dovecot - Jul 2018 - 2.3.2.1 - EC keys suppport?

>>>>>> facing [ no shared cipher ] error with EC private keys.
>>>>> the client connecting to your instance has to support ecdsa
>>>>>
>>>>>
>>>> It does - Thunderbird 60.0b10 (64-bit)
>>>>
>>>> [ security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384;true ]
>>>>
>>>> It seems there is a difference between the private key (rsa vs.
ecc ->
>>>> SSL_CTX?) used for the certificate signing request and the
signed
>>>> certificate.
>>>>
>>>> The csr created from a private key with [ openssl genpkey
-algorithm RSA
>>>> ] and signed by a CA with [ ecdhe_ecdsa ] works with no error.
>>>>
>>>> But as stated in the initial message it does not work if the
private key
>>>> for the csr is generated with [ openssl ecparam -name
brainpoolP512t1
>>>> -genkey ].
>>>>
>>>>
>>> Can you try, with your ECC cert,
>>>
>>> openssl s_client -connect server:143 -starttls imap
>>>
>>> and paste result?
>>>
>> This is for the certificate where the csr is generated with an EC
>> private key and the [ no shared cipher ] error:
>>
>> CONNECTED(00000003)
>> write:errno=0
>> ---
>> no peer certificate available
>> ---
>> No client certificate CA names sent
>> ---
>> SSL handshake has read 309 bytes and written 202 bytes
>> Verification: OK
>> ---
>> New, (NONE), Cipher is (NONE)
>> Secure Renegotiation IS NOT supported
>> Compression: NONE
>> Expansion: NONE
>> No ALPN negotiated
>> SSL-Session:
>> ??? Protocol? : TLSv1.2
>> ??? Cipher??? : 0000
>> ??? Session-ID:
>> ??? Session-ID-ctx:
>> ??? Master-Key:
>> ??? PSK identity: None
>> ??? PSK identity hint: None
>> ??? SRP username: None
>> ??? Start Time: 1532969474
>> ??? Timeout?? : 7200 (sec)
>> ??? Verify return code: 0 (ok)
>> ??? Extended master secret: no
>>
>> ---
>>
>> and this for the certificate where the csr is generated with a RSA
>> private key:
>>
>> CONNECTED(00000003)
>> depth=0 C = 00, ST = CH, L = DC, O = foo.bar, OU = mail, CN = Server
>> foo.bar Mail IMAP
>> verify error:num=20:unable to get local issuer certificate
>> verify return:1
>> depth=0 C = 00, ST = CH, L = DC, O = foo.bar, OU = mail, CN = Server
>> foo.bar Mail IMAP
>> verify error:num=21:unable to verify the first certificate
>> verify return:1
>> ---
>> Certificate chain
>> ?0 s:/C=00/ST=CH/L=DC/O=foo.bar/OU=mail/CN=Server foo.bar Mail IMAP
>> ?? i:/C=00/ST=CH/O=foo.bar/OU=Server/CN=IM Server foo.bar
>> ---
>> Server certificate
>> -----BEGIN CERTIFICATE-----
>> [ truncated ]
>> -----END CERTIFICATE-----
>> subject=/C=00/ST=CH/L=DC/O=foo.bar/OU=mail/CN=Server foo.bar Mail IMAP
>> issuer=/C=00/ST=CH/O=foo.bar/OU=Server/CN=IM Server foo.bar
>> ---
>> No client certificate CA names sent
>> Peer signing digest: SHA512
>> Server Temp Key: X25519, 253 bits
>> ---
>> SSL handshake has read 2361 bytes and written 295 bytes
>> Verification error: unable to verify the first certificate
>> ---
>> New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
>> Server public key is 4096 bit
>> Secure Renegotiation IS supported
>> Compression: NONE
>> Expansion: NONE
>> No ALPN negotiated
>> SSL-Session:
>> ??? Protocol? : TLSv1.2
>> ??? Cipher??? : ECDHE-RSA-AES256-GCM-SHA384
>> ??? Session-ID:
>> C23E6478F4C6372F2A524504031B32EDC9FDCAA343AE5017A09E47C5E7B60DD6
>> ??? Session-ID-ctx:
>> ??? Master-Key: [ obfuscated ]
>> ??? PSK identity: None
>> ??? PSK identity hint: None
>> ??? SRP username: None
>> ??? Start Time: 1532969755
>> ??? Timeout?? : 7200 (sec)
>> ??? Verify return code: 21 (unable to verify the first certificate)
>> ??? Extended master secret: yes
>> ---
>> . OK Pre-login capabilities listed, post-login capabilities have more.
>>
>>
>>
> Can you configure ssl_cipher_list = ALL and try again? Also, can you send
the *PUBLIC* part of the certificate?
