From ca4014de81e6aa367aa0a54c49b4c3d4b137814c Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 1 Jan 2023 12:18:38 +0000 Subject: [PATCH] OpenSSL: fix tls_eccurve setting explicit curve/group. Bug 2954 --- doc/doc-txt/ChangeLog | 4 +++ src/src/tls-openssl.c | 39 ++++++++++++++---------- test/confs/2148 | 54 ++++++++++++++++++++++++++++++++++ test/confs/2149 | 39 +++++++++++++----------- test/log/2148 | 48 ++++++++++++++++++++++++++++++ test/log/2149 | 39 ++++++++++++------------ test/paniclog/{2149 => 2148} | 0 test/scripts/2100-OpenSSL/2148 | 50 +++++++++++++++++++++++++++++++ test/scripts/2100-OpenSSL/2149 | 50 ++++++++++++++++--------------- test/stderr/2148 | 5 ++++ test/stderr/2149 | 3 -- 11 files changed, 250 insertions(+), 81 deletions(-) create mode 100644 test/confs/2148 create mode 100644 test/log/2148 rename test/paniclog/{2149 => 2148} (100%) create mode 100644 test/scripts/2100-OpenSSL/2148 create mode 100644 test/stderr/2148 diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index ee86f52d6..f51a23c9c 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -94,6 +94,10 @@ JH/19 Bug 2911: Fix a recursion in DNS lookups. Previously, if the main option whine (as this is likely a configuration error), and returning DNS_NOMATCH. +JH/20 Bug 2954: (OpenSSL) Fix setting of explicit EC curve/group. Previously + this always failed, probably leading to the usual downgrade to in-clear + connections. + Exim version 4.96 ----------------- diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index ae0986aac..4d0f99ea9 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -676,12 +676,12 @@ if (dh_bitsize <= tls_dh_max_bits) } else DEBUG(D_tls) - debug_printf("Diffie-Hellman initialized from %s with %d-bit prime\n", + debug_printf(" Diffie-Hellman initialized from %s with %d-bit prime\n", dhexpanded ? dhexpanded : US"default", dh_bitsize); } else DEBUG(D_tls) - debug_printf("dhparams '%s' %d bits, is > tls_dh_max_bits limit of %d\n", + debug_printf(" dhparams '%s' %d bits, is > tls_dh_max_bits limit of %d\n", dhexpanded ? dhexpanded : US"default", dh_bitsize, tls_dh_max_bits); #if OPENSSL_VERSION_NUMBER < 0x30000000L @@ -731,19 +731,27 @@ return TRUE; #else uschar * exp_curve; -int nid; -BOOL rv; +int nid, rc; # ifndef EXIM_HAVE_ECDH DEBUG(D_tls) - debug_printf("No OpenSSL API to define ECDH parameters, skipping\n"); + debug_printf(" No OpenSSL API to define ECDH parameters, skipping\n"); return TRUE; # else if (!expand_check(tls_eccurve, US"tls_eccurve", &exp_curve, errstr)) return FALSE; + +/* Is the option deliberately empty? */ + if (!exp_curve || !*exp_curve) + { +#if OPENSSL_VERSION_NUMBER >= 0x10002000L + DEBUG(D_tls) debug_printf( " ECDH OpenSSL 1.0.2+: clearing curves list\n"); + (void) SSL_CTX_set1_curves(sctx, &nid, 0); +#endif return TRUE; + } /* "auto" needs to be handled carefully. * OpenSSL < 1.0.2: we do not select anything, but fallback to prime256v1 @@ -756,23 +764,22 @@ if (Ustrcmp(exp_curve, "auto") == 0) { #if OPENSSL_VERSION_NUMBER < 0x10002000L DEBUG(D_tls) debug_printf( - "ECDH OpenSSL < 1.0.2: temp key parameter settings: overriding \"auto\" with \"prime256v1\"\n"); + " ECDH OpenSSL < 1.0.2: temp key parameter settings: overriding \"auto\" with \"prime256v1\"\n"); exp_curve = US"prime256v1"; #else # if defined SSL_CTRL_SET_ECDH_AUTO DEBUG(D_tls) debug_printf( - "ECDH OpenSSL 1.0.2+: temp key parameter settings: autoselection\n"); + " ECDH OpenSSL 1.0.2+: temp key parameter settings: autoselection\n"); SSL_CTX_set_ecdh_auto(sctx, 1); return TRUE; # else DEBUG(D_tls) debug_printf( - "ECDH OpenSSL 1.1.0+: temp key parameter settings: default selection\n"); + " ECDH OpenSSL 1.1.0+: temp key parameter settings: library default selection\n"); return TRUE; # endif #endif } -DEBUG(D_tls) debug_printf("ECDH: curve '%s'\n", exp_curve); if ( (nid = OBJ_sn2nid (CCS exp_curve)) == NID_undef # ifdef EXIM_HAVE_OPENSSL_EC_NIST2NID && (nid = EC_curve_nist2nid(CCS exp_curve)) == NID_undef @@ -796,23 +803,23 @@ if ( (nid = OBJ_sn2nid (CCS exp_curve)) == NID_undef /* The "tmp" in the name here refers