TLS handshake fails ("SSL_accept:error in error") for server->server connection (smtp submit dovecot->postfix) if /etc/pki/tls/openssl.cnf "Options=" includes 'ServerPreference' ?

PGNet Dev pgnet.dev at gmail.com
Fri Sep 25 01:43:05 UTC 2020 

On 9/24/20 5:51 PM, Viktor Dukhovni wrote:
>> again, the _only_ change between the two submissions is the addition of the "ServerPreference" option to the openssl.cnf config.
> 
> This looks like the protocol version is no longer TLS 1.3 as a result,
> and one side or the other now expects or sent the wrong protocol
> version.  For further progress a PCAP file is needed which contains a
> full capture of exactly one TCP connection corresponding to this
> failure.
> 
> You need to post A PCAP file that tshark can read with a single

> TCP session containing the failed handshake.



Been awhile since I 'de-noised' a comms dump; I'll dust off my notes, & work on getting a useful/relevant PCAP file ...

> You should check for any other non-default Postfix TLS settings that
> may have been set to poorly chosen values.

i need to re-read, again, to figure out what those might be, and what restrictions exist.

iiuc, i _should_ be able to lock this all down to specification and use of even a _single_ cipher.  it's all/only 'internal' (to my org) transport after all.

i can certainly live with a short list -- but with the goal to 'always' end up using TLS13 chacha20-poly1305 suite .

>> still not clear to me which piece(s) of that^ are having an issue with it. or why.
> 
> Ultimately, the TLS library (OpenSSL) is failing to interoperate between
> client and server after this change.  But whether this is a bug in
> OpenSSL, or a problem setting in the application is not yet clear.
> 
>> for this list, my initial question is -- *IS* it openssl's "fault"?
>> or mine, or one of the other apps'?
> 
> What are the exact OpenSSL versons on the client and server?
> Anything interesting in openssl.cnf on the client end?


The client/server are the _same_ host.  Specifically, dovecot & postfix are submission listeners on the same box -- on different ports, of course.


So they both 'experience' the same openssl.cnf


Version is

 openssl version
  OpenSSL 1.1.1g FIPS  21 Apr 2020

provided by distro pacakges on Fedora 32,

 rpm -qa | grep ssl | sort
  openssl-1.1.1g-1.fc32.x86_64
  openssl-devel-1.1.1g-1.fc32.x86_64
  openssl-libs-1.1.1g-1.fc32.x86_64

More information about the openssl-users mailing list