Bug#926190: stretch-pu: package postfix/3.1.12-0+deb9u1
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
This is the next in a series. It contains upstream bug fix releases 3.1.10,
3.1.11, and 3.1.12. I held off after 3.1.10 since it contains somewhat more
new/changed code than these usually do. Both 3.1.11 and 3.1.12 have since
been released with no corrections needed to the refactored code.
I have been running 3.1.10/11 in production for some time and currently have
3.1.12 in production. All with no issues.
I am particularly motivated to move forward with another stable update now
because 3.1.12 fixes an LMTP performance issue that likely has been hurting
any high volume receivers and is a regression for oldstable -> stable. There
are also fixes for several smtputf8 fixes that are oldstable -> stable
regressions.
Other than the openssl related refactoring that has been extensively tested
by the postfix community, most of the changes are documentation. The other
code changes seem reasonably compact and low risk.
Usual fix list:
[ Scott Kitterman ]
* Add detailed smarthost instructions to README.Debian. Thanks to Celejar
for the input. Closes: #919444
* Refresh patches
[Wietse Venema]
* 3.1.10
- Bugfix (introduced: Postfix 2.11): minor memory leak when
minting issuer certs. This affects a tiny minority of use
cases. Viktor Dukhovni, based on a fix by Juan Altmayer
Pizzorno for the ssl_dane library. File: tls/tls_dane.c.
- Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes,
table lookups could casefold the search string when searching
a lookup table that does not use fixed-string keys (regexp,
pcre, tcp, etc.). Historically, Postfix would not case-fold
the search string with such tables. File: util/dict_utf8.c.
Closes: #917512
- Multiple 'bit rot' fixes for OpenSSL API changes, including
support to disable TLSv1.3, to avoid issuing multiple session
tickets. Viktor Dukhovni. Files: proto/postconf.proto,
proto/TLS_README.html, tls/tls.h, tls/tls_server.c,
tls/tls_misc.c.
- Bugfix (introduced: 3.0): smtpd_discard_ehlo_keywords could
not disable "SMTPUTF8". because the lookup table was using
"EHLO_MASK_SMTPUTF8" instead. File: global/ehlo_mask.c.
- Documentation: update documentation for Postfix versions
that support disabling TLS 1.3. File: proto/postconf.proto.
- Improved logging of TLS 1.3 summary information, and improved
reporting of the same info in Received: message headers.
Viktor Dukhovni. Files: proto/FORWARD_SECRECY_README.html,
posttls-finger/posttls-finger.c, smtpd/smtpd.c, tls/tls.h,
tls/tls_client.c, tls/tls_misc.c, tls/tls_proxy.h,
tls/tls_proxy_context_print.c, tls/tls_proxy_context_scan.c,
tls/tls_server.c.
* 3.1.11
- Bugfix (introduced: postfix-2.11): with posttls-finger,
connections to unix-domain servers always resulted in "Failed
to establish session" even after a connection was established.
Jaroslav Skarva. File: posttls-finger/posttls-finger.c.
* 3.1.12
- Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce
has been producing false rejects starting with the Postfix
2.2 smtpd_end_of_data_restrictons, and for the same reasons,
did the same with the Postfix 3.4 BDAT command. The latter
was reported by Andreas Schulze. File: smtpd/smtpd_check.c.
- Bugfix (introduced: Postfix 3.0): LMTP connections over
UNIX-domain sockets were cached but not reused, due to a
cache lookup key mismatch. Therefore, idle cached connections
could exhaust LMTP server resources, resulting in two-second
pauses between email deliveries. This problem was investigated
by Juliana Rodrigueiro. File: smtp/smtp_connect.c.
Thanks for considering,
Scott K
diff -Nru postfix-3.1.9/debian/changelog postfix-3.1.12/debian/changelog
--- postfix-3.1.9/debian/changelog 2019-02-08 09:07:54.000000000 -0500
+++ postfix-3.1.12/debian/changelog 2019-04-01 13:01:06.000000000 -0400
@@ -1,3 +1,61 @@
+postfix (3.1.12-0+deb9u1) stretch; urgency=medium
+
+ [Scott Kitterman]
+
+ * Add detailed smarthost instructions to README.Debian. Thanks to Celejar
+ for the input. Closes: #919444
+ * Refresh patches
+
+ [Wietse Venema]
+
+ * 3.1.10
+ - Bugfix (introduced: Postfix 2.11): minor memory leak when
+ minting issuer certs. This affects a tiny minority of use
+ cases. Viktor Dukhovni, based on a fix by Juan Altmayer
+ Pizzorno for the ssl_dane library. File: tls/tls_dane.c.
+ - Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes,
+ table lookups could casefold the search string when searching
+ a lookup table that does not use fixed-string keys (regexp,
+ pcre, tcp, etc.). Historically, Postfix would not case-fold
+ the search string with such tables. File: util/dict_utf8.c.
+ Closes: #917512
+ - Multiple 'bit rot' fixes for OpenSSL API changes, including
+ support to disable TLSv1.3, to avoid issuing multiple session
+ tickets. Viktor Dukhovni. Files: proto/postconf.proto,
+ proto/TLS_README.html, tls/tls.h, tls/tls_server.c,
+ tls/tls_misc.c.
+ - Bugfix (introduced: 3.0): smtpd_discard_ehlo_keywords could
+ not disable "SMTPUTF8". because the lookup table was using
+ "EHLO_MASK_SMTPUTF8" instead. File: global/ehlo_mask.c.
+ - Documentation: update documentation for Postfix versions
+ that support disabling TLS 1.3. File: proto/postconf.proto.
+ - Improved logging of TLS 1.3 summary information, and improved
+ reporting of the same info in Received: message headers.
+ Viktor Dukhovni. Files: proto/FORWARD_SECRECY_README.html,
+ posttls-finger/posttls-finger.c, smtpd/smtpd.c, tls/tls.h,
+ tls/tls_client.c, tls/tls_misc.c, tls/tls_proxy.h,
+ tls/tls_proxy_context_print.c, tls/tls_proxy_context_scan.c,
+ tls/tls_server.c.
+ * 3.1.11
+ - Bugfix (introduced: postfix-2.11): with posttls-finger,
+ connections to unix-domain servers always resulted in "Failed
+ to establish session" even after a connection was established.
+ Jaroslav Skarva. File: posttls-finger/posttls-finger.c.
+ * 3.1.12
+ - Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce
+ has been producing false rejects starting with the Postfix
+ 2.2 smtpd_end_of_data_restrictons, and for the same reasons,
+ did the same with the Postfix 3.4 BDAT command. The latter
+ was reported by Andreas Schulze. File: smtpd/smtpd_check.c.
+ - Bugfix (introduced: Postfix 3.0): LMTP connections over
+ UNIX-domain sockets were cached but not reused, due to a
+ cache lookup key mismatch. Therefore, idle cached connections
+ could exhaust LMTP server resources, resulting in two-second
+ pauses between email deliveries. This problem was investigated
+ by Juliana Rodrigueiro. File: smtp/smtp_connect.c.
+
+ -- Scott Kitterman <scott@kitterman.com> Mon, 25 Mar 2019 01:01:51 -0400
+
postfix (3.1.9-0+deb9u2) stretch; urgency=medium
* Update debian/watch to point to the 3.1 series used in stretch
diff -Nru postfix-3.1.9/debian/patches/10_openssl_version_check.diff postfix-3.1.12/debian/patches/10_openssl_version_check.diff
--- postfix-3.1.9/debian/patches/10_openssl_version_check.diff 2019-02-08 09:06:49.000000000 -0500
+++ postfix-3.1.12/debian/patches/10_openssl_version_check.diff 2019-04-01 12:56:02.000000000 -0400
@@ -1,8 +1,8 @@
-Index: postfix/src/tls/tls_misc.c
+Index: postfix-dev/src/tls/tls_misc.c
===================================================================
---- postfix.orig/src/tls/tls_misc.c 2016-03-01 04:59:56.674152446 -0700
-+++ postfix/src/tls/tls_misc.c 2016-03-01 05:00:55.164212970 -0700
-@@ -955,19 +955,7 @@
+--- postfix-dev.orig/src/tls/tls_misc.c 2019-03-25 01:13:48.562959283 -0400
++++ postfix-dev/src/tls/tls_misc.c 2019-03-25 01:15:15.170961131 -0400
+@@ -1252,26 +1252,7 @@
void tls_check_version(void)
{
@@ -12,14 +12,21 @@
- tls_version_split(OPENSSL_VERSION_NUMBER, &hdr_info);
- tls_version_split(OpenSSL_version_num(), &lib_info);
-
+- /*
+- * Warn if run-time library is different from compile-time library,
+- * allowing later run-time "micro" versions starting with 1.1.0.