>
[ ssl_cipher_list = ALL ] set/applied

This is for the certificate where the csr is generated with an EC private key
and the [ no shared cipher ] error:

CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 309 bytes and written 202 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
??? Protocol? : TLSv1.2
??? Cipher??? : 0000
??? Session-ID:
??? Session-ID-ctx:
??? Master-Key:
??? PSK identity: None
??? PSK identity hint: None
??? SRP username: None
??? Start Time: 1532970888
??? Timeout?? : 7200 (sec)
??? Verify return code: 0 (ok)
??? Extended master secret: no

---

and this for the certificate where the csr is generated with a RSA
private key:

CONNECTED(00000003)
depth=0 C = 00, ST = CH, L = DC, O = foo.bar, OU = mail, CN = Server
foo.bar Mail IMAP
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = 00, ST = CH, L = DC, O = foo.bar, OU = mail, CN = Server
foo.bar Mail IMAP
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
?0 s:/C=00/ST=CH/L=DC/O=foo.bar/OU=mail/CN=Server foo.bar Mail IMAP
?? i:/C=00/ST=CH/O=foo.bar/OU=Server/CN=IM Server foo.bar
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFIjCCBIagAwIBAgICEAYwCgYIKoZIzj0EAwQwWTELMAkGA1UEBhMCMDAxCzAJ
BgNVBAgMAkNIMRAwDgYDVQQKDAd2dG9sLm1lMQ8wDQYDVQQLDAZTZXJ2ZXIxGjAY
BgNVBAMMEUlNIFNlcnZlciB2dG9sLm1lMB4XDTE4MDczMDExMTE1NloXDTE5MDcz
MDExMTE1NlowazELMAkGA1UEBhMCMDAxCzAJBgNVBAgMAkNIMQswCQYDVQQHDAJE
QzEQMA4GA1UECgwHdnRvbC5tZTENMAsGA1UECwwEbWFpbDEhMB8GA1UEAwwYU2Vy
dmVyIHZ0b2wubWUgTWFpbCBJTUFQMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
CgKCAgEAx3Rr6Goz0xHmRGwTC5XWvTYLLXli9nhaSqpfSXSBNembIpAJMQxeZKS5
T1VI1Kufp5HIpBFAXKo/yAMNS4E+LtctX2ITsZD1sUJw20J7TJtDR6mX7qiNJTlT
FXHx5VZWLp2Jv3Wlw85iNUoRcIY2IB3Q9KACTPlMl8Be9BPYAevgyqh5d67LFgwf
77Soq4ppa0sLxTUf1Lyh9lvpIRdDnDhs749PlLrgWIagra2ONdesOlwMOANjn5+8
sKnooVlwsygDEIu2QWYeAJO43GWFMiMtb4sAii52fwbwzLNOA/jF1EDz2zbimBMc
Tcy430CucN7wYQQa8KVU/EdaYXsDRFLPfyvkFw/1GKOm4MzCBNUp3soqMgFCNWix
HwGw82hzMadXqKHwosSoDa291hpboxppYwqohG4rlbLNXZKINTrIYgh4EldI3HGy
YhikuVVODa254DLoj/iS2A7ZWpvDGGqirEMEZEJi9pdO3E5CUctiZFe0zrKk6xX7
VfQq+wZzN2F6LFVyLEIR238FOKfUdoHP5i4d+2HIzUC1ZTYXLMrmC8aLPnvQLKmO
lS8+EPrFz4LTTvw6Tt5oO0TH51FruLRRfp545yuT/7MOt4pf9jXjvuTrQDVTp+z2
6+nZZ5rxv1mAB/d0DvCg3sS3QxnzytmzlE0WVODb9zl0HNVz2GkCAwEAAaOCAV8w
ggFbMAkGA1UdEwQCMAAwHQYDVR0OBBYEFD+YAO8k3NK95IXhPgriJNfICQDuMIGR
BgNVHSMEgYkwgYaAFLcvDVPejjtNaMC39YNvdzbHnbWZoWqkaDBmMQswCQYDVQQG
EwIwMDELMAkGA1UECAwCQ0gxCzAJBgNVBAcMAkRDMRAwDgYDVQQKDAd2dG9sLm1l
MQ8wDQYDVQQLDAZTZXJ2ZXIxGjAYBgNVBAMMEUNBIFNlcnZlciB2dG9sLm1lggIQ
ADAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwEQYIKwYBBQUH
ARgEBTADAgERMEYGA1UdHwQ/MD0wO6A5oDeGNWZpbGU6L2V0Yy9wa2kvdnRvbC5t
ZS9zZXJ2ZXIvaW0vY3JsL2ltX3NlcnZlci5jcmwucGVtMBsGA1UdEQQUMBKHBKwY
bQaCBG1haWyCBGltYXAwCgYIKoZIzj0EAwQDgYkAMIGFAkEAml53KubdaDmaiUXz
ir5NvZmQ8/0B9UbcSKbJq30HJYhx4gotbSYU8LuEYBzAthzHwnQ0FyHV5rZPo4Gp
RBEFkgJAfYk9C3w0urb6KE+e+bFXHketkG+P5aQyUw2kWKI7GikRX2mS5ZbSGNfe
7Q79jSPczn3gguffxmoSW/idw5BpCw=-----END CERTIFICATE-----
subject=/C=00/ST=CH/L=DC/O=foo.bar/OU=mail/CN=Server foo.bar Mail IMAP
issuer=/C=00/ST=CH/O=foo.bar/OU=Server/CN=IM Server foo.bar
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2361 bytes and written 295 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
??? Protocol? : TLSv1.2
??? Cipher??? : ECDHE-RSA-AES256-GCM-SHA384
??? Session-ID:
9636556EDC5BA951A6EE3BCAB17BCFAEEE8B380C097EC0C7F20D68BAF2775782
??? Session-ID-ctx:
??? Master-Key: [ obfuscated ]
??? PSK identity: None
??? PSK identity hint: None
??? SRP username: None
??? Start Time: 1532971172
??? Timeout?? : 7200 (sec)
??? Verify return code: 21 (unable to verify the first certificate)
??? Extended master secret: yes
---
. OK Pre-login capabilities listed, post-login capabilities have more.

