Unable to use TLSv1.1 or 1.2 with OpenSSL compat layer
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
gnutls26 (Ubuntu) | ||||||
Trusty |
Won't Fix
|
Medium
|
Unassigned | |||
gnutls28 (Debian) |
Fix Released
|
Unknown
|
||||
gnutls28 (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | |||
Trusty |
Won't Fix
|
Medium
|
Unassigned | |||
Xenial |
Fix Released
|
Medium
|
Unassigned | |||
Zesty |
Fix Released
|
Medium
|
Unassigned | |||
Artful |
Fix Released
|
Medium
|
Unassigned |
Bug Description
[Impact]
Applications using GnuTLS OpenSSL compat layer [1] are be unable to use modern TLS versions (1.1 and 1.2) when relying on the SSLv23_
There is an industry-wide push to use modern TLS versions, see [2] and [3] for example.
The proposed fix changes the compat layer to use GnuTLS' "NORMAL" priority [4] instead of hard-coding which protocol versions and ciphers to enable.
[Test Case]
1) Setup a mail submission server that uses StartTLS
2) Setup sSMTP (uses GnuTLS OpenSSL compat layer) to relay
through the mail relay using StartTLS
3) Send an email while capturing with tcpdump/tshark
4) Inspect the submission connection (TCP/587) and look for the protocol
version negotiated by the client.
Without the fix, you should see TLSv1.0. With the fix, it should be TLSv1.2.
Please see the original issue description for more details.
[Regression Potential]
Regression risk should be low since it's a backport of a simple fix that landed in Debian in April 2017.
[References]
1: $ apt-cache rdepends libgnutls-openssl27
libgnutls-openssl27
Reverse Depends:
libgnutls-dev
libgnutls-dev
zoneminder
yaskkserv
tf5
ssmtp
snowdrop
sngrep
slrnpull
slrn
sipsak
macopix-gtk2
gnss-sdr
gkrellm
freewheeling
boinctui
iputils-ping
2: https:/
3: https:/
4: https:/
[Original issue description]
sSMTP is limited to using TLSv1.0 and the "old" ciphers that come with it. Here's a packet capture when ssmtp connects to smtp.sdeziel.
$ tshark -ta -Vr submission.pcap | sed -n '/^Frame 14:/,/^Frame 15:/ p' | grep -E '^[[:space:
Version: TLS 1.0 (0x0301)
Handshake Protocol: Client Hello
Cipher Suites Length: 30
Cipher Suites (15 suites)
I would expect ssmtp to use TLSv1.2 and a recent cipher like the openssl s_client is able to do:
$ echo | openssl s_client -connect smtp.sdeziel.
Protocol : TLSv1.2
Cipher : ECDHE-RSA-
Additional information:
$ lsb_release -rd
Description: Ubuntu 16.04.3 LTS
Release: 16.04
$ apt-cache policy ssmtp libgnutls-openssl27
ssmtp:
Installed: 2.64-8ubuntu1
Candidate: 2.64-8ubuntu1
Version table:
*** 2.64-8ubuntu1 500
500 http://
100 /var/lib/
libgnutls-
Installed: 3.4.10-4ubuntu1.3
Candidate: 3.4.10-4ubuntu1.3
Version table:
*** 3.4.10-4ubuntu1.3 500
500 http://
500 http://
100 /var/lib/
3.
500 http://
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: ssmtp 2.64-8ubuntu1 [modified: etc/ssmtp/
ProcVersionSign
Uname: Linux 4.4.0-89-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.10
Architecture: amd64
Date: Mon Aug 7 18:13:33 2017
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: ssmtp
UpgradeStatus: No upgrade log present (probably fresh install)
modified.
mtime.conffile.
no longer affects: | ssmtp |
Changed in ssmtp (Ubuntu): | |
status: | New → Invalid |
summary: |
- Unable to use TLSv1.1 or 1.2 + Unable to use TLSv1.1 or 1.2 with OpenSSL compat layer |
Changed in gnutls28 (Debian): | |
status: | Unknown → Fix Released |
Changed in gnutls26 (Ubuntu Trusty): | |
status: | New → Confirmed |
Changed in gnutls26 (Ubuntu Xenial): | |
status: | New → Invalid |
Changed in gnutls26 (Ubuntu Zesty): | |
status: | New → Invalid |
Changed in gnutls26 (Ubuntu Artful): | |
status: | New → Invalid |
Changed in ssmtp (Ubuntu Trusty): | |
status: | New → Invalid |
Changed in ssmtp (Ubuntu Xenial): | |
status: | New → Invalid |
no longer affects: | ssmtp (Ubuntu) |
Changed in ssmtp (Ubuntu Zesty): | |
status: | New → Invalid |
Changed in gnutls28 (Ubuntu Trusty): | |
status: | New → Won't Fix |
Changed in gnutls28 (Ubuntu Xenial): | |
status: | New → Confirmed |
Changed in gnutls28 (Ubuntu Zesty): | |
status: | New → Confirmed |
Changed in gnutls28 (Ubuntu Artful): | |
status: | New → Confirmed |
description: | updated |
no longer affects: | ssmtp (Ubuntu Trusty) |
no longer affects: | ssmtp (Ubuntu Xenial) |
no longer affects: | ssmtp (Ubuntu Zesty) |
no longer affects: | ssmtp (Ubuntu Artful) |
no longer affects: | gnutls26 (Ubuntu Xenial) |
no longer affects: | gnutls26 (Ubuntu Zesty) |
no longer affects: | gnutls26 (Ubuntu Artful) |
no longer affects: | gnutls26 (Ubuntu) |
Changed in gnutls26 (Ubuntu Trusty): | |
importance: | Undecided → Medium |
Changed in gnutls28 (Ubuntu Trusty): | |
importance: | Undecided → Medium |
Changed in gnutls28 (Ubuntu Xenial): | |
importance: | Undecided → Medium |
Changed in gnutls28 (Ubuntu Zesty): | |
importance: | Undecided → Medium |
Changed in gnutls28 (Ubuntu Artful): | |
importance: | Undecided → Medium |
tags: | removed: verification-needed |
There is a Debian patch (debian/ patches/ 01-374327- use-gnutls. patch) that changed ssmtp to link with GnuTLS OpenSSL compat layer. If I drop this patch and link with "-lssl -lcrypto", ssmtp has no problem using TLSv1.2 and AES GCM:
$ tshark -ta -Vr submission- openssl. pcap | sed -n '/^Frame 11:/,/^Frame 12:/ p' | grep -E '^[[:space: ]]+(Version| Cipher| Handshake Protocol)'
Version: TLS 1.2 (0x0303)
Cipher Suite: TLS_ECDHE_ RSA_WITH_ AES_256_ GCM_SHA384 (0xc030)
Cipher Suite: TLS_ECDHE_ RSA_WITH_ AES_128_ GCM_SHA256 (0xc02f)
Cipher Suite: TLS_EMPTY_ RENEGOTIATION_ INFO_SCSV (0x00ff)
Version: TLS 1.0 (0x0301)
Handshake Protocol: Client Hello
Cipher Suites Length: 170
Cipher Suites (85 suites)
...
...