SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

Fabian Schirmer mail at f4bs.eu
Fr Mär 3 01:08:24 CET 2017


Hallo Frank,

ich gehe mal davon aus, dass wir hier über die MX sprechen, die für 
deine Absenderdomain (ebenfalls?) zuständig sind.

Also für meinen persönlichen Geschmack sind das bei mx1 doch ein 
bisschen zu wenig Ciphers, die du da anbietest. Insbesondere beim Thema 
TLS auf Port 25 läuft man da (leider) sehr schnell Gefahr, dass die 
Gegenseite da nicht mitspielt.

  SCAN RESULTS FOR MX1.W3MAN.COM:25

  ----------------------------------------------------------------

   * TLSV1_2 Cipher Suites:

       Preferred:

         TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384           ECDH-256 bits  256 bits      250 2.0.0 Ok

       Accepted:

         TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384           ECDH-256 bits  256 bits      250 2.0.0 Ok

         TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA              ECDH-256 bits  256 bits      250 2.0.0 Ok

         TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384           ECDH-256 bits  256 bits      250 2.0.0 Ok

         TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256           ECDH-256 bits  128 bits      250 2.0.0 Ok

         TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256           ECDH-256 bits  128 bits      250 2.0.0 Ok

         TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA              ECDH-256 bits  128 bits      250 2.0.0 Ok

   * TLSV1 Cipher Suites:

       Preferred:

         TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA              ECDH-256 bits  256 bits      250 2.0.0 Ok

       Accepted:

         TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA              ECDH-256 bits  256 bits      250 2.0.0 Ok

         TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA              ECDH-256 bits  128 bits      250 2.0.0 Ok

   * TLSV1_1 Cipher Suites:

       Preferred:

         TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA              ECDH-256 bits  256 bits      250 2.0.0 Ok

       Accepted:

         TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA              ECDH-256 bits  256 bits      250 2.0.0 Ok

         TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA              ECDH-256 bits  128 bits      250 2.0.0 Ok


und bei mx2 wiederum ein paar zu viel (anon?? wtf!?):

  SCAN RESULTS FOR MX2.W3MAN.COM:25

  ---------------------------------------------------

   * TLSV1 Cipher Suites:

       Preferred:

         TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                ECDH-256 bits  256 bits      250 2.0.0 Ok

       Accepted:

         TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                ECDH-256 bits  256 bits      250 2.0.0 Ok

         TLS_DHE_RSA_WITH_AES_256_CBC_SHA                  DH-1024 bits   256 bits      250 2.0.0 Ok

         TLS_ECDH_anon_WITH_AES_256_CBC_SHA                ECDH-256 bits  ANONYMOUS     250 2.0.0 Ok

         TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA             DH-1024 bits   256 bits      250 2.0.0 Ok

         TLS_DH_anon_WITH_AES_256_CBC_SHA                  DH-1024 bits   ANONYMOUS     250 2.0.0 Ok

         TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA             DH-1024 bits   ANONYMOUS     250 2.0.0 Ok

         TLS_RSA_WITH_AES_256_CBC_SHA                      -              256 bits      250 2.0.0 Ok

         TLS_RSA_WITH_CAMELLIA_256_CBC_SHA                 -              256 bits      250 2.0.0 Ok

         TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                ECDH-256 bits  128 bits      250 2.0.0 Ok

         TLS_DHE_RSA_WITH_AES_128_CBC_SHA                  DH-1024 bits   128 bits      250 2.0.0 Ok

         TLS_DHE_RSA_WITH_SEED_CBC_SHA                     DH-1024 bits   128 bits      250 2.0.0 Ok

         TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA             DH-1024 bits   128 bits      250 2.0.0 Ok

         TLS_ECDH_anon_WITH_AES_128_CBC_SHA                ECDH-256 bits  ANONYMOUS     250 2.0.0 Ok

         TLS_DH_anon_WITH_AES_128_CBC_SHA                  DH-1024 bits   ANONYMOUS     250 2.0.0 Ok

         TLS_DH_anon_WITH_SEED_CBC_SHA                     DH-1024 bits   ANONYMOUS     250 2.0.0 Ok

         TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA             DH-1024 bits   ANONYMOUS     250 2.0.0 Ok

         TLS_RSA_WITH_AES_128_CBC_SHA                      -              128 bits      250 2.0.0 Ok

         TLS_RSA_WITH_CAMELLIA_128_CBC_SHA                 -              128 bits      250 2.0.0 Ok

         TLS_RSA_WITH_SEED_CBC_SHA                         -              128 bits      250 2.0.0 Ok

         TLS_ECDHE_RSA_WITH_RC4_128_SHA                    ECDH-256 bits  128 bits      250 2.0.0 Ok

         TLS_ECDH_anon_WITH_RC4_128_SHA                    ECDH-256 bits  ANONYMOUS     250 2.0.0 Ok

         TLS_DH_anon_WITH_RC4_128_MD5                      DH-1024 bits   ANONYMOUS     250 2.0.0 Ok

         TLS_RSA_WITH_RC4_128_SHA                          -              128 bits      250 2.0.0 Ok

         TLS_RSA_WITH_RC4_128_MD5                          -              128 bits      250 2.0.0 Ok

         TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA               ECDH-256 bits  112 bits      250 2.0.0 Ok

         TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA                 DH-1024 bits   112 bits      250 2.0.0 Ok

         TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA               ECDH-256 bits  ANONYMOUS     250 2.0.0 Ok

         TLS_DH_anon_WITH_3DES_EDE_CBC_SHA                 DH-1024 bits   ANONYMOUS     250 2.0.0 Ok

         TLS_RSA_WITH_3DES_EDE_CBC_SHA                     -              112 bits      250 2.0.0 Ok

   * TLSV1_1 Cipher Suites:

       Preferred:

         TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                ECDH-256 bits  256 bits      250 2.0.0 Ok

       Accepted:

         TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                ECDH-256 bits  256 bits      250 2.0.0 Ok

         TLS_DHE_RSA_WITH_AES_256_CBC_SHA                  DH-1024 bits   256 bits      250 2.0.0 Ok

         TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA             DH-1024 bits   256 bits      250 2.0.0 Ok

         TLS_ECDH_anon_WITH_AES_256_CBC_SHA                ECDH-256 bits  ANONYMOUS     250 2.0.0 Ok

         TLS_DH_anon_WITH_AES_256_CBC_SHA                  DH-1024 bits   ANONYMOUS     250 2.0.0 Ok

         TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA             DH-1024 bits   ANONYMOUS     250 2.0.0 Ok

         TLS_RSA_WITH_AES_256_CBC_SHA                      -              256 bits      250 2.0.0 Ok

         TLS_RSA_WITH_CAMELLIA_256_CBC_SHA                 -              256 bits      250 2.0.0 Ok

         TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                ECDH-256 bits  128 bits      250 2.0.0 Ok

         TLS_DHE_RSA_WITH_AES_128_CBC_SHA                  DH-1024 bits   128 bits      250 2.0.0 Ok

         TLS_DHE_RSA_WITH_SEED_CBC_SHA                     DH-1024 bits   128 bits      250 2.0.0 Ok

         TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA             DH-1024 bits   128 bits      250 2.0.0 Ok

         TLS_ECDH_anon_WITH_AES_128_CBC_SHA                ECDH-256 bits  ANONYMOUS     250 2.0.0 Ok

         TLS_DH_anon_WITH_AES_128_CBC_SHA                  DH-1024 bits   ANONYMOUS     250 2.0.0 Ok

         TLS_DH_anon_WITH_SEED_CBC_SHA                     DH-1024 bits   ANONYMOUS     250 2.0.0 Ok

         TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA             DH-1024 bits   ANONYMOUS     250 2.0.0 Ok

         TLS_RSA_WITH_AES_128_CBC_SHA                      -              128 bits      250 2.0.0 Ok

         TLS_RSA_WITH_CAMELLIA_128_CBC_SHA                 -              128 bits      250 2.0.0 Ok

         TLS_RSA_WITH_SEED_CBC_SHA                         -              128 bits      250 2.0.0 Ok

         TLS_ECDHE_RSA_WITH_RC4_128_SHA                    ECDH-256 bits  128 bits      250 2.0.0 Ok