>>>>>>> facing [ no shared cipher ] error with EC private
keys.
>>>>>> the client connecting to your instance has to support
ecdsa
>>>>>>
>>>>>>
>>>>> It does - Thunderbird 60.0b10 (64-bit)
>>>>>
>>>>> [ security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384;true ]
>>>>>
>>>>> It seems there is a difference between the private key (rsa
vs. ecc ->
>>>>> SSL_CTX?) used for the certificate signing request and the
signed
>>>>> certificate.
>>>>>
>>>>> The csr created from a private key with [ openssl genpkey
-algorithm RSA
>>>>> ] and signed by a CA with [ ecdhe_ecdsa ] works with no
error.
>>>>>
>>>>> But as stated in the initial message it does not work if
the private key
>>>>> for the csr is generated with [ openssl ecparam -name
brainpoolP512t1
>>>>> -genkey ].
>>>>>
>>>>>
>>>> Can you try, with your ECC cert,
>>>>
>>>> openssl s_client -connect server:143 -starttls imap
>>>>
>>>> and paste result?
>>>>
>>> This is for the certificate where the csr is generated with an EC
>>> private key and the [ no shared cipher ] error:
>>>
>>> CONNECTED(00000003)
>>> write:errno=0
>>> ---
>>> no peer certificate available
>>> ---
>>> No client certificate CA names sent
>>> ---
>>> SSL handshake has read 309 bytes and written 202 bytes
>>> Verification: OK
>>> ---
>>> New, (NONE), Cipher is (NONE)
>>> Secure Renegotiation IS NOT supported
>>> Compression: NONE
>>> Expansion: NONE
>>> No ALPN negotiated
>>> SSL-Session:
>>> ??? Protocol? : TLSv1.2
>>> ??? Cipher??? : 0000
>>> ??? Session-ID:
>>> ??? Session-ID-ctx:
>>> ??? Master-Key:
>>> ??? PSK identity: None
>>> ??? PSK identity hint: None
>>> ??? SRP username: None
>>> ??? Start Time: 1532969474
>>> ??? Timeout?? : 7200 (sec)
>>> ??? Verify return code: 0 (ok)
>>> ??? Extended master secret: no
>>>
>>> ---
>>>
>>> and this for the certificate where the csr is generated with a RSA
>>> private key:
>>>
>>> CONNECTED(00000003)
>>> depth=0 C = 00, ST = CH, L = DC, O = foo.bar, OU = mail, CN =
Server
>>> foo.bar Mail IMAP
>>> verify error:num=20:unable to get local issuer certificate
>>> verify return:1
>>> depth=0 C = 00, ST = CH, L = DC, O = foo.bar, OU = mail, CN =
Server
>>> foo.bar Mail IMAP
>>> verify error:num=21:unable to verify the first certificate
>>> verify return:1
>>> ---
>>> Certificate chain
>>> ?0 s:/C=00/ST=CH/L=DC/O=foo.bar/OU=mail/CN=Server foo.bar Mail IMAP
>>> ?? i:/C=00/ST=CH/O=foo.bar/OU=Server/CN=IM Server foo.bar
>>> ---
>>> Server certificate
>>> -----BEGIN CERTIFICATE-----
>>> [ truncated ]
>>> -----END CERTIFICATE-----
>>> subject=/C=00/ST=CH/L=DC/O=foo.bar/OU=mail/CN=Server foo.bar Mail
IMAP
>>> issuer=/C=00/ST=CH/O=foo.bar/OU=Server/CN=IM Server foo.bar
>>> ---
>>> No client certificate CA names sent
>>> Peer signing digest: SHA512
>>> Server Temp Key: X25519, 253 bits
>>> ---
>>> SSL handshake has read 2361 bytes and written 295 bytes
>>> Verification error: unable to verify the first certificate
>>> ---
>>> New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
>>> Server public key is 4096 bit
>>> Secure Renegotiation IS supported
>>> Compression: NONE
>>> Expansion: NONE
>>> No ALPN negotiated
>>> SSL-Session:
>>> ??? Protocol? : TLSv1.2
>>> ??? Cipher??? : ECDHE-RSA-AES256-GCM-SHA384
>>> ??? Session-ID:
>>> C23E6478F4C6372F2A524504031B32EDC9FDCAA343AE5017A09E47C5E7B60DD6
>>> ??? Session-ID-ctx:
>>> ??? Master-Key: [ obfuscated ]
>>> ??? PSK identity: None
>>> ??? PSK identity hint: None
>>> ??? SRP username: None
>>> ??? Start Time: 1532969755
>>> ??? Timeout?? : 7200 (sec)
>>> ??? Verify return code: 21 (unable to verify the first certificate)
>>> ??? Extended master secret: yes
>>> ---
>>> . OK Pre-login capabilities listed, post-login capabilities have
more.
>>>
>>>
>>>
>> Can you configure ssl_cipher_list = ALL and try again? Also, can you
send the *PUBLIC* part of the certificate?
