After doing some upgrades on both the server where I have Postal installed and also another server that I run which has services that use Postal to send mail, one of the services that is using postal has stopped sending mail and is complaining that the dh key on the postal server is too small.
When I do:
openssl s_client -connect my.postal.server.com:2525 -starttls smtp
I get output that includes the following:
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: DH, 1024 bits
---
SSL handshake has read 3548 bytes and written 543 bytes
Verification: OK
I think that the Server Temp Key: DH, 1024 bits might be what is causing the problem.
I've generated a new, bigger DH parameters key for the postal server but I don't know where to put it so that postal will find it.
As a temporary workaround you can modify /lib/postal/smtp_server/server.rb and add three lines of code after line 43 like this:
ssl_context.ciphers = Postal.config.smtp_server.tls_ciphers if Postal.config.smtp_server.tls_ciphers
+ ssl_context.tmp_ecdh_callback = Proc.new do |*a|
+ OpenSSL::PKey::EC.new("prime256v1")
+ end
ssl_context
and then restart postal.
@igerzog thank you so much for giving me the exact code. I had gotten as far as figuring out that i needed to modify the ssl_context in that file but i have been furiously googling for the past hour trying to figure out how to do what you showed. Thank you thank you thank you.
Is this something that should be a PR for postal so it becomes a permanent fix?
@pjv glad to know this helped to fix your problem. As a matter of fact I made the necessary modifications locally long time ago but really forgot to prepare a commit :) I think I'll do this shortly.
I can't say I've seen that error yet, where did you see it exactly? Does your software verify the SMTP connection with extra strictness?
It's a Discourse forum that stopped being able to send through postal.
I have a feeling that a recent discourse upgrade may have bumped up the requirements for the DH parameters in the SSL negotiation. I think this is a trend due to logjam.
good to know, hope the PR gets merged soon
There are some more things related to SSL that can be fixed as well:
ssl_version for fast_server is still set to SSLv23 and can be made configurable like it was made for SMTP here by this pull request https://github.com/atech/postal/pull/387.ctx.ssl_version= gives the instruction to use one version only (mentioned here https://github.com/atech/postal/issues/479#issuecomment-361434166) and is now deprecated. It is recommended to change this to ctx.min_version= and ctx.max_version= if needed.tmp_ecdh_callback is now deprecated too and changed by ecdh_curves=.Fix for the second number in this list will not take much time too.
Is it 4 months later correct that manually patching server.rb is still the only resolution to this bug?
@arendvw see #917. It seems as though the Atech Media folks (original developers) are having trouble finding the time to do much maintenance.
Good to know. I was just wondering if I was encountering the same or a different issue.
We have finally encountered this problem so I'm updating with our findings.
Ruby 2.3 OpenSSL offers DH 1024 bits by default which is now below the minimum security requirements of newer OpenSSL hence these problems.
For comparison, Ruby 2.6 OpenSSL offers X25519 253 bits by default which is well above the minimum security requirements so upgrading Ruby version is one solution for this problem.
Our solution was similar to the PR I forgot existed (sorry) but with the other callback (dh instead of ecdh)
ssl_context.tmp_dh_callback = Proc.new do |*a|
OpenSSL::PKey::DH.new <<-_end_of_pem_
-----BEGIN DH PARAMETERS-----
parameters here
-----END DH PARAMETERS-----
_end_of_pem_
end
Either way, this is definitely going to be a problem for Postal admins using Ruby 2.3 so it would be good to have some official comment about the recommended way forward here.
Edit: its worth noting that a hardcoded key has significant speed advantages over OpenSSL::PKey::DH.new(2048) but I haven't tried the PR to know if a similar speed advantage can be gained there.
Here we are, 鈥榖out a year later, relatively urgent and basic functionality PRs still waiting in the queue, all Postal users still completely mystified with respect to how to update and maintain Postal.
Sad.
For comparison, Ruby 2.6 OpenSSL offers X25519 253 bits by default which is well above the minimum security requirements so upgrading Ruby version is one solution for this problem.
Thanks for the research! I also fixed this permanently without manually patching this by upgrading my Debian from stretch to buster (9 to 10), and as a result upgrading ruby 2.3 to ruby 2.5.
Integration with a new installation of Discourse seems to be failing with this issue. Would be great if this can be fixed in Postal.
Thanks!
Most helpful comment
As a temporary workaround you can modify
/lib/postal/smtp_server/server.rband add three lines of code after line 43 like this:and then restart postal.