I just added an ECDSA certificate to my mail server using ssl_alt_cert (the RSA certificate is specified by ssl_cert), both certificate files contain the certificate and a single intermediate (which currently happens to be the same intermediate from Let?s Encrypt). When connecting to the server using either RSA or ECDSA ciphers, the server sends the proper certificate, but also sends two intermediates. Apparently it?s reading the intermediate from both files and using both for all situations, rather than using only the intermediate in the RSA file for RSA certificates, and the intermediate in the ECDSA file for ECDSA certificates. I expect this will be a bigger problem when Let?s Encrypt starts using ECDSA intermediates. Removing the intermediate from the ssl_alt_cert file solves the problem (but then doesn?t allow an ECDSA intermediate to be specified). Configuration: # 2.2.34 (874deae): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.22 (22940fb7) # OS: Linux 4.14.17-x86_64-linode99 x86_64 Debian 9.3 ext4 # Hostname: [redacted] auth_mechanisms = plain login listen = [ipv4 redacted], [ipv6 redacted] mail_location = maildir:/var/mail/vhosts/%d/%n mail_privileged_group = mail namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } protocols = imap lmtp service auth-worker { user = vmail } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } user = dovecot } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_alt_cert = </etc/ssl/certs/mail.[redacted].ecdsa.pem ssl_alt_key = </etc/ssl/private/[redacted].ecdsa.key ssl_cert = </etc/ssl/certs/mail.[redacted].rsa.pem ssl_key = </etc/ssl/private/[redacted].rsa.key ssl_cipher_list = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:kEDH+CAMELLIA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!DES-CBC3-SHA ssl_dh_parameters_length = 4096 ssl_prefer_server_ciphers = yes userdb { args = uid=vmail gid=vmail home=/var/vmail/vhosts/%d/%n driver = static } userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap }
On 08/03/18 18:43, Peter Linss wrote:> I just added an ECDSA certificate to my mail server using ssl_alt_cert (the RSA certificate is specified by ssl_cert), both certificate files contain the certificate and a single intermediate (which currently happens to be the same intermediate from Let?s Encrypt). > > When connecting to the server using either RSA or ECDSA ciphers, the server sends the proper certificate, but also sends two intermediates. Apparently it?s reading the intermediate from both files and using both for all situations, rather than using only the intermediate in the RSA file for RSA certificates, and the intermediate in the ECDSA file for ECDSA certificates. I expect this will be a bigger problem when Let?s Encrypt starts using ECDSA intermediates. > > Removing the intermediate from the ssl_alt_cert file solves the problem (but then doesn?t allow an ECDSA intermediate to be specified).I believe that supplying multiple unrelated intermediate certificates is an incorrect behaviour, though I don't know if this is a problem that can be solved in Dovecot or has to be addressed in openssl itself. Do you get any issue in certificate validation in the client? John
<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 10 March 2018 at 14:49 John Fawcett < <a href="mailto:john@voipsupport.it">john@voipsupport.it</a>> wrote: </div> <div> <br> </div> <div> <br> </div> <div> On 08/03/18 18:43, Peter Linss wrote: </div> <blockquote type="cite"> <div> I just added an ECDSA certificate to my mail server using ssl_alt_cert (the RSA certificate is specified by ssl_cert), both certificate files contain the certificate and a single intermediate (which currently happens to be the same intermediate from Let’s Encrypt). </div> </blockquote> <blockquote type="cite"> <div> When connecting to the server using either RSA or ECDSA ciphers, the server sends the proper certificate, but also sends two intermediates. Apparently it’s reading the intermediate from both files and using both for all situations, rather than using only the intermediate in the RSA file for RSA certificates, and the intermediate in the ECDSA file for ECDSA certificates. I expect this will be a bigger problem when Let’s Encrypt starts using ECDSA intermediates. </div> </blockquote> <blockquote type="cite"> <div> Removing the intermediate from the ssl_alt_cert file solves the problem (but then doesn’t allow an ECDSA intermediate to be specified). </div> </blockquote> <div> I believe that supplying multiple unrelated intermediate certificates is </div> <div> an incorrect behaviour, though I don't know if this is a problem that </div> <div> can be solved in Dovecot or has to be addressed in openssl itself. </div> <div> <br> </div> <div> Do you get any issue in certificate validation in the client? </div> <div> <br> </div> <div> John </div> </blockquote> <div> <br> </div> <div> You sure your cert file does not contain unrelated certificates? </div> <div class="io-ox-signature"> --- <br>Aki Tuomi </div> </body> </html>