[Bug 1709193] Re: Unable to use TLSv1.1 or 1.2 with OpenSSL compat layer

Simon Déziel 1709193 at bugs.launchpad.net
Fri Aug 11 16:25:21 UTC 2017


** Description changed:

+ [Impact]
+ 
+ Applications using GnuTLS OpenSSL compat layer [1] are be unable to use
+ modern TLS versions (1.1 and 1.2) when relying on the
+ SSLv23_{client,server}_method functions.
+ 
+ There is an industry-wide push to use modern TLS versions, see [2] and
+ [3] for example.
+ 
+ The proposed fix changes the compat layer to use GnuTLS' "NORMAL"
+ priority [4] instead of hard-coding which protocol versions and ciphers
+ to enable.
+ 
+ [Test Case]
+ 
+ 1) Setup a mail submission server that uses StartTLS
+ 2) Setup sSMTP (uses GnuTLS OpenSSL compat layer) to relay
+    through the mail relay using StartTLS
+ 3) Send an email while capturing with tcpdump/tshark
+ 4) Inspect the submission connection (TCP/587) and look for the protocol
+    version negotiated by the client.
+ 
+ Without the fix, you should see TLSv1.0. With the fix, it should be
+ TLSv1.2.
+ 
+ Please see the original issue description for more details.
+ 
+ [Regression Potential]
+ 
+ Regression risk should be low since it's a backport of a simple fix that
+ landed in Debian in April 2017.
+ 
+ [References]
+ 
+ 1: $ apt-cache rdepends libgnutls-openssl27
+ libgnutls-openssl27
+ Reverse Depends:
+   libgnutls-dev
+   libgnutls-dev
+   zoneminder
+   yaskkserv
+   tf5
+   ssmtp
+   snowdrop
+   sngrep
+   slrnpull
+   slrn
+   sipsak
+   macopix-gtk2
+   gnss-sdr
+   gkrellm
+   freewheeling
+   boinctui
+   iputils-ping
+   
+ 2: https://lists.debian.org/debian-devel-announce/2017/08/msg00004.html
+ 3: https://blog.pcisecuritystandards.org/migrating-from-ssl-and-early-tls
+ 4: https://gnutls.org/manual/html_node/Priority-Strings.html
+ 
+ 
+ [Original issue description]
+ 
  sSMTP is limited to using TLSv1.0 and the "old" ciphers that come with
  it. Here's a packet capture when ssmtp connects to smtp.sdeziel.info:587
  that offers TLSv1.0 and higher:
  
  $ tshark -ta -Vr submission.pcap | sed -n '/^Frame 14:/,/^Frame 15:/ p' | grep -E '^[[:space:]]+(Version|Cipher|Handshake Protocol)'
-         Version: TLS 1.0 (0x0301)
-         Handshake Protocol: Client Hello
-             Version: TLS 1.0 (0x0301)
-             Cipher Suites Length: 30
-             Cipher Suites (15 suites)
-                 Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
-                 Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
-                 Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)
-                 Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)
-                 Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
-                 Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
-                 Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
-                 Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)
-                 Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)
-                 Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
-                 Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
-                 Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
-                 Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)
-                 Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)
-                 Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
+         Version: TLS 1.0 (0x0301)
+         Handshake Protocol: Client Hello
+             Version: TLS 1.0 (0x0301)
+             Cipher Suites Length: 30
+             Cipher Suites (15 suites)
+                 Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
+                 Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
+                 Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)
+                 Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)
+                 Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
+                 Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
+                 Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
+                 Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)
+                 Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)
+                 Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
+                 Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
+                 Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
+                 Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)
+                 Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)
+                 Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
  
  I would expect ssmtp to use TLSv1.2 and a recent cipher like the openssl
  s_client is able to do:
  
  $ echo | openssl s_client -connect smtp.sdeziel.info:587 -starttls smtp 2>/dev/null | grep -E '^[[:space:]]+(Protocol|Cipher)'
-     Protocol  : TLSv1.2
-     Cipher    : ECDHE-RSA-AES128-GCM-SHA256
- 
+     Protocol  : TLSv1.2
+     Cipher    : ECDHE-RSA-AES128-GCM-SHA256
  