+- */
- if (lib_info.major != hdr_info.major
- || lib_info.minor != hdr_info.minor
-- || lib_info.micro != hdr_info.micro)
+- || (lib_info.micro != hdr_info.micro
+- && (lib_info.micro < hdr_info.micro
+- || hdr_info.major == 0
+- || (hdr_info.major == 1 && hdr_info.minor == 0))))
- msg_warn("run-time library vs. compile-time header version mismatch: "
- "OpenSSL %d.%d.%d may not be compatible with OpenSSL %d.%d.%d",
- lib_info.major, lib_info.minor, lib_info.micro,
- hdr_info.major, hdr_info.minor, hdr_info.micro);
-+ /* Debian will change the soname if openssl is ever incompatible. */
++ /* Debian will change the soname if openssl is ever incompatible. */
}
/* tls_compile_version - compile-time OpenSSL version */
diff -Nru postfix-3.1.9/debian/README.Debian postfix-3.1.12/debian/README.Debian
--- postfix-3.1.9/debian/README.Debian 2019-02-08 09:06:49.000000000 -0500
+++ postfix-3.1.12/debian/README.Debian 2019-04-01 12:56:02.000000000 -0400
@@ -57,3 +57,181 @@
SYSLOG="-a /var/spool/postfix/dev/log" to /etc/default/syslog.
b. For inetutils-syslogd, add SYSLOGD_OPTS="-a /var/spool/postfix/dev/log" to
/etc/default/inetutils-syslogd.
+
+
+Postfix Smarthost Configuration
+
+Postfix can be configured to relay mail to a 'smarthost' for delivery. In
+practice, with real world smarthosts, considerable configuration is required to
+make this work. Some of this configuration can be done via debconf
+('dpkg-reconfigure postfix'), but much of it will usually need to be done
+manually. This document provides instructions for such configuration.
+
+1. Set the smarthost
+
+This can be set via debconf. To do it manually, add a line like the following
+to /etc/postfix/main.cf:
+
+relayhost = [relayhost.example.com]:465
+
+If the port number is omitted, the default is 25. Most smarthosts use TLS/SSL,
+and accordingly generally use either 465 or 587 - see below.
+
+2. Enable TLS/SSL
+
+As above, most smarthosts use TLS/SSL. To configure Postfix to use TLS, add the
+following lines to main.cf:
+
+smtp_tls_security_level = verify
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+
+If 'encrypt' is used instead of 'verify', the second line may be omitted.
+'encrypt' means that TLS will be used but Postfix will not verify the
+smarthost's certificate, potentially allowing a man-in-the-middle attack and
+the stealing of the smarthost authentication credentials. On the other hand,
+'secure' may be used as an even stricter value than 'verify'. See the
+explanation of 'smtp_tls_security_level' values in postconf(5) for details.
+
+If SMTPS (sometimes called 'SSL', usually used in conjunction with
+port 465) is desired, add the following additional line to main.cf:
+
+smtp_tls_wrappermode = yes
+
+For STARTTLS (usually used in conjunction with port 587), omit this line (or
+use the value 'no').
+
+As to which port number / TLS type to use: consult your smarthost's
+documentation. If only one option is available, you will have to use that one.
+If both are available, the question is a toss-up. For the last couple of
+decades, STARTTLS on port 587 has been the offical, standards compliant method,
+although SMTPS on port 465 was also widely used. Recently, RFC 8314 has
+proposed the offical recognition of TLS on port 465.
+
+One potential weakness of STARTTLS is that as a form of opportunistic TLS, it
+is subject to a man-in-the-middle downgrade attack, where the server's
+advertisement of STARTTLS support is stripped out (STRIPTLS) by an attacker,
+causing the connection to continue without TLS:
+
+https://en.wikipedia.org/wiki/STARTTLS#Weaknesses_and_mitigations
+
+This can be avoided by making TLS mandatory, via the use of an appropriate
+value for 'smtp_tls_security_level' such as 'encrypt', 'verify', or 'secure'.
+
+3. Configure authentication
+
+Most smarthosts require authentication. To enable it, ensure that the package
+'libsasl2-modules' is installed, and add the following lines to main.cf:
+
+smtp_sasl_auth_enable = yes
+smtp_sasl_security_options =
+
+[See postconf(5) for more information about 'smtp_sasl_security_options' and
+its possible values. The above version, with no options, is generally fine.]
+
+To specify the authentication credentials, create an arbitrarily named file
+(e.g., '/etc/postfix/example-passwd'), with appropriately restrictive
+permissions (e.g., 600) containing a single line of the following form:
+
+relayhost.example.com username@example.com:secret_password
+
+Where 'relayhost.example.com' is the name of the smarthost,
+'username@example.com' is the login name, and 'secret_password' is the login
+password.
