From owner-freebsd-security@FreeBSD.ORG Wed Mar 11 08:06:19 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A7D2B4B5; Wed, 11 Mar 2015 08:06:19 +0000 (UTC) Received: from mx2.proofpoint.com (mx2.proofpoint.com [208.86.202.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 87BA71A1; Wed, 11 Mar 2015 08:06:18 +0000 (UTC) Received: from hq-cas01.corp.proofpoint.com (hq-cas01.corp.proofpoint.com [10.20.7.201]) by admin1009.us.proofpoint.com (8.15.0.59/8.15.0.59) with ESMTPS id t2B83H9r000486 (version=TLSv1 cipher=AES128-SHA bits=128 verify=NOT); Wed, 11 Mar 2015 01:03:17 -0700 Received: from the-guenther.attlocal.net (76.253.1.113) by hq-cas01.corp.proofpoint.com (10.20.7.200) with Microsoft SMTP Server (TLS) id 14.3.224.2; Wed, 11 Mar 2015 01:03:17 -0700 Date: Wed, 11 Mar 2015 01:03:18 -0700 From: Philip Guenther X-X-Sender: guenther@morgaine.local To: Julian Elischer Subject: Re: sendmail broken by libssl in current In-Reply-To: <54FFE774.50103@freebsd.org> Message-ID: References: <54FFE774.50103@freebsd.org> User-Agent: Alpine 2.20 (BSO 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" X-Originating-IP: [76.253.1.113] X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2015-03-11_03:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 clxscore=-1 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1502090000 definitions=main-1503110085 X-Proofpoint-CLX-Result: SUCCESS: status="OK", duration=0.0077, score=-1 X-Mailman-Approved-At: Wed, 11 Mar 2015 11:28:26 +0000 Cc: current@freebsd.com, freebsd security , Claus Assmann , Gregory Shapiro X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Mar 2015 08:06:19 -0000 [Forwarded from Greg, before he had to go offline] On Tue, 10 Mar 2015, Julian Elischer wrote: > libssl has a new "feature" > implemented by: > crypto/openssl/ssl/t1_lib.c > > 672 /* Add padding to workaround bugs in F5 terminators. > 673 * See https://tools.ietf.org/html/draft-agl-tls-padding-03 > 674 * > 675 * NB: because this code works out the length of all existing > 676 * extensions it MUST always appear last. > 677 */ > 678 //if (s->options & SSL_OP_TLSEXT_PADDING) > > unfortunatly this makes sendmail incompatible with various email servers > around the world, including (apparently (ironically (*))) Ironport email > gateways. It fails in TLS handshake. ... > I had to make the following "fix" to libssl to get sendmail to be able > to get my tax forms out. This wonderful change (cough) to include SSL_OP_TLSEXT_PADDING in SSL_OP_ALL was addressed in sendmail 8.15.1, which explicitly removes SSL_OP_TLSEXT_PADDING from the default ClientSSLOptions value if that #define exists. I believe Greg is working on importing that to FreeBSD. Pending that, simply copy the relevant code from the 8.15.1's readcf.c:readcf(), which has this: #if STARTTLS Srv_SSL_Options = SSL_OP_ALL; Clt_SSL_Options = SSL_OP_ALL # ifdef SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv2 # endif # ifdef SSL_OP_NO_TICKET | SSL_OP_NO_TICKET # endif ; # ifdef SSL_OP_TLSEXT_PADDING /* SSL_OP_TLSEXT_PADDING breaks compatibility with some sites */ Srv_SSL_Options &= ~SSL_OP_TLSEXT_PADDING; Clt_SSL_Options &= ~SSL_OP_TLSEXT_PADDING; # endif /* SSL_OP_TLSEXT_PADDING */ #endif /* STARTTLS */ You'll just need to add the #ifdef SSL_OP_TLSEXT_PADDING block. If the default is overriden by explicitly setting the ClientSSLOptions option in then config, then you may need to explicitly remove it there as well, such as seen in the implicit default: O ClientSSLOptions=SSL_OP_ALL SSL_OP_NO_SSLv2 SSL_OP_NO_TICKET -SSL_OP_TLSEXT_PADDING This option and default is documented in op.me in the source distribution. Philip Guenther Proofpoint Engineering