>>
> [ ssl_cipher_list = ALL ] set/applied
>
> This is for the certificate where the csr is generated with an EC private
key and the [ no shared cipher ] error:
>
> CONNECTED(00000003)
> write:errno=0
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 309 bytes and written 202 bytes
> Verification: OK
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> SSL-Session:
> ??? Protocol? : TLSv1.2
> ??? Cipher??? : 0000
> ??? Session-ID:
> ??? Session-ID-ctx:
> ??? Master-Key:
> ??? PSK identity: None
> ??? PSK identity hint: None
> ??? SRP username: None
> ??? Start Time: 1532970888
> ??? Timeout?? : 7200 (sec)
> ??? Verify return code: 0 (ok)
> ??? Extended master secret: no
>
> ---
>
> and this for the certificate where the csr is generated with a RSA
> private key:
>
> CONNECTED(00000003)
> depth=0 C = 00, ST = CH, L = DC, O = foo.bar, OU = mail, CN = Server
> foo.bar Mail IMAP
> verify error:num=20:unable to get local issuer certificate
> verify return:1
> depth=0 C = 00, ST = CH, L = DC, O = foo.bar, OU = mail, CN = Server
> foo.bar Mail IMAP
> verify error:num=21:unable to verify the first certificate
> verify return:1
> ---
> Certificate chain
> ?0 s:/C=00/ST=CH/L=DC/O=foo.bar/OU=mail/CN=Server foo.bar Mail IMAP
> ?? i:/C=00/ST=CH/O=foo.bar/OU=Server/CN=IM Server foo.bar
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> MIIFIjCCBIagAwIBAgICEAYwCgYIKoZIzj0EAwQwWTELMAkGA1UEBhMCMDAxCzAJ
> BgNVBAgMAkNIMRAwDgYDVQQKDAd2dG9sLm1lMQ8wDQYDVQQLDAZTZXJ2ZXIxGjAY
> BgNVBAMMEUlNIFNlcnZlciB2dG9sLm1lMB4XDTE4MDczMDExMTE1NloXDTE5MDcz
> MDExMTE1NlowazELMAkGA1UEBhMCMDAxCzAJBgNVBAgMAkNIMQswCQYDVQQHDAJE
> QzEQMA4GA1UECgwHdnRvbC5tZTENMAsGA1UECwwEbWFpbDEhMB8GA1UEAwwYU2Vy
> dmVyIHZ0b2wubWUgTWFpbCBJTUFQMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
> CgKCAgEAx3Rr6Goz0xHmRGwTC5XWvTYLLXli9nhaSqpfSXSBNembIpAJMQxeZKS5
> T1VI1Kufp5HIpBFAXKo/yAMNS4E+LtctX2ITsZD1sUJw20J7TJtDR6mX7qiNJTlT
> FXHx5VZWLp2Jv3Wlw85iNUoRcIY2IB3Q9KACTPlMl8Be9BPYAevgyqh5d67LFgwf
> 77Soq4ppa0sLxTUf1Lyh9lvpIRdDnDhs749PlLrgWIagra2ONdesOlwMOANjn5+8
> sKnooVlwsygDEIu2QWYeAJO43GWFMiMtb4sAii52fwbwzLNOA/jF1EDz2zbimBMc
> Tcy430CucN7wYQQa8KVU/EdaYXsDRFLPfyvkFw/1GKOm4MzCBNUp3soqMgFCNWix
> HwGw82hzMadXqKHwosSoDa291hpboxppYwqohG4rlbLNXZKINTrIYgh4EldI3HGy
> YhikuVVODa254DLoj/iS2A7ZWpvDGGqirEMEZEJi9pdO3E5CUctiZFe0zrKk6xX7
> VfQq+wZzN2F6LFVyLEIR238FOKfUdoHP5i4d+2HIzUC1ZTYXLMrmC8aLPnvQLKmO
> lS8+EPrFz4LTTvw6Tt5oO0TH51FruLRRfp545yuT/7MOt4pf9jXjvuTrQDVTp+z2
> 6+nZZ5rxv1mAB/d0DvCg3sS3QxnzytmzlE0WVODb9zl0HNVz2GkCAwEAAaOCAV8w
> ggFbMAkGA1UdEwQCMAAwHQYDVR0OBBYEFD+YAO8k3NK95IXhPgriJNfICQDuMIGR
> BgNVHSMEgYkwgYaAFLcvDVPejjtNaMC39YNvdzbHnbWZoWqkaDBmMQswCQYDVQQG
> EwIwMDELMAkGA1UECAwCQ0gxCzAJBgNVBAcMAkRDMRAwDgYDVQQKDAd2dG9sLm1l
> MQ8wDQYDVQQLDAZTZXJ2ZXIxGjAYBgNVBAMMEUNBIFNlcnZlciB2dG9sLm1lggIQ
> ADAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwEQYIKwYBBQUH
> ARgEBTADAgERMEYGA1UdHwQ/MD0wO6A5oDeGNWZpbGU6L2V0Yy9wa2kvdnRvbC5t
> ZS9zZXJ2ZXIvaW0vY3JsL2ltX3NlcnZlci5jcmwucGVtMBsGA1UdEQQUMBKHBKwY
> bQaCBG1haWyCBGltYXAwCgYIKoZIzj0EAwQDgYkAMIGFAkEAml53KubdaDmaiUXz
> ir5NvZmQ8/0B9UbcSKbJq30HJYhx4gotbSYU8LuEYBzAthzHwnQ0FyHV5rZPo4Gp
> RBEFkgJAfYk9C3w0urb6KE+e+bFXHketkG+P5aQyUw2kWKI7GikRX2mS5ZbSGNfe
> 7Q79jSPczn3gguffxmoSW/idw5BpCw=> -----END CERTIFICATE-----
> subject=/C=00/ST=CH/L=DC/O=foo.bar/OU=mail/CN=Server foo.bar Mail IMAP
> issuer=/C=00/ST=CH/O=foo.bar/OU=Server/CN=IM Server foo.bar
> ---
> No client certificate CA names sent
> Peer signing digest: SHA512
> Server Temp Key: X25519, 253 bits
> ---
> SSL handshake has read 2361 bytes and written 295 bytes
> Verification error: unable to verify the first certificate
> ---
> New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
> Server public key is 4096 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> SSL-Session:
> ??? Protocol? : TLSv1.2
> ??? Cipher??? : ECDHE-RSA-AES256-GCM-SHA384
> ??? Session-ID:
> 9636556EDC5BA951A6EE3BCAB17BCFAEEE8B380C097EC0C7F20D68BAF2775782
> ??? Session-ID-ctx:
> ??? Master-Key: [ obfuscated ]
> ??? PSK identity: None
> ??? PSK identity hint: None
> ??? SRP username: None
> ??? Start Time: 1532971172
> ??? Timeout?? : 7200 (sec)
> ??? Verify return code: 21 (unable to verify the first certificate)
> ??? Extended master secret: yes
> ---
> . OK Pre-login capabilities listed, post-login capabilities have more.