+
+After creating the file, run the command:
+
+postmap /etc/postfix/example.com-passwd
+
+and add the following line to main.cf:
+
+smtp_sasl_password_maps = hash:/etc/postfix/example-passwd
+
+4. Address rewriting
+
+Most smarthosts require that the sender (envelope FROM and perhaps also the
+email From: header) be set to the user's correct mail address with the
+smarthost. Postfix therefore needs to be configured to rewrite the sender
+address accordingly. There are multiple ways to do this, including canonical
+mapping and SMTP generic mapping.
+
+4a. Canonical mapping
+
+With sender canonical mapping, all sender addresses are rewritten upon
+Postfix's receipt of the mail. Create an arbitrarily named file (e.g.,
+'/etc/postfix/sender_canonical'), containing lines of the form
+
+local-user1 username@example.com
+local-user2 username@example.com
+
+where 'local-user1' and 'local-user2' are usernames on the system that will be
+sending mail via the smarthost
+
+After creating the file, run the command:
+
+postmap /etc/postfix/sender_canonical
+
+and add the following line to main.cf:
+
+sender_canonical_maps = hash:/etc/postfix/sender_canonical
+
+To use regular expressions to match multiple users, use either 'regexp' or
+'pcre' (requires the installation of 'postfix-pcre') tables. See
+DATABASE_README, regexp_table(5), PCRE_README, pcre_table(5), and postmap(1).
+
+4b. SMTP generic mapping
+
+With SMTP generic mapping, all matching addresses are rewritten upon Postfix's
+delivery of the mail via SMTP. Create an arbitrarily named file (e.g.,
+'/etc/postfix/generic_mapping'), containing a line of the form:
+
+@host.domain username@example.com
+
+with 'host.domain' taken from '/etc/mailname'.
+
+One advantage to using generic over canonical mapping is that the latter will
+be applied to local mail as well. If the system will be configured to send all
+mail, even mail addressed to local users, via the smarthost (e.g., via
+aliases), then this point is moot.
+
+Some mail services can be quite picky about what form of the email header From:
+they accept. It may be necessary to use an additional smtp_header_check rule to
+rewrite the header From: (whether created by the original sender, or by Postfix
+itself) into a form that the mail provider will accept. See:
+
+https://marc.info/?l=postfix-users&m=154662599103646
+https://marc.info/?l=postfix-users&m=154656149717210
+
+See the ADDRESS_REWRITING_README for more information.
+
+At this point, restart Postfix:
+
+/etc/init.d/postfix restart
+
+Test:
+
+echo 'test' | sendmail someuser@somehost.com
+
+5. Aliases
+
+As configured so far, local mail will be delivered locally and not sent via the
+smarthost. To redirect local mail through the smarthost, aliases can be used.
+In /etc/aliases, add lines like the following:
+
+root: someuser@somehost.com
+
+Then run:
+
+newaliases
+
+6. CREDITS:
+
+This guide was based (with considerable elaboration) on a number of other
+guides on this topic (in addition to the official Postfix documentation),
+including:
+
+https://www.eanderalx.org/linux/postfix
+http://emanuelesantanche.com/article/85/configuring-postfix-to-relay-email-through-zoho-mail
+https://www.dnsexit.com/support/mailrelay/postfix.html
+https://www.cyberciti.biz/faq/postfix-smtp-authentication-for-mail-servers/
+https://blog.bravi.org/?p=1065
+
diff -Nru postfix-3.1.9/HISTORY postfix-3.1.12/HISTORY
--- postfix-3.1.9/HISTORY 2018-05-19 16:45:43.000000000 -0400
+++ postfix-3.1.12/HISTORY 2019-03-29 08:13:24.000000000 -0400
@@ -22420,3 +22420,73 @@
error propagation in tlsproxy(8) resulting in segfault after
TLS handshake error. Found during code maintenance. File:
tlsproxy/tlsproxy.c.
+
+20180617
+
+ Bugfix (introduced: Postfix 2.11): minor memory leak when
+ minting issuer certs. This affects a tiny minority of use
+ cases. Viktor Dukhovni, based on a fix by Juan Altmayer
+ Pizzorno for the ssl_dane library. File: tls/tls_dane.c.
+
+20181104
+
+ Multiple 'bit rot' fixes for OpenSSL API changes, including
+ support to disable TLSv1.3, to avoid issuing multiple session
+ tickets, and to allow OpenSSL >= 1.1.0 run-time micro version
+ bumps without complaining about library version mismatches.
