From: Victor Duchovni (no email)
Date: Sat Mar 03 2007 - 13:01:10 EST
On Sat, Mar 03, 2007 at 03:54:31PM +0100, Sandy Drobic wrote:
> Chris St. Pierre wrote:
> > On Wed, 28 Feb 2007, Ralf Hildebrandt wrote:
> >
> >> Except for this one user with Outlook 2007. He can't -- for the life
> >> of it -- establish any TLS/SSL connection, Outlook reports a
> >> non-descript SSL error. It works for the same person with Outlook
> >> 2003, but not with 2007.
> >
> > We've seen similar problems with a handful of users, and I'm afraid we
> > never found a solution except to allow those users to use plain text
> > auth. My best guess is that one of the libraries that the broken
> > Outlook depends on has gotten hosed somehow, but we never got to the
> > bottom of it. IIRC, the Postfix logs just recorded that the client
> > tried to start a TLS/SSL connection, and then spontaneously
> > disconnected or otherwise failed.
> >
> > Best of luck to you, and let us know if you find a solution.
>
> AFAIK Victor posted some weeks ago that Exchange 2007 has a bug dealing
> with certain Ciphers. It could be that this bug is also included in
> Outlook 2007. Please check the archive.
The bug is actually in the Windows Crypto-API. It is most often observed
with Exchange 2003, but may also be observed with Exchange 2007 if used on
a Windows 2003 server. The problem is an incorrect "on-the-wire" packet
size calculation for "application-data" packets after the TLS handshake
completes. You get a problem reading the 2nd application message because
the first one has trailing garbage:
Exchange: 220 server
Postfix : EHLO client
Exchange: 250-server
Exchange: 250 STARTTLS
Postfix : STARTTLS
Exchange: 250 Ok
Postfix : SSLClientHelo
Exchange: SSLServerHelo
Postfix : ... ChangeCipherSpec (Handshake completes)
Exchange: ... ChangeCipherSpec (Handshake completes)
Postfix : SSL_APP_DATA(EHLO client)
Exchange: SSL_APP_DATA(250 server) + 5 bytes junk
Postfix : SSL_APP_DATA(MAIL FROM:<sender>)
Exchange: SSL_APP_DATA(250 Ok) + 5 bytes junk
Postfix : first group of junk bytes is a broken SSL packet: abort!
This happens when the cipher selected is either of:
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
rather than:
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
when the client restricts the cipher grade to "HIGH" (the Exchange server
offers the broken ciphers at a lower preference, and overrules the client's
cipher preferences, leading to RC4-MD5 provided that the client offers it).
With Outlook as the client, things are a bit different, because the
client's cipher preferences *are* honoured by the Postfix SMTP server,
so if Outlook prefers RC4-MD5, that's what it gets. Perhaps the cipherlist
got tweaked with Outlook 2007. If this is still the 3DES problem, the problem
would look like this:
Postfix: 220 server
Outlook: EHLO client
Postfix: 250-server
Postfix: 250 STARTTLS
Outlook: STARTTLS
Postfix: 250 Ok
Outlook: SSLClientHelo
Postfix: SSLServerHelo
Outlook: ... ChangeCipherSpec (Handshake completes)
Postfix: ... ChangeCipherSpec (Handshake completes)
Outlook: SSL_APP_DATA(EHLO client) + 5 bytes junk
Postfix: SSL_APP_DATA(250 server)
Outlook: SSL_APP_DATA(MAIL FROM:<sender>) + 5 bytes junk
Postfix : first group of junk bytes is a broken SSL packet: abort!
SSL disconnect with an error about invalid packet length/type/... after
client EHLO. To test whether using just RC4 solves the problem:
# Postfix 2.3:
tls_export_cipherlist = RC4:@STRENGTH
#
# If some clients insist on a HIGH grade cipher, throw in AES-128
# at the end, this too could break Outlook.
# tls_export_cipherlist = RC4:@STRENGTH:AES128-SHA
# Postfix 2.2
smtpd_tls_cipherlist = RC4:@STRENGTH
#
# If some clients insist on a HIGH grade cipher, throw in AES-128
# at the end, this too could break Outlook.
# smtpd_tls_cipherlist = RC4:@STRENGTH:AES128-SHA
-- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the "Reply-To" header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: <mailto:?body=unsubscribe%20postfix-users> If my response solves your problem, the best way to thank me is to not send an "it worked, thanks" follow-up. If you must respond, please put "It worked, thanks" in the "Subject" so I can delete these quickly.
|
|
|