to setting a temporary key not to the stability of the interface. */ - if ((rv = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0)) + if ((rc = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0)) tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), NULL, NULL, errstr); else - DEBUG(D_tls) debug_printf("ECDH: enabled '%s' curve\n", exp_curve); + DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' curve\n", exp_curve); EC_KEY_free(ecdh); } #else /* v 3.0.0 + */ -if ((rv = SSL_CTX_set1_groups(sctx, &nid, 1)) == 0) +if ((rc = SSL_CTX_set1_groups(sctx, &nid, 1)) == 0) tls_error(string_sprintf("Error enabling '%s' group", exp_curve), NULL, NULL, errstr); else - DEBUG(D_tls) debug_printf("ECDH: enabled '%s' group\n", exp_curve); + DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' group\n", exp_curve); #endif -return !rv; +return !!rc; # endif /*EXIM_HAVE_ECDH*/ #endif /*OPENSSL_NO_ECDH*/ @@ -1746,7 +1753,7 @@ state_server.lib_state.lib_ctx = ctx; if (opt_unset_or_noexpand(tls_dhparam)) { - DEBUG(D_tls) debug_printf("TLS: preloading DH params for server\n"); + DEBUG(D_tls) debug_printf("TLS: preloading DH params '%s' for server\n", tls_dhparam); if (init_dh(ctx, tls_dhparam, &dummy_errstr)) state_server.lib_state.dh = TRUE; } @@ -1754,7 +1761,7 @@ else DEBUG(D_tls) debug_printf("TLS: not preloading DH params for server\n"); if (opt_unset_or_noexpand(tls_eccurve)) { - DEBUG(D_tls) debug_printf("TLS: preloading ECDH curve for server\n"); + DEBUG(D_tls) debug_printf("TLS: preloading ECDH curve '%s' for server\n", tls_eccurve); if (init_ecdh(ctx, &dummy_errstr)) state_server.lib_state.ecdh = TRUE; } diff --git a/test/confs/2148 b/test/confs/2148 new file mode 100644 index 000000000..01aa76cf8 --- /dev/null +++ b/test/confs/2148 @@ -0,0 +1,54 @@ +# Exim test configuration 2148 + +SERVER = + +.include DIR/aux-var/tls_conf_prefix + +primary_hostname = myhost.test.ex + +# ----- Main settings ----- + +acl_smtp_rcpt = accept + +tls_advertise_hosts = * +tls_certificate = DIR/aux-fixed/cert1 +tls_dhparam = DATA + + +# ----- Routers ----- + +begin routers + +client: + driver = accept + condition = ${if eq {SERVER}{server}{no}{yes}} + retry_use_local_part + transport = send_to_server + +server: + driver = accept + retry_use_local_part + transport = local_delivery + + +# ----- Transports ----- + +begin transports + +local_delivery: + driver = appendfile + file = DIR/test-mail/$local_part + create_file = DIR/test-mail + headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn + user = CALLER + +send_to_server: + driver = smtp + allow_localhost + hosts = 127.0.0.1 + port = PORT_D + hosts_try_fastopen = : + tls_verify_certificates = DIR/aux-fixed/cert1 + tls_verify_cert_hostnames = : + +# End diff --git a/test/confs/2149 b/test/confs/2149 index d70cd5c63..3369288bb 100644 --- a/test/confs/2149 +++ b/test/confs/2149 @@ -10,9 +10,12 @@ primary_hostname = myhost.test.ex acl_smtp_rcpt = accept -tls_advertise_hosts = * -tls_certificate = DIR/aux-fixed/cert1 -tls_dhparam = ${if eq {SERVER}{server}{DATA}fail} +tls_advertise_hosts = * +tls_certificate = DIR/aux-fixed/cert1 + +.ifdef DATA +tls_eccurve = DATA +.endif # ----- Routers ----- @@ -20,15 +23,16 @@ tls_dhparam = ${if eq {SERVER}{server}{DATA}fail} begin routers client: - driver = accept - condition = ${if eq {SERVER}{server}{no}{yes}} + driver = accept + condition = ${if eq {SERVER}{server}{no}{yes}} retry_use_local_part - transport = send_to_server + transport = send_to_server + errors_to = "" server: - driver = accept + driver = accept retry_use_local_part - transport = local_delivery + transport = local_delivery # ----- Transports ----- @@ -36,19 +40,20 @@ server: begin transports local_delivery: - driver = appendfile - file = DIR/test-mail/$local_part - create_file = DIR/test-mail - headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn - user = CALLER + driver = appendfile + file = DIR/test-mail/$local_part + create_file = DIR/test-mail + headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn + user = CALLER send_to_server: - driver = smtp + driver = smtp allow_localhost - hosts = 127.0.0.1 - port = PORT_D - hosts_try_fastopen = : + hosts = 127.0.0.1 + port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/cert1 tls_verify_cert_hostnames = : + hosts_require_tls = * # End diff --git a/test/log/2148 b/test/log/2148 new file mode 100644 index 000000000..1be072e7e --- /dev/null +++ b/test/log/2148 @@ -0,0 +1,48 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaX-0005vi-00 => userw@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbB-0005vi-00 => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbC-0005vi-00" +1999-03-02 09:44:33 10HmbB-0005vi-00 Completed +1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbD-0005vi-00 => userz@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbE-0005vi-00" +1999-03-02 09:44:33 10HmbD-0005vi-00 Completed +1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbF-0005vi-00 => usera@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbG-0005vi-00" +1999-03-02 09:44:33 10HmbF-0005vi-00 Completed +1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbH-0005vi-00 => userb@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbI-0005vi-00" +1999-03-02 09:44:33 10HmbH-0005vi-00 Completed + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 => userw R=server T=local_delivery +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 exim x.yz daemon started: pid=p1235, no queue runs, listening for SMTP on port PORT_D +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 => userx R=server T=local_delivery +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 exim x.yz daemon started: pid=p1236, no queue runs, listening for SMTP on port PORT_D +1999-03-02 09:44:33 TLS error (D-H param setting 'TESTSUITE/aux-fixed/dh512'): error:xxxxxxxx:SSL routines::dh key too small +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbB-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmbC-0005vi-00 => usery R=server T=local_delivery +1999-03-02 09:44:33 10HmbC-0005vi-00 Completed +1999-03-02 09:44:33 exim x.yz daemon started: pid=p1237, no queue runs, listening for SMTP on port PORT_D +1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbD-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmbE-0005vi-00 => userz R=server T=local_delivery +1999-03-02 09:44:33 10HmbE-0005vi-00 Completed +1999-03-02 09:44:33 exim x.yz daemon started: pid=p1238, no queue runs, listening for SMTP on port PORT_D +1999-03-02 09:44:33 WARNING: deprecated Diffie-Hellman parameter 'ike24' used +1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbF-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmbG-0005vi-00 => usera R=server T=local_delivery +1999-03-02 09:44:33 10HmbG-0005vi-00 Completed +1999-03-02 09:44:33 exim x.yz daemon started: pid=p1239, no queue runs, listening for SMTP on port PORT_D +1999-03-02 09:44:33 WARNING: deprecated Diffie-Hellman parameter 'ike22' used +1999-03-02 09:44:33 TLS error (D-H param setting 'ike22'): error:xxxxxxxx:SSL routines::dh key too small +1999-03-02 09:44:33 10HmbI-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbH-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmbI-0005vi-00 => userb R=server T=local_delivery +1999-03-02 09:44:33 10HmbI-0005vi-00 Completed diff --git a/test/log/2149 b/test/log/2149 index 1be072e7e..0d4235846 100644 --- a/test/log/2149 +++ b/test/log/2149 @@ -1,48 +1,45 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 => userw@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbB-0005vi-00 => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbC-0005vi-00" +1999-03-02 09:44:33 10HmbB-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbC-0005vi-00" 1999-03-02 09:44:33 10HmbB-0005vi-00 Completed 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbD-0005vi-00 => userz@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbE-0005vi-00" +1999-03-02 09:44:33 10HmbD-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbE-0005vi-00" 1999-03-02 09:44:33 10HmbD-0005vi-00 Completed 1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbF-0005vi-00 => usera@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbG-0005vi-00" +1999-03-02 09:44:33 10HmbF-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbG-0005vi-00" 1999-03-02 09:44:33 10HmbF-0005vi-00 Completed 1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbH-0005vi-00 => userb@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbI-0005vi-00" +1999-03-02 09:44:33 10HmbH-0005vi-00 H=127.0.0.1 [127.0.0.1]: a TLS session is required, but an attempt to start TLS failed +1999-03-02 09:44:33 10HmbH-0005vi-00 == userx@test.ex R=client T=send_to_server defer (-38) H=127.0.0.1 [127.0.0.1]: a TLS session is required, but an attempt to start TLS failed +1999-03-02 09:44:33 10HmbH-0005vi-00 ** userx@test.ex: retry timeout exceeded +1999-03-02 09:44:33 10HmbH-0005vi-00 userx@test.ex: error ignored 1999-03-02 09:44:33 10HmbH-0005vi-00 Completed ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D -1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 10HmaY-0005vi-00 => userw R=server T=local_delivery +1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx R=server T=local_delivery 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=p1235, no queue runs, listening for SMTP on port PORT_D -1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbA-0005vi-00 => userx R=server T=local_delivery 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=p1236, no queue runs, listening for SMTP on port PORT_D -1999-03-02 09:44:33 TLS error (D-H param setting 'TESTSUITE/aux-fixed/dh512'): error:xxxxxxxx:SSL routines::dh key too small -1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbB-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 10HmbC-0005vi-00 => usery R=server T=local_delivery +1999-03-02 09:44:33 10HmbC-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbB-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmbC-0005vi-00 => userx R=server T=local_delivery 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=p1237, no queue runs, listening for SMTP on port PORT_D -1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbD-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 10HmbE-0005vi-00 => userz R=server T=local_delivery +1999-03-02 09:44:33 10HmbE-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbD-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmbE-0005vi-00 => userx R=server T=local_delivery 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=p1238, no queue runs, listening for SMTP on port PORT_D -1999-03-02 09:44:33 WARNING: deprecated Diffie-Hellman parameter 'ike24' used -1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbF-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 10HmbG-0005vi-00 => usera R=server T=local_delivery +1999-03-02 09:44:33 10HmbG-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbF-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmbG-0005vi-00 => userx R=server T=local_delivery 1999-03-02 09:44:33 10HmbG-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=p1239, no queue runs, listening for SMTP on port PORT_D -1999-03-02 09:44:33 WARNING: deprecated Diffie-Hellman parameter 'ike22' used -1999-03-02 09:44:33 TLS error (D-H param setting 'ike22'): error:xxxxxxxx:SSL routines::dh key too small -1999-03-02 09:44:33 10HmbI-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbH-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 10HmbI-0005vi-00 => userb R=server T=local_delivery -1999-03-02 09:44:33 10HmbI-0005vi-00 Completed +1999-03-02 09:44:33 TLS error on connection from localhost (myhost.test.ex) [127.0.0.1] (Unknown curve name tls_eccurve 'bogus'): error:00000000:lib(0)::reason(0) diff --git a/test/paniclog/2149 b/test/paniclog/2148 similarity index 100% rename from test/paniclog/2149 rename to test/paniclog/2148 diff --git a/test/scripts/2100-OpenSSL/2148 b/test/scripts/2100-OpenSSL/2148 new file mode 100644 index 000000000..691814644 --- /dev/null +++ b/test/scripts/2100-OpenSSL/2148 @@ -0,0 +1,50 @@ +# TLS: DH params for OpenSSL +# +# DH param from file +exim -DSERVER=server -DDATA=DIR/aux-fixed/dh2048 -bd -oX PORT_D +**** +exim -odf userw@test.ex +Test