  Additional information:
  
  $ lsb_release -rd
  Description:	Ubuntu 16.04.3 LTS
  Release:	16.04
  $ apt-cache policy ssmtp libgnutls-openssl27
  ssmtp:
-   Installed: 2.64-8ubuntu1
-   Candidate: 2.64-8ubuntu1
-   Version table:
-  *** 2.64-8ubuntu1 500
-         500 http://archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
-         100 /var/lib/dpkg/status
+   Installed: 2.64-8ubuntu1
+   Candidate: 2.64-8ubuntu1
+   Version table:
+  *** 2.64-8ubuntu1 500
+         500 http://archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
+         100 /var/lib/dpkg/status
  libgnutls-openssl27:
-   Installed: 3.4.10-4ubuntu1.3
-   Candidate: 3.4.10-4ubuntu1.3
-   Version table:
-  *** 3.4.10-4ubuntu1.3 500
-         500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
-         500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
-         100 /var/lib/dpkg/status
-      3.4.10-4ubuntu1 500
-         500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
+   Installed: 3.4.10-4ubuntu1.3
+   Candidate: 3.4.10-4ubuntu1.3
+   Version table:
+  *** 3.4.10-4ubuntu1.3 500
+         500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
+         500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
+         100 /var/lib/dpkg/status
+      3.4.10-4ubuntu1 500
+         500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
  
  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: ssmtp 2.64-8ubuntu1 [modified: etc/ssmtp/revaliases]
  ProcVersionSignature: Ubuntu 4.4.0-89.112-generic 4.4.76
  Uname: Linux 4.4.0-89-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.10
  Architecture: amd64
  Date: Mon Aug  7 18:13:33 2017
  ProcEnviron:
-  TERM=xterm
-  PATH=(custom, no user)
-  LANG=en_US.UTF-8
-  SHELL=/bin/bash
+  TERM=xterm
+  PATH=(custom, no user)
+  LANG=en_US.UTF-8
+  SHELL=/bin/bash
  SourcePackage: ssmtp
  UpgradeStatus: No upgrade log present (probably fresh install)
  modified.conffile..etc.ssmtp.revaliases: [modified]
  mtime.conffile..etc.ssmtp.revaliases: 2017-08-05T13:44:06.274302

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1709193

Title:
  Unable to use TLSv1.1 or 1.2 with OpenSSL compat layer

Status in gnutls26 package in Ubuntu:
  Invalid
Status in gnutls28 package in Ubuntu:
  Fix Committed
Status in gnutls26 source package in Trusty:
  In Progress
Status in gnutls28 source package in Trusty:
  Won't Fix
Status in ssmtp source package in Trusty:
  Invalid
Status in gnutls26 source package in Xenial:
  Invalid
Status in gnutls28 source package in Xenial:
  In Progress
Status in ssmtp source package in Xenial:
  Invalid
Status in gnutls26 source package in Zesty:
  Invalid
Status in gnutls28 source package in Zesty:
  In Progress
Status in ssmtp source package in Zesty:
  Invalid
Status in gnutls26 source package in Artful:
  Invalid
Status in gnutls28 source package in Artful:
  Fix Committed
Status in ssmtp source package in Artful:
  Invalid
Status in gnutls28 package in Debian:
  Fix Released

Bug description:
  [Impact]

  Applications using GnuTLS OpenSSL compat layer [1] are be unable to
  use modern TLS versions (1.1 and 1.2) when relying on the
  SSLv23_{client,server}_method functions.

  There is an industry-wide push to use modern TLS versions, see [2] and
  [3] for example.

  The proposed fix changes the compat layer to use GnuTLS' "NORMAL"
  priority [4] instead of hard-coding which protocol versions and
  ciphers to enable.