>
>
Missed the public certificate where the csr is generated with an EC
private key and the [ no shared cipher ] error:

-----BEGIN CERTIFICATE-----
MIIDmTCCAv6gAwIBAgICEAEwCgYIKoZIzj0EAwQwWTELMAkGA1UEBhMCMDAxCzAJ
BgNVBAgMAkNIMRAwDgYDVQQKDAd2dG9sLm1lMQ8wDQYDVQQLDAZTZXJ2ZXIxGjAY
BgNVBAMMEUlNIFNlcnZlciB2dG9sLm1lMB4XDTE4MDcyNTE0NDAxMloXDTE5MDcy
NTE0NDAxMlowazELMAkGA1UEBhMCMDAxCzAJBgNVBAgMAkNIMQswCQYDVQQHDAJE
QzEQMA4GA1UECgwHdnRvbC5tZTENMAsGA1UECwwEbWFpbDEhMB8GA1UEAwwYU2Vy
dmVyIE1haWwgSW1hcCB2dG9sLm1lMIGbMBQGByqGSM49AgEGCSskAwMCCAEBDgOB
ggAEdZAqTZhgEaAspsZWe8ss8LC2vxMP9ClHwtjKwVuTAnhJFDX5wWkaukjVw1HW
ngwQAI2n9KwyRC3311yWKOQjrkhPw50sbK1UOuypof0fucYzo+B1+YRaae9a2vJx
DjljXrvEcXskXdjUFdMIxUAtnHbHuyql8bMJ715ypXADUdGjggFfMIIBWzAJBgNV
HRMEAjAAMB0GA1UdDgQWBBROPXTACC4fuaOX5iSNONpuyVAB5jCBkQYDVR0jBIGJ
MIGGgBS3Lw1T3o47TWjAt/WDb3c2x521maFqpGgwZjELMAkGA1UEBhMCMDAxCzAJ
BgNVBAgMAkNIMQswCQYDVQQHDAJEQzEQMA4GA1UECgwHdnRvbC5tZTEPMA0GA1UE
CwwGU2VydmVyMRowGAYDVQQDDBFDQSBTZXJ2ZXIgdnRvbC5tZYICEAAwDgYDVR0P
AQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBEGCCsGAQUFBwEYBAUwAwIB
ETBGBgNVHR8EPzA9MDugOaA3hjVmaWxlOi9ldGMvcGtpL3Z0b2wubWUvc2VydmVy
L2ltL2NybC9pbV9zZXJ2ZXIuY3JsLnBlbTAbBgNVHREEFDAShwSsGG0GggRtYWls
ggRpbWFwMAoGCCqGSM49BAMEA4GIADCBhAJAdRE8iPNsGMCuwYQjykDeDVngTmO8
YT3tjFh3RrwNEDewPesByTHxhU6E+s98in9cq8rqAGSH8547Cq2KC/BOywJAGNHd
SF0PuAzqghQ7JKXqufjxKEyMMEu4H9HlH/h4lwX9hUO5EVDlCNqkcHHu9TCXBCmR
xT/8nuAtTycVigK88A=-----END CERTIFICATE-----

> On 30 July 2018 at 20:37 ????? <vtol at gmx.net> wrote:
> 
> 
> 
> >>>>>>> facing [ no shared cipher ] error with EC
private keys.
> >>>>>> the client connecting to your instance has to
support ecdsa
> >>>>>>
> >>>>>>
> >>>>> It does - Thunderbird 60.0b10 (64-bit)
> >>>>>
> >>>>> [ security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384;true ]
> >>>>>
> >>>>> It seems there is a difference between the private key
(rsa vs. ecc ->
> >>>>> SSL_CTX?) used for the certificate signing request and
the signed
> >>>>> certificate.
