[Bug 1709193] Re: Unable to use TLSv1.1 or 1.2 with OpenSSL compat layer

Simon Déziel Fri, 11 Aug 2017 09:31:12 -0700

** Description changed:

+ [Impact]
+ 
+ Applications using GnuTLS OpenSSL compat layer [1] are be unable to use
+ modern TLS versions (1.1 and 1.2) when relying on the
+ SSLv23_{client,server}_method functions.
+ 
+ There is an industry-wide push to use modern TLS versions, see [2] and
+ [3] for example.
+ 
+ The proposed fix changes the compat layer to use GnuTLS' "NORMAL"
+ priority [4] instead of hard-coding which protocol versions and ciphers
+ to enable.
+ 
+ [Test Case]
+ 
+ 1) Setup a mail submission server that uses StartTLS
+ 2) Setup sSMTP (uses GnuTLS OpenSSL compat layer) to relay
+    through the mail relay using StartTLS
+ 3) Send an email while capturing with tcpdump/tshark
+ 4) Inspect the submission connection (TCP/587) and look for the protocol
+    version negotiated by the client.
+ 
+ Without the fix, you should see TLSv1.0. With the fix, it should be
+ TLSv1.2.
+ 
+ Please see the original issue description for more details.
+ 
+ [Regression Potential]
+ 
+ Regression risk should be low since it's a backport of a simple fix that
+ landed in Debian in April 2017.
+ 
+ [References]
+ 
+ 1: $ apt-cache rdepends libgnutls-openssl27
+ libgnutls-openssl27
+ Reverse Depends:
+   libgnutls-dev
+   libgnutls-dev
+   zoneminder
+   yaskkserv
+   tf5
+   ssmtp
+   snowdrop
+   sngrep
+   slrnpull
+   slrn
+   sipsak
+   macopix-gtk2
+   gnss-sdr
+   gkrellm
+   freewheeling
+   boinctui
+   iputils-ping
+   
+ 2: https://lists.debian.org/debian-devel-announce/2017/08/msg00004.html
+ 3: https://blog.pcisecuritystandards.org/migrating-from-ssl-and-early-tls
+ 4: https://gnutls.org/manual/html_node/Priority-Strings.html
+ 
+ 
+ [Original issue description]
+ 
  sSMTP is limited to using TLSv1.0 and the "old" ciphers that come with
  it. Here's a packet capture when ssmtp connects to smtp.sdeziel.info:587
  that offers TLSv1.0 and higher:
  
  $ tshark -ta -Vr submission.pcap | sed -n '/^Frame 14:/,/^Frame 15:/ p' | 
grep -E '^[[:space:]]+(Version|Cipher|Handshake Protocol)'
-         Version: TLS 1.0 (0x0301)
-         Handshake Protocol: Client Hello
-             Version: TLS 1.0 (0x0301)
-             Cipher Suites Length: 30
-             Cipher Suites (15 suites)
-                 Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
-                 Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
-                 Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)
-                 Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)
-                 Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
-                 Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
-                 Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
-                 Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)
-                 Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)
-                 Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
-                 Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
-                 Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
-                 Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)
-                 Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)
-                 Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
+         Version: TLS 1.0 (0x0301)
+         Handshake Protocol: Client Hello
+             Version: TLS 1.0 (0x0301)
+             Cipher Suites Length: 30
+             Cipher Suites (15 suites)
+                 Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
+                 Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
+                 Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)
+                 Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)
+                 Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
+                 Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
+                 Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
+                 Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)
+                 Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)
+                 Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
+                 Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
+                 Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
+                 Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)
+                 Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)
+                 Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
  
  I would expect ssmtp to use TLSv1.2 and a recent cipher like the openssl
  s_client is able to do:
  
  $ echo | openssl s_client -connect smtp.sdeziel.info:587 -starttls smtp 
2>/dev/null | grep -E '^[[:space:]]+(Protocol|Cipher)'
-     Protocol  : TLSv1.2
-     Cipher    : ECDHE-RSA-AES128-GCM-SHA256
- 
+     Protocol  : TLSv1.2
+     Cipher    : ECDHE-RSA-AES128-GCM-SHA256
  
  Additional information:
  
  $ lsb_release -rd
  Description:  Ubuntu 16.04.3 LTS
  Release:      16.04
  $ apt-cache policy ssmtp libgnutls-openssl27
  ssmtp:
-   Installed: 2.64-8ubuntu1
-   Candidate: 2.64-8ubuntu1
-   Version table:
-  *** 2.64-8ubuntu1 500
-         500 http://archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
-         100 /var/lib/dpkg/status
+   Installed: 2.64-8ubuntu1
+   Candidate: 2.64-8ubuntu1
+   Version table:
+  *** 2.64-8ubuntu1 500
+         500 http://archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
+         100 /var/lib/dpkg/status
  libgnutls-openssl27:
-   Installed: 3.4.10-4ubuntu1.3
-   Candidate: 3.4.10-4ubuntu1.3
-   Version table:
-  *** 3.4.10-4ubuntu1.3 500
-         500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 
Packages
-         500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 
Packages
-         100 /var/lib/dpkg/status
-      3.4.10-4ubuntu1 500
-         500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
+   Installed: 3.4.10-4ubuntu1.3
+   Candidate: 3.4.10-4ubuntu1.3
+   Version table:
+  *** 3.4.10-4ubuntu1.3 500
+         500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 
Packages
+         500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 
Packages
+         100 /var/lib/dpkg/status
+      3.4.10-4ubuntu1 500
+         500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
  
  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: ssmtp 2.64-8ubuntu1 [modified: etc/ssmtp/revaliases]
  ProcVersionSignature: Ubuntu 4.4.0-89.112-generic 4.4.76
  Uname: Linux 4.4.0-89-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.10
  Architecture: amd64
  Date: Mon Aug  7 18:13:33 2017
  ProcEnviron:
-  TERM=xterm
-  PATH=(custom, no user)
-  LANG=en_US.UTF-8
-  SHELL=/bin/bash
+  TERM=xterm
+  PATH=(custom, no user)
+  LANG=en_US.UTF-8
+  SHELL=/bin/bash
  SourcePackage: ssmtp
  UpgradeStatus: No upgrade log present (probably fresh install)
  modified.conffile..etc.ssmtp.revaliases: [modified]
  mtime.conffile..etc.ssmtp.revaliases: 2017-08-05T13:44:06.274302


-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1709193

Title:
  Unable to use TLSv1.1 or 1.2 with OpenSSL compat layer

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1709193/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1709193] Re: Unable to use TLSv1.1 or 1.2 with OpenSSL compat layer

Reply via email to