkg/status
       3.4.10-4ubuntu1 500
          500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: ssmtp 2.64-8ubuntu1 [modified: etc/ssmtp/revaliases]
  ProcVersionSignature: Ubuntu 4.4.0-89.112-generic 4.4.76
  Uname: Linux 4.4.0-89-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.10
  Architecture: amd64
  Date: Mon Aug  7 18:13:33 2017
   PATH=(custom, no user)
  SourcePackage: ssmtp
  UpgradeStatus: No upgrade log present (probably fresh install)
  modified.conffile..etc.ssmtp.revaliases: [modified]
  mtime.conffile..etc.ssmtp.revaliases: 2017-08-05T13:44:06.274302

To manage notifications about this bug go to:

Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to