Bug 1711885
| Summary: | postfix uses MD5 by default for TLS | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Ondrej Moriš <omoris> |
| Component: | postfix | Assignee: | Jaroslav Škarvada <jskarvad> |
| Status: | CLOSED WONTFIX | QA Contact: | Patrik Moško <pmosko> |
| Severity: | medium | Docs Contact: | Lenka Špačková <lkuprova> |
| Priority: | medium | ||
| Version: | 8.0 | CC: | fkrska, pandrade, pmosko, presharm, psklenar |
| Target Milestone: | rc | Keywords: | EasyFix, TestCaseNotNeeded, Triaged |
| Target Release: | 8.0 | Flags: | pm-rhel:
mirror+
|
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Known Issue | |
| Doc Text: |
.Postfix TLS fingerprint algorithm in the FIPS mode needs to be changed to SHA-256
By default in RHEL 8, `postfix` uses MD5 fingerprints with the TLS for backward compatibility. But in the FIPS mode, the MD5 hashing function is not available, which may cause TLS to incorrectly function in the default postfix configuration. To work around this problem, the hashing function needs to be changed to SHA-256 in the postfix configuration file.
For more details, see the related Knowledgebase article link:https://access.redhat.com/articles/5824391[Fix postfix TLS in the FIPS mode by switching to SHA-256 instead of MD5].
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-12-07 10:38:19 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1771008, 1894575 | ||
|
Description
Ondrej Moriš
2019-05-20 09:59:27 UTC
MD5 is used by default by upstream for backward compatibility. I think we can downstream patch it to use something better in our default config like sha1. Changing it is simple: # postconf -e smtpd_tls_fingerprint_digest=sha1 # systemctl restart postfix Looks like a related issue:
Core was generated by `smtp -t unix -u'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000000000000000 in ?? ()
(gdb) bt
#0 0x0000000000000000 in ?? ()
#1 0x00007f1fa40e9bf7 in tls_data_fprint (buf=buf@entry=0x5648a5948920 "0\202\006G0\202\004/\240\003\002\001\002\002\002>\a0\r\006\t*\206H\206\367\r\001\001\v\005", len=len@entry=1611, mdalg=mdalg@entry=0x5648a585c430 "md5")
at tls_fprint.c:299
#2 0x00007f1fa40e9ce3 in tls_cert_fprint (peercert=peercert@entry=0x5648a594afb0, mdalg=0x5648a585c430 "md5") at tls_fprint.c:323
#3 0x00007f1fa40ef9b8 in verify_extract_print (props=0x7ffffd63b120, props=0x7ffffd63b120, peercert=0x5648a594afb0, TLScontext=0x5648a592fd20) at tls_client.c:1097
#4 tls_client_start (props=props@entry=0x7ffffd63b120) at tls_client.c:1097
#5 0x00005648a39b295b in smtp_start_tls (state=state@entry=0x5648a592a8f0) at smtp_proto.c:910
#6 0x00005648a39b24ad in smtp_helo (state=state@entry=0x5648a592a8f0) at smtp_proto.c:790
#7 0x00005648a39ae428 in smtp_connect_inet (state=state@entry=0x5648a592a8f0, nexthop=nexthop@entry=0x5648a58e1ca0 "[<<<example.com>>>]", def_service=0x5648a585d280 "smtp") at smtp_connect.c:966
#8 0x00005648a39af033 in smtp_connect (state=0x5648a592a8f0) at smtp_connect.c:1169
#9 0x00005648a39acf3c in deliver_message (request=0x5648a592f820, service=0x7ffffd63bf8c "smtp") at smtp.c:1029
#10 smtp_service (client_stream=0x5648a586acb0, service=0x7ffffd63bf8c "smtp", argv=<optimized out>) at smtp.c:1061
#11 0x00007f1fa42fcd3a in single_server_wakeup (fd=<optimized out>, attr=0x0) at single_server.c:287
#12 0x00007f1fa3a64788 in event_loop (delay=<optimized out>) at events.c:1186
#13 0x00007f1fa42fdd7a in single_server_main (argc=<optimized out>, argv=<optimized out>, service=0x5648a39acea0 <smtp_service>) at single_server.c:790
#14 0x00005648a39acd50 in main (argc=4, argv=0x7ffffd63bd68) at ../../include/mail_server.h:87
(gdb) f 1
#1 0x00007f1fa40e9bf7 in tls_data_fprint (buf=buf@entry=0x5648a5948920 "0\202\006G0\202\004/\240\003\002\001\002\002\002>\a0\r\006\t*\206H\206\367\r\001\001\v\005", len=len@entry=1611, mdalg=mdalg@entry=0x5648a585c430 "md5")
at tls_fprint.c:299
299 digest_data(buf, len);
(gdb) p mdctx
$1 = (EVP_MD_CTX *) 0x5648a5938550
(gdb) p *mdctx
$2 = {digest = 0x0, engine = 0x0, flags = 0, md_data = 0x0, pctx = 0x0, update = 0x0}
Any suggestion about the issue?
# rpm -q postfix
postfix-3.3.1-12.el8.x86_64
# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.2 (Ootpa)
From the upstream documentation: The default algorithm is sha256 with Postfix ≥ 3.6 and the compatibility_level set to 3 or higher. With Postfix ≤ 3.5, the default algorithm is md5. The best-practice algorithm is now sha256. Recent advances in hash function cryptanalysis have led to md5 and sha1 being deprecated in favor of sha256. However, as long as there are no known "second pre-image" attacks against the older algorithms, their use in this context, though not recommended, is still likely safe. The postfix-3.6 is not yet stable. Changing the hash to sha256 mid-release could break several customers, i.e. change of the hash will require updating any associated lookup table keys with the "sha256" digests of the expected client certificate or public key. This is something we cannot do automatically. It's risky to change the defaults during lifetime of the product (see comment 10 and comment 11), we will document it in the KB article and change the default settings in the next major RHEL release, so closing as wontfix. |