> >>>>>
> >>>>> The csr created from a private key with [ openssl
genpkey -algorithm RSA
> >>>>> ] and signed by a CA with [ ecdhe_ecdsa ] works with
no error.
> >>>>>
> >>>>> But as stated in the initial message it does not work
if the private key
> >>>>> for the csr is generated with [ openssl ecparam -name
brainpoolP512t1
> >>>>> -genkey ].
> >>>>>
> >>>>>
> >>>> Can you try, with your ECC cert,
> >>>>
> >>>> openssl s_client -connect server:143 -starttls imap
> >>>>
> >>>> and paste result?
> >>>>
> >>> This is for the certificate where the csr is generated with an
EC
> >>> private key and the [ no shared cipher ] error:
> >>>
> >>> CONNECTED(00000003)
> >>> write:errno=0
> >>> ---
> >>> no peer certificate available
> >>> ---
> >>> No client certificate CA names sent
> >>> ---
> >>> SSL handshake has read 309 bytes and written 202 bytes
> >>> Verification: OK
> >>> ---
> >>> New, (NONE), Cipher is (NONE)
> >>> Secure Renegotiation IS NOT supported
> >>> Compression: NONE
> >>> Expansion: NONE
> >>> No ALPN negotiated
> >>> SSL-Session:
> >>> ??? Protocol? : TLSv1.2
> >>> ??? Cipher??? : 0000
> >>> ??? Session-ID:
> >>> ??? Session-ID-ctx:
> >>> ??? Master-Key:
> >>> ??? PSK identity: None
> >>> ??? PSK identity hint: None
> >>> ??? SRP username: None
> >>> ??? Start Time: 1532969474
> >>> ??? Timeout?? : 7200 (sec)
> >>> ??? Verify return code: 0 (ok)
> >>> ??? Extended master secret: no
> >>>
> >>> ---
> >>>
> >>> and this for the certificate where the csr is generated with a
RSA
> >>> private key:
> >>>
> >>> CONNECTED(00000003)
> >>> depth=0 C = 00, ST = CH, L = DC, O = foo.bar, OU = mail, CN =
Server
> >>> foo.bar Mail IMAP
> >>> verify error:num=20:unable to get local issuer certificate
> >>> verify return:1
> >>> depth=0 C = 00, ST = CH, L = DC, O = foo.bar, OU = mail, CN =
Server
> >>> foo.bar Mail IMAP
> >>> verify error:num=21:unable to verify the first certificate
> >>> verify return:1
> >>> ---
> >>> Certificate chain
> >>> ?0 s:/C=00/ST=CH/L=DC/O=foo.bar/OU=mail/CN=Server foo.bar Mail
IMAP
> >>> ?? i:/C=00/ST=CH/O=foo.bar/OU=Server/CN=IM Server foo.bar
> >>> ---
> >>> Server certificate
> >>> -----BEGIN CERTIFICATE-----
> >>> [ truncated ]
> >>> -----END CERTIFICATE-----
> >>> subject=/C=00/ST=CH/L=DC/O=foo.bar/OU=mail/CN=Server foo.bar
Mail IMAP
> >>> issuer=/C=00/ST=CH/O=foo.bar/OU=Server/CN=IM Server foo.bar
> >>> ---
> >>> No client certificate CA names sent
> >>> Peer signing digest: SHA512
> >>> Server Temp Key: X25519, 253 bits
> >>> ---
> >>> SSL handshake has read 2361 bytes and written 295 bytes
> >>> Verification error: unable to verify the first certificate
> >>> ---
> >>> New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
> >>> Server public key is 4096 bit
> >>> Secure Renegotiation IS supported
> >>> Compression: NONE
> >>> Expansion: NONE
> >>> No ALPN negotiated
> >>> SSL-Session:
> >>> ??? Protocol? : TLSv1.2
> >>> ??? Cipher??? : ECDHE-RSA-AES256-GCM-SHA384
> >>> ??? Session-ID:
> >>>
C23E6478F4C6372F2A524504031B32EDC9FDCAA343AE5017A09E47C5E7B60DD6
> >>> ??? Session-ID-ctx:
> >>> ??? Master-Key: [ obfuscated ]
> >>> ??? PSK identity: None
> >>> ??? PSK identity hint: None
> >>> ??? SRP username: None
> >>> ??? Start Time: 1532969755
> >>> ??? Timeout?? : 7200 (sec)
> >>> ??? Verify return code: 21 (unable to verify the first
certificate)
> >>> ??? Extended master secret: yes
> >>> ---
> >>> . OK Pre-login capabilities listed, post-login capabilities
have more.
> >>>
> >>>
> >>>
> >> Can you configure ssl_cipher_list = ALL and try again? Also, can
you send the *PUBLIC* part of the certificate?