         TLS_ECDH_anon_WITH_RC4_128_SHA                    ECDH-256 bits  ANONYMOUS     250 2.0.0 Ok

         TLS_DH_anon_WITH_RC4_128_MD5                      DH-1024 bits   ANONYMOUS     250 2.0.0 Ok

         TLS_RSA_WITH_RC4_128_SHA                          -              128 bits      250 2.0.0 Ok

         TLS_RSA_WITH_RC4_128_MD5                          -              128 bits      250 2.0.0 Ok

         TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA               ECDH-256 bits  112 bits      250 2.0.0 Ok

         TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA                 DH-1024 bits   112 bits      250 2.0.0 Ok

         TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA               ECDH-256 bits  ANONYMOUS     250 2.0.0 Ok

         TLS_DH_anon_WITH_3DES_EDE_CBC_SHA                 DH-1024 bits   ANONYMOUS     250 2.0.0 Ok

         TLS_RSA_WITH_3DES_EDE_CBC_SHA                     -              112 bits      250 2.0.0 Ok

   * TLSV1_2 Cipher Suites:

       Preferred:

         TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384             ECDH-256 bits  256 bits      250 2.0.0 Ok

       Accepted:

         TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384             ECDH-256 bits  256 bits      250 2.0.0 Ok

         TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384             ECDH-256 bits  256 bits      250 2.0.0 Ok

         TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                ECDH-256 bits  256 bits      250 2.0.0 Ok

         TLS_DHE_RSA_WITH_AES_256_GCM_SHA384               DH-1024 bits   256 bits      250 2.0.0 Ok

         TLS_DHE_RSA_WITH_AES_256_CBC_SHA256               DH-1024 bits   256 bits      250 2.0.0 Ok

         TLS_DHE_RSA_WITH_AES_256_CBC_SHA                  DH-1024 bits   256 bits      250 2.0.0 Ok

         TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA             DH-1024 bits   256 bits      250 2.0.0 Ok

         TLS_DH_anon_WITH_AES_256_GCM_SHA384               DH-1024 bits   ANONYMOUS     250 2.0.0 Ok

         TLS_ECDH_anon_WITH_AES_256_CBC_SHA                ECDH-256 bits  ANONYMOUS     250 2.0.0 Ok

         TLS_DH_anon_WITH_AES_256_CBC_SHA256               DH-1024 bits   ANONYMOUS     250 2.0.0 Ok

         TLS_DH_anon_WITH_AES_256_CBC_SHA                  DH-1024 bits   ANONYMOUS     250 2.0.0 Ok

         TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA             DH-1024 bits   ANONYMOUS     250 2.0.0 Ok

         TLS_RSA_WITH_AES_256_CBC_SHA256                   -              256 bits      250 2.0.0 Ok

         TLS_RSA_WITH_AES_256_CBC_SHA                      -              256 bits      250 2.0.0 Ok

         TLS_RSA_WITH_AES_256_GCM_SHA384                   -              256 bits      250 2.0.0 Ok

         TLS_RSA_WITH_CAMELLIA_256_CBC_SHA                 -              256 bits      250 2.0.0 Ok

         TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256             ECDH-256 bits  128 bits      250 2.0.0 Ok

         TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256             ECDH-256 bits  128 bits      250 2.0.0 Ok

         TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                ECDH-256 bits  128 bits      250 2.0.0 Ok

         TLS_DHE_RSA_WITH_AES_128_CBC_SHA256               DH-1024 bits   128 bits      250 2.0.0 Ok

         TLS_DHE_RSA_WITH_AES_128_GCM_SHA256               DH-1024 bits   128 bits      250 2.0.0 Ok

         TLS_DHE_RSA_WITH_AES_128_CBC_SHA                  DH-1024 bits   128 bits      250 2.0.0 Ok

         TLS_DHE_RSA_WITH_SEED_CBC_SHA                     DH-1024 bits   128 bits      250 2.0.0 Ok

         TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA             DH-1024 bits   128 bits      250 2.0.0 Ok