  [Test Case]

  1) Setup a mail submission server that uses StartTLS
  2) Setup sSMTP (uses GnuTLS OpenSSL compat layer) to relay
     through the mail relay using StartTLS
  3) Send an email while capturing with tcpdump/tshark
  4) Inspect the submission connection (TCP/587) and look for the protocol
     version negotiated by the client.

  Without the fix, you should see TLSv1.0. With the fix, it should be
  TLSv1.2.

  Please see the original issue description for more details.

  [Regression Potential]

  Regression risk should be low since it's a backport of a simple fix
  that landed in Debian in April 2017.

  [References]

  1: $ apt-cache rdepends libgnutls-openssl27
  libgnutls-openssl27
  Reverse Depends:
    libgnutls-dev
    libgnutls-dev
    zoneminder
    yaskkserv
    tf5
    ssmtp
    snowdrop
    sngrep
    slrnpull
    slrn
    sipsak
    macopix-gtk2
    gnss-sdr
    gkrellm
    freewheeling
    boinctui
    iputils-ping
    
  2: https://lists.debian.org/debian-devel-announce/2017/08/msg00004.html
  3: https://blog.pcisecuritystandards.org/migrating-from-ssl-and-early-tls
  4: https://gnutls.org/manual/html_node/Priority-Strings.html

  
  [Original issue description]

  sSMTP is limited to using TLSv1.0 and the "old" ciphers that come with
  it. Here's a packet capture when ssmtp connects to
  smtp.sdeziel.info:587 that offers TLSv1.0 and higher:

  $ tshark -ta -Vr submission.pcap | sed -n '/^Frame 14:/,/^Frame 15:/ p' | grep -E '^[[:space:]]+(Version|Cipher|Handshake Protocol)'
          Version: TLS 1.0 (0x0301)
          Handshake Protocol: Client Hello
              Version: TLS 1.0 (0x0301)
              Cipher Suites Length: 30
              Cipher Suites (15 suites)
                  Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
                  Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
                  Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)
                  Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)
                  Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
                  Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
                  Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
                  Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)
                  Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)
                  Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
                  Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
                  Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
                  Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)
                  Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)
                  Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)

  I would expect ssmtp to use TLSv1.2 and a recent cipher like the
  openssl s_client is able to do:

  $ echo | openssl s_client -connect smtp.sdeziel.info:587 -starttls smtp 2>/dev/null | grep -E '^[[:space:]]+(Protocol|Cipher)'
      Protocol  : TLSv1.2
      Cipher    : ECDHE-RSA-AES128-GCM-SHA256

  Additional information:

  $ lsb_release -rd
  Description:	Ubuntu 16.04.3 LTS
  Release:	16.04
  $ apt-cache policy ssmtp libgnutls-openssl27
  ssmtp:
    Installed: 2.64-8ubuntu1
    Candidate: 2.64-8ubuntu1
    Version table:
   *** 2.64-8ubuntu1 500
          500 http://archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
          100 /var/lib/dpkg/status
  libgnutls-openssl27:
    Installed: 3.4.10-4ubuntu1.3
    Candidate: 3.4.10-4ubuntu1.3
    Version table:
   *** 3.4.10-4ubuntu1.3 500
          500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
          500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
          100 /var/lib/dpkg/status
       3.4.10-4ubuntu1 500
          500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: ssmtp 2.64-8ubuntu1 [modified: etc/ssmtp/revaliases]
  ProcVersionSignature: Ubuntu 4.4.0-89.112-generic 4.4.76
  Uname: Linux 4.4.0-89-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.10
  Architecture: amd64
  Date: Mon Aug  7 18:13:33 2017
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: ssmtp
  UpgradeStatus: No upgrade log present (probably fresh install)
  modified.conffile..etc.ssmtp.revaliases: [modified]
  mtime.conffile..etc.ssmtp.revaliases: 2017-08-05T13:44:06.274302

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1709193/+subscriptions



More information about the Ubuntu-sponsors mailing list