> >>
> > [ ssl_cipher_list = ALL ] set/applied
> >
> > This is for the certificate where the csr is generated with an EC
private key and the [ no shared cipher ] error:
> >
> > CONNECTED(00000003)
> > write:errno=0
> > ---
> > no peer certificate available
> > ---
> > No client certificate CA names sent
> > ---
> > SSL handshake has read 309 bytes and written 202 bytes
> > Verification: OK
> > ---
> > New, (NONE), Cipher is (NONE)
> > Secure Renegotiation IS NOT supported
> > Compression: NONE
> > Expansion: NONE
> > No ALPN negotiated
> > SSL-Session:
> > ??? Protocol? : TLSv1.2
> > ??? Cipher??? : 0000
> > ??? Session-ID:
> > ??? Session-ID-ctx:
> > ??? Master-Key:
> > ??? PSK identity: None
> > ??? PSK identity hint: None
> > ??? SRP username: None
> > ??? Start Time: 1532970888
> > ??? Timeout?? : 7200 (sec)
> > ??? Verify return code: 0 (ok)
> > ??? Extended master secret: no
> >
> > ---
> >
> > and this for the certificate where the csr is generated with a RSA
> > private key:
> >
> > CONNECTED(00000003)
> > depth=0 C = 00, ST = CH, L = DC, O = foo.bar, OU = mail, CN = Server
> > foo.bar Mail IMAP
> > verify error:num=20:unable to get local issuer certificate
> > verify return:1
> > depth=0 C = 00, ST = CH, L = DC, O = foo.bar, OU = mail, CN = Server
> > foo.bar Mail IMAP
> > verify error:num=21:unable to verify the first certificate
> > verify return:1
> > ---
> > Certificate chain
> > ?0 s:/C=00/ST=CH/L=DC/O=foo.bar/OU=mail/CN=Server foo.bar Mail IMAP
> > ?? i:/C=00/ST=CH/O=foo.bar/OU=Server/CN=IM Server foo.bar
> > ---
> > Server certificate
> > -----BEGIN CERTIFICATE-----
> > MIIFIjCCBIagAwIBAgICEAYwCgYIKoZIzj0EAwQwWTELMAkGA1UEBhMCMDAxCzAJ
> > BgNVBAgMAkNIMRAwDgYDVQQKDAd2dG9sLm1lMQ8wDQYDVQQLDAZTZXJ2ZXIxGjAY
> > BgNVBAMMEUlNIFNlcnZlciB2dG9sLm1lMB4XDTE4MDczMDExMTE1NloXDTE5MDcz
> > MDExMTE1NlowazELMAkGA1UEBhMCMDAxCzAJBgNVBAgMAkNIMQswCQYDVQQHDAJE
> > QzEQMA4GA1UECgwHdnRvbC5tZTENMAsGA1UECwwEbWFpbDEhMB8GA1UEAwwYU2Vy
> > dmVyIHZ0b2wubWUgTWFpbCBJTUFQMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
> > CgKCAgEAx3Rr6Goz0xHmRGwTC5XWvTYLLXli9nhaSqpfSXSBNembIpAJMQxeZKS5
> > T1VI1Kufp5HIpBFAXKo/yAMNS4E+LtctX2ITsZD1sUJw20J7TJtDR6mX7qiNJTlT
> > FXHx5VZWLp2Jv3Wlw85iNUoRcIY2IB3Q9KACTPlMl8Be9BPYAevgyqh5d67LFgwf
> > 77Soq4ppa0sLxTUf1Lyh9lvpIRdDnDhs749PlLrgWIagra2ONdesOlwMOANjn5+8
> > sKnooVlwsygDEIu2QWYeAJO43GWFMiMtb4sAii52fwbwzLNOA/jF1EDz2zbimBMc
> > Tcy430CucN7wYQQa8KVU/EdaYXsDRFLPfyvkFw/1GKOm4MzCBNUp3soqMgFCNWix
> > HwGw82hzMadXqKHwosSoDa291hpboxppYwqohG4rlbLNXZKINTrIYgh4EldI3HGy
> > YhikuVVODa254DLoj/iS2A7ZWpvDGGqirEMEZEJi9pdO3E5CUctiZFe0zrKk6xX7
> > VfQq+wZzN2F6LFVyLEIR238FOKfUdoHP5i4d+2HIzUC1ZTYXLMrmC8aLPnvQLKmO
> > lS8+EPrFz4LTTvw6Tt5oO0TH51FruLRRfp545yuT/7MOt4pf9jXjvuTrQDVTp+z2
> > 6+nZZ5rxv1mAB/d0DvCg3sS3QxnzytmzlE0WVODb9zl0HNVz2GkCAwEAAaOCAV8w
> > ggFbMAkGA1UdEwQCMAAwHQYDVR0OBBYEFD+YAO8k3NK95IXhPgriJNfICQDuMIGR
> > BgNVHSMEgYkwgYaAFLcvDVPejjtNaMC39YNvdzbHnbWZoWqkaDBmMQswCQYDVQQG
> > EwIwMDELMAkGA1UECAwCQ0gxCzAJBgNVBAcMAkRDMRAwDgYDVQQKDAd2dG9sLm1l
> > MQ8wDQYDVQQLDAZTZXJ2ZXIxGjAYBgNVBAMMEUNBIFNlcnZlciB2dG9sLm1lggIQ
> > ADAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwEQYIKwYBBQUH
> > ARgEBTADAgERMEYGA1UdHwQ/MD0wO6A5oDeGNWZpbGU6L2V0Yy9wa2kvdnRvbC5t
> > ZS9zZXJ2ZXIvaW0vY3JsL2ltX3NlcnZlci5jcmwucGVtMBsGA1UdEQQUMBKHBKwY
