[openssl-project] FYI: [postfix & TLS1.3 problems]

Viktor Dukhovni openssl-users at dukhovni.org
Mon Oct 15 17:54:29 UTC 2018



> On Oct 15, 2018, at 9:19 AM, Matt Caswell <matt at openssl.org> wrote:
> 
>> Early, partial reports of the cause seem to indicate that the sending
>> side was using OpenSSL with:
>> 
>> 	SSL_CTX_set_mode(ctx, SSL_MODE_SEND_FALLBACK_SCSV);
>> 
>> seemingly despite no prior handshake failure,
> 
> Are you sure about the "no prior handshake failure" bit? If they were
> using pre6 or below then if they attempt TLSv1.3 first it will fail
> (incorrectly - it should negotiation TLSv1.2 see issue 7315). The
> fallback to TLSv1.2 with SSL_MODE_SEND_FALLBACK_SCSV set would then be
> reasonable.

No, not sure at all, but that's what the receiving system administrator
tells me the sending system administrator told him.  Perhaps they failed
to understand the docs, and always set the fallback bit.  MTAs tend to
not do complex fallback, just send in the clear if opportunistic TLS
fails, or try later and hope things work out better then.

I've not yet received further corroboration.  What do you make of the
idea of making it possible for servers to accept downgrades (to some
floor protocol version or all supported versions)?

-- 
	Viktor.



More information about the openssl-project mailing list