         TLS_ECDH_anon_WITH_AES_128_CBC_SHA                ECDH-256 bits  ANONYMOUS     250 2.0.0 Ok

         TLS_DH_anon_WITH_AES_128_GCM_SHA256               DH-1024 bits   ANONYMOUS     250 2.0.0 Ok

         TLS_DH_anon_WITH_AES_128_CBC_SHA256               DH-1024 bits   ANONYMOUS     250 2.0.0 Ok

         TLS_DH_anon_WITH_AES_128_CBC_SHA                  DH-1024 bits   ANONYMOUS     250 2.0.0 Ok

         TLS_DH_anon_WITH_SEED_CBC_SHA                     DH-1024 bits   ANONYMOUS     250 2.0.0 Ok

         TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA             DH-1024 bits   ANONYMOUS     250 2.0.0 Ok

         TLS_RSA_WITH_AES_128_GCM_SHA256                   -              128 bits      250 2.0.0 Ok

         TLS_RSA_WITH_AES_128_CBC_SHA256                   -              128 bits      250 2.0.0 Ok

         TLS_RSA_WITH_AES_128_CBC_SHA                      -              128 bits      250 2.0.0 Ok

         TLS_RSA_WITH_CAMELLIA_128_CBC_SHA                 -              128 bits      250 2.0.0 Ok

         TLS_RSA_WITH_SEED_CBC_SHA                         -              128 bits      250 2.0.0 Ok

         TLS_ECDHE_RSA_WITH_RC4_128_SHA                    ECDH-256 bits  128 bits      250 2.0.0 Ok

         TLS_ECDH_anon_WITH_RC4_128_SHA                    ECDH-256 bits  ANONYMOUS     250 2.0.0 Ok

         TLS_DH_anon_WITH_RC4_128_MD5                      DH-1024 bits   ANONYMOUS     250 2.0.0 Ok

         TLS_RSA_WITH_RC4_128_SHA                          -              128 bits      250 2.0.0 Ok

         TLS_RSA_WITH_RC4_128_MD5                          -              128 bits      250 2.0.0 Ok

         TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA               ECDH-256 bits  112 bits      250 2.0.0 Ok

         TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA                 DH-1024 bits   112 bits      250 2.0.0 Ok

         TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA               ECDH-256 bits  ANONYMOUS     250 2.0.0 Ok

         TLS_DH_anon_WITH_3DES_EDE_CBC_SHA                 DH-1024 bits   ANONYMOUS     250 2.0.0 Ok

         TLS_RSA_WITH_3DES_EDE_CBC_SHA                     -              112 bits      250 2.0.0 Ok



Du solltest beachten, dass es eine schlechte Idee ist, den Backup-MX in 
Sachen config zu vernachlässigen. Weil dann das beste Konzept als Ganzes 
nutzlos bzw umsonst ist.

Prüfe am besten auch mal, ob deine DH-Param-Datei 
"${config_directory}/dh4096.pem" OK ist (vorhanden und für postfix 
erreichbar). Denn die DHE-Ciphers fehlen. Es sei denn dies ist Absicht.

Ich habe bei mir folgendes bei tls_exclude_ciphers zu stehen:

= aNULL, eNULL, 3DES, RC4, kRSA, kSRP, kPSK

Ich bin der Meinung, dass die daraus resultierenden Ciphers ein guter 
Kompromiss sind aus (relativ noch) hoher SIcherheit und mit dennoch ein 
wenig Legacy-Support.

Man muss jedoch bedenken, dass die allgemeine Sichtweise zum Thema 
SSL-Support und Mail-Transit ist, dass man lieber alte, unsichere 
Ciphers anbietet anstatt Gefahr zu laufen, dass das sendende System dann 
auf Plaintext umschaltet und somit ja das eigentlich gewünschte TLS 
"umgeht". (Lustiger- und Ironischerweise sieht man das beim Thema HTTPS 
ganz anders - da muss das alles am besten schon gestern der neueste Shit 
von morgen sein.)

Muss jeder für sich selbst abwägen, was da das Beste ist.

Grüsse, Fabian
-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20170303/8491fbeb/attachment.html>


Mehr Informationen über die Mailingliste Postfixbuch-users