Hello,
I'd like to use stunnel to acccess SMTP server that has following configuration parameters.
Host: smtp.example.org Port number: smtps (465) Encryption method: SMTP over TLS
At first I created following configuration file and run stunnel 5.70 with it on FreeBSD 13.2-RELEASE.
---------------------------------------------------------------------- CApath=/home/yasu/.certs client=yes foreground=yes syslog=no verify=2 [12345] accept=localhost:12345 checkHost=smtp.examle.org connect=smtp.examle.org:465 ----------------------------------------------------------------------
But unfortunately stunnel emits following messages and local-side connection.is closed when I connect to 12345 port of localhost.
---------------------------------------------------------------------- 2023.07.14 12:29:12 LOG5[0]: Service [12345] accepted connection from ::1:14632 2023.07.14 12:29:12 LOG5[0]: s_connect: connected 10.0.0.1:465 2023.07.14 12:29:12 LOG5[0]: Service [12345] connected remote server from 192.168.0.1:14633 2023.07.14 12:29:12 LOG5[0]: Certificate accepted at depth=0: C=JP, ST=Tokyo, L=Ohta-Ku, O=EXAMLE.INC, CN=smtp.examle.org 2023.07.14 12:29:12 LOG3[0]: SSL_connect: /usr/src/crypto/openssl/ssl/t1_lib.c:1146: error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type 2023.07.14 12:29:12 LOG5[0]: Connection closed/reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket ----------------------------------------------------------------------
So I added setting of securityLevel as following.
---------------------------------------------------------------------- CApath=/home/yasu/.certs client=yes foreground=yes securityLevel=1 syslog=no verify=2 [12345] accept=localhost:12345 checkHost=smtp.examle.org connect=smtp.examle.org:465 ----------------------------------------------------------------------
And now I can successfully access to STMP server through stunnel.
Next, I also tried it on FreeBSD 14-CURRENT and surprisingly stunnel 5.70 emits following messages even if 'securityLevel=1' is specified in configuration file.
---------------------------------------------------------------------- 2023.07.14 12:31:12 LOG5[0]: Service [12345] accepted connection from ::1:10838 2023.07.14 12:31:12 LOG5[0]: s_connect: connected 10.0.0.1:465 2023.07.14 12:31:12 LOG5[0]: Service [12345] connected remote server from 192.168.0.11:41449 2023.07.14 12:31:12 LOG3[0]: SSL_connect: /usr/src/crypto/openssl/ssl/statem/extensions.c:894: error:0A000152:SSL routines::unsafe legacy renegotiation disabled 2023.07.14 12:31:12 LOG5[0]: Connection closed/reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket ----------------------------------------------------------------------
So I also tried on 2 other platforms.
a. Cygwin's stunnel.exe (version 5.69) b. tstunnel.exe installed by useing stunnel-5.69-win64-installer.exe
And result is that the former works fine and the latter emits same message as FreeBSD 14-CURRENT.
According to these result it seems the failure is related to the version of OpenSSL. That is, while FreeBSD 13.2-RELEASE and Cygwin use OpenSSL 1.1.1, FreeBSD 14-CURRENT and stunnel-5.69-win64-installer.exe use OpenSSL 3.0.
So does this mean securityLevel option doesn't work with OpenSSL 3.0?
Regards.
--- Yasuhiro Kimura
Hello,
On 14. Jul 2023, at 05:43, Yasuhiro Kimura yasu@utahime.org wrote:
2023.07.14 12:29:12 LOG3[0]: SSL_connect: /usr/src/crypto/openssl/ssl/t1_lib.c:1146: error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type
This likely happens because the connection uses an old version of TLS, which use SHA1 or older digests in the signature algorithm. The OpenSSL security level setting no longer allows this by default. See
https://github.com/openssl/openssl/blob/master/ssl/t1_lib.c#L1824-L1841
which implements this.
2023.07.14 12:31:12 LOG3[0]: SSL_connect: /usr/src/crypto/openssl/ssl/statem/extensions.c:894: error:0A000152:SSL routines::unsafe legacy renegotiation disabled
This is a different problem. OpenSSL 3 disabled a path that is vulnerable to CVE-2009-3555 by default and now requires that peers send the RFC 5746 renegotiation indication extension, which your peer does not seem to support.
If you want to allow such connections anyway (exposing them to CVE-2009-3555), you can set the SSL_OP_LEGACY_SERVER_CONNECT (for connections initiated by OpenSSL 3) or SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION (for connections accepted by OpenSSL 3). See the "SECURE RENEGOTIATION” section in https://www.openssl.org/docs/man3.0/man3/SSL_CTX_set_options.html for more details.
These are also available as configuration options for openssl.cnf. See UnsafeLegacyRenegotiation and UnsafeLegacyServerConnect in https://www.openssl.org/docs/man3.0/man3/SSL_CONF_cmd.html.
HTH, Clemens
-
Clemens Lang -
Yasuhiro Kimura