> > bQaCBG1haWyCBGltYXAwCgYIKoZIzj0EAwQDgYkAMIGFAkEAml53KubdaDmaiUXz
> > ir5NvZmQ8/0B9UbcSKbJq30HJYhx4gotbSYU8LuEYBzAthzHwnQ0FyHV5rZPo4Gp
> > RBEFkgJAfYk9C3w0urb6KE+e+bFXHketkG+P5aQyUw2kWKI7GikRX2mS5ZbSGNfe
> > 7Q79jSPczn3gguffxmoSW/idw5BpCw=> > -----END CERTIFICATE-----
> > subject=/C=00/ST=CH/L=DC/O=foo.bar/OU=mail/CN=Server foo.bar Mail IMAP
> > issuer=/C=00/ST=CH/O=foo.bar/OU=Server/CN=IM Server foo.bar
> > ---
> > No client certificate CA names sent
> > Peer signing digest: SHA512
> > Server Temp Key: X25519, 253 bits
> > ---
> > SSL handshake has read 2361 bytes and written 295 bytes
> > Verification error: unable to verify the first certificate
> > ---
> > New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
> > Server public key is 4096 bit
> > Secure Renegotiation IS supported
> > Compression: NONE
> > Expansion: NONE
> > No ALPN negotiated
> > SSL-Session:
> > ??? Protocol? : TLSv1.2
> > ??? Cipher??? : ECDHE-RSA-AES256-GCM-SHA384
> > ??? Session-ID:
> > 9636556EDC5BA951A6EE3BCAB17BCFAEEE8B380C097EC0C7F20D68BAF2775782
> > ??? Session-ID-ctx:
> > ??? Master-Key: [ obfuscated ]
> > ??? PSK identity: None
> > ??? PSK identity hint: None
> > ??? SRP username: None
> > ??? Start Time: 1532971172
> > ??? Timeout?? : 7200 (sec)
> > ??? Verify return code: 21 (unable to verify the first certificate)
> > ??? Extended master secret: yes
> > ---
> > . OK Pre-login capabilities listed, post-login capabilities have more.
> >
> >
> 
> Missed the public certificate where the csr is generated with an EC
> private key and the [ no shared cipher ] error:
> 
> -----BEGIN CERTIFICATE-----
> MIIDmTCCAv6gAwIBAgICEAEwCgYIKoZIzj0EAwQwWTELMAkGA1UEBhMCMDAxCzAJ
> BgNVBAgMAkNIMRAwDgYDVQQKDAd2dG9sLm1lMQ8wDQYDVQQLDAZTZXJ2ZXIxGjAY
> BgNVBAMMEUlNIFNlcnZlciB2dG9sLm1lMB4XDTE4MDcyNTE0NDAxMloXDTE5MDcy
> NTE0NDAxMlowazELMAkGA1UEBhMCMDAxCzAJBgNVBAgMAkNIMQswCQYDVQQHDAJE
> QzEQMA4GA1UECgwHdnRvbC5tZTENMAsGA1UECwwEbWFpbDEhMB8GA1UEAwwYU2Vy
> dmVyIE1haWwgSW1hcCB2dG9sLm1lMIGbMBQGByqGSM49AgEGCSskAwMCCAEBDgOB
> ggAEdZAqTZhgEaAspsZWe8ss8LC2vxMP9ClHwtjKwVuTAnhJFDX5wWkaukjVw1HW
> ngwQAI2n9KwyRC3311yWKOQjrkhPw50sbK1UOuypof0fucYzo+B1+YRaae9a2vJx
> DjljXrvEcXskXdjUFdMIxUAtnHbHuyql8bMJ715ypXADUdGjggFfMIIBWzAJBgNV
> HRMEAjAAMB0GA1UdDgQWBBROPXTACC4fuaOX5iSNONpuyVAB5jCBkQYDVR0jBIGJ
> MIGGgBS3Lw1T3o47TWjAt/WDb3c2x521maFqpGgwZjELMAkGA1UEBhMCMDAxCzAJ
> BgNVBAgMAkNIMQswCQYDVQQHDAJEQzEQMA4GA1UECgwHdnRvbC5tZTEPMA0GA1UE
> CwwGU2VydmVyMRowGAYDVQQDDBFDQSBTZXJ2ZXIgdnRvbC5tZYICEAAwDgYDVR0P
> AQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBEGCCsGAQUFBwEYBAUwAwIB
> ETBGBgNVHR8EPzA9MDugOaA3hjVmaWxlOi9ldGMvcGtpL3Z0b2wubWUvc2VydmVy
> L2ltL2NybC9pbV9zZXJ2ZXIuY3JsLnBlbTAbBgNVHREEFDAShwSsGG0GggRtYWls
> ggRpbWFwMAoGCCqGSM49BAMEA4GIADCBhAJAdRE8iPNsGMCuwYQjykDeDVngTmO8
> YT3tjFh3RrwNEDewPesByTHxhU6E+s98in9cq8rqAGSH8547Cq2KC/BOywJAGNHd
> SF0PuAzqghQ7JKXqufjxKEyMMEu4H9HlH/h4lwX9hUO5EVDlCNqkcHHu9TCXBCmR
> xT/8nuAtTycVigK88A=> -----END CERTIFICATE-----
> 
> 
>
I did some local testing and it seems that you are using a curve that is not
acceptable for openssl as a server key.

I tested with openssl s_server -cert ec-cert.pem -key ec-key.pem -port 5555

using cert generated with brainpool. Everything works if I use prime256v1 or
secp521r1. This is a limitation in OpenSSL and not something we can really do
anything about.

Aki Tuomi
Open-Xchange Oy