postfix & TLS1.3 problems


today I noticed a significant amount of TLS failures in my postfix log.

Oct 11 17:43:35 mta postfix/smtpd[23847]: SSL_accept error from
client.example[]:34152: -1

I traced some sessions and found the problematic client is announcing
the special cipher "TLS_FALLBACK_SCSV"
in a TLSv1.2 ClientHello message. Now, as my server support TLSv1.3,
my SSL library (openssl-1.1.1) assume a downgrade attack an close the
connection with an SSL error message "inappropriate fallback"

The core issue is a client with a nonconforming TLS implementation.

To circumvent the problem I tried to disable TLS1.3 on my server by setting
smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1.3

But that does not help.
The Client still fail an deliver the message by falling back to plain text :-/

The only option to force encrypted traffic again would be a library
downgrade on my side.
Any other suggestions?



Re: postfix & TLS1.3 problems

By Viktor Dukhovni at 10/11/2018 - 12:53

Any idea what software these clients are running? Are they at all
likely to fix this any time soon?

Support for OpenSSL 1.1.1 and TLS 1.3 is on the list of fixes slated
for Postfix 3.4, and some may then be backported to patch levels
of earlier releases.

In the meantime, try:

tls_ssl_options = 0x20000000

which corresponds to SSL_OP_NO_TLSv1_3. I am not aware of any
method to accept the "downgrade" to TLS 1.2 without disabling TLS
1.3 for clients that do have correct implementations.