message +**** +killdaemon +# +# Too-big DH param (vs. tls_dh_max_bits), from file +exim -DSERVER=server -DDATA=DIR/aux-fixed/dh3072 -bd -oX PORT_D +**** +exim -odf userx@test.ex +Test message +**** +killdaemon +# +# Too-small DH param (library limitation), from file +exim -DSERVER=server -DDATA=DIR/aux-fixed/dh512 -bd -oX PORT_D +**** +exim -odf usery@test.ex +Test message +**** +killdaemon +# +# Named DH-param +exim -DSERVER=server -DDATA=ffdhe2048 -bd -oX PORT_D +**** +exim -odf userz@test.ex +Test message +**** +killdaemon +# +# Named DH-param, logged deprecation +exim -DSERVER=server -DDATA=ike24 -bd -oX PORT_D +**** +exim -odf usera@test.ex +Test message +**** +killdaemon +# +# Named DH-param, panic-logged deprecation +exim -DSERVER=server -DDATA=ike22 -bd -oX PORT_D +**** +exim -odf userb@test.ex +Test message +**** +killdaemon +no_message_check diff --git a/test/scripts/2100-OpenSSL/2149 b/test/scripts/2100-OpenSSL/2149 index b8ff65560..59263df81 100644 --- a/test/scripts/2100-OpenSSL/2149 +++ b/test/scripts/2100-OpenSSL/2149 @@ -1,50 +1,52 @@ -# TLS: DH ciphers for OpenSSL +# TLS: EC curves for OpenSSL # -# DH param from file -exim -DSERVER=server -DDATA=DIR/aux-fixed/dh2048 -bd -oX PORT_D +# This is only checking the acceptability of option settings, not their effect +# See packet captures for actual effects +# +# Baseline: tls_eccurve option not present +exim -DSERVER=server -bd -oX PORT_D **** -exim -odf userw@test.ex -Test message +exim -odf userx@test.ex **** killdaemon # -# Too-big DH param (vs. tls_dh_max_bits), from file -exim -DSERVER=server -DDATA=DIR/aux-fixed/dh3072 -bd -oX PORT_D +# Explicit tls_eccurve setting of "auto" +exim -DSERVER=server -DDATA=auto -bd -oX PORT_D **** exim -odf userx@test.ex -Test message **** killdaemon # -# Too-small DH param (library limitation), from file -exim -DSERVER=server -DDATA=DIR/aux-fixed/dh512 -bd -oX PORT_D +# Explicit tls_eccurve setting of "" +# - unclear this works. At least with OpenSSL 3.0.5 we still get an x25519 keyshare in the Server Hello +exim -DSERVER=server -DDATA= -bd -oX PORT_D **** -exim -odf usery@test.ex -Test message +exim -odf userx@test.ex **** killdaemon # -# Named DH-param -exim -DSERVER=server -DDATA=ffdhe2048 -bd -oX PORT_D +# prime256v1 +exim -DSERVER=server -DDATA=prime256v1 -bd -oX PORT_D **** -exim -odf userz@test.ex -Test message +exim -odf userx@test.ex **** killdaemon # -# Named DH-param, logged deprecation -exim -DSERVER=server -DDATA=ike24 -bd -oX PORT_D +# X448 +# Client Hello offers an x25519 keyshare, server says "Hello Retry Request" with a KeyShare extension "X448" +# and the client retries Client Hello with that in the KeyShare. +exim -DSERVER=server -DDATA=X448 -bd -oX PORT_D **** -exim -odf usera@test.ex -Test message +exim -odf userx@test.ex **** killdaemon # -# Named DH-param, panic-logged deprecation -exim -DSERVER=server -DDATA=ike22 -bd -oX PORT_D +# "bogus". Should fail to make connection. +exim -DSERVER=server -DDATA=bogus -bd -oX PORT_D **** -exim -odf userb@test.ex -Test message +exim -odf userx@test.ex **** killdaemon +# +# no_message_check diff --git a/test/stderr/2148 b/test/stderr/2148 new file mode 100644 index 000000000..dff86ef7c --- /dev/null +++ b/test/stderr/2148 @@ -0,0 +1,5 @@ + +******** SERVER ******** +1999-03-02 09:44:33 TLS error (D-H param setting 'TESTSUITE/aux-fixed/dh512'): error:xxxxxxxx:SSL routines::dh key too small +1999-03-02 09:44:33 WARNING: deprecated Diffie-Hellman parameter 'ike22' used +1999-03-02 09:44:33 TLS error (D-H param setting 'ike22'): error:xxxxxxxx:SSL routines::dh key too small diff --git a/test/stderr/2149 b/test/stderr/2149 index dff86ef7c..045fadc9b 100644 --- a/test/stderr/2149 +++ b/test/stderr/2149 @@ -1,5 +1,2 @@ ******** SERVER ******** -1999-03-02 09:44:33 TLS error (D-H param setting 'TESTSUITE/aux-fixed/dh512'): error:xxxxxxxx:SSL routines::dh key too small -1999-03-02 09:44:33 WARNING: deprecated Diffie-Hellman parameter 'ike22' used -1999-03-02 09:44:33 TLS error (D-H param setting 'ike22'): error:xxxxxxxx:SSL routines::dh key too small -- 2.30.2