+ Viktor Dukhovni. Files: proto/postconf.proto,
+ proto/TLS_README.html, tls/tls.h, tls/tls_server.c,
+ tls/tls_misc.c.
+
+20181106
+
+ Bugfix (introduced: 3.0): smtpd_discard_ehlo_keywords could
+ not disable "SMTPUTF8". because the lookup table was using
+ "EHLO_MASK_SMTPUTF8" instead. File: global/ehlo_mask.c.
+
+20181110
+
+ Documentation: update documentation for Postfix versions
+ that support disabling TLS 1.3. File: proto/postconf.proto.
+
+20181117
+
+ Improved logging of TLS 1.3 summary information, and improved
+ reporting of the same info in Received: message headers.
+ Viktor Dukhovni. Files: proto/FORWARD_SECRECY_README.html,
+ posttls-finger/posttls-finger.c, smtpd/smtpd.c, tls/tls.h,
+ tls/tls_client.c, tls/tls_misc.c, tls/tls_proxy.h,
+ tls/tls_proxy_context_print.c, tls/tls_proxy_context_scan.c,
+ tls/tls_server.c.
+
+20181202
+
+ Bugfix (introduced: postfix-2.11): with posttls-finger,
+ connections to unix-domain servers always resulted in "Failed
+ to establish session" even after a connection was established.
+ Jaroslav Skarva. File: posttls-finger/posttls-finger.c.
+
+20181227 (a forgotten bugfix from 20180707)
+
+ Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes,
+ table lookups could casefold the search string when searching
+ a lookup table that does not use fixed-string keys (regexp,
+ pcre, tcp, etc.). Historically, Postfix would not case-fold
+ the search string with such tables. File: util/dict_utf8.c.
+
+20190312
+
+ Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce
+ has been producing false rejects starting with the Postfix
+ 2.2 smtpd_end_of_data_restrictons, and for the same reasons,
+ did the same with the Postfix 3.4 BDAT command. The latter
+ was reported by Andreas Schulze. File: smtpd/smtpd_check.c.
+
+20190328
+
+ Bugfix (introduced: Postfix 3.0): LMTP connections over
+ UNIX-domain sockets were cached but not reused, due to a
+ cache lookup key mismatch. Therefore, idle cached connections
+ could exhaust LMTP server resources, resulting in two-second
+ pauses between email deliveries. This problem was investigated
+ by Juliana Rodrigueiro. File: smtp/smtp_connect.c.
diff -Nru postfix-3.1.9/html/FORWARD_SECRECY_README.html postfix-3.1.12/html/FORWARD_SECRECY_README.html
--- postfix-3.1.9/html/FORWARD_SECRECY_README.html 2017-12-26 10:51:40.000000000 -0500
+++ postfix-3.1.12/html/FORWARD_SECRECY_README.html 2018-11-17 18:11:07.000000000 -0500
@@ -378,7 +378,9 @@
<li> <p> With "<a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> = 1" and "<a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> = 1",
the Postfix SMTP client and server will log TLS connection information
-to the maillog file. The general logfile format is: </p>
+to the maillog file. The general logfile format is shown below.
+With TLS 1.3 there may be additional properties logged after the
+cipher name and bits. </p>
<blockquote>
<pre>
@@ -395,7 +397,8 @@
<li> <p> With "<a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> = yes", the Postfix SMTP
server will record TLS connection information in the Received:
header in the form of comments (text inside parentheses). The general
-format depends on the <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> setting:
+format depends on the <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> setting. With TLS 1.3 there
+may be additional properties logged after the cipher name and bits. </p>
<blockquote>
<pre>
@@ -411,6 +414,46 @@
</pre>
</blockquote>
+<p> TLS 1.3 examples. Some of the new attributes may not appear when not
+applicable or not available in older versions of the OpenSSL library. </p>
+
+<blockquote>
+<pre>
+Received: from localhost (localhost [127.0.0.1])
+ (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
+ (No client certificate requested)
+
+Received: from localhost (localhost [127.0.0.1])
+ (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
+ client-signature ECDSA (P-256) client-digest SHA256)
+ (Client CN "example.org", Issuer "example.org" (not verified))
+</pre>
+</blockquote>
+
+<ul>
+<li> <p> The "key-exchange" attribute records the type of "Diffie-Hellman"
+group used for key agreement. Possible values include "DHE", "ECDHE", "X25519"
+and "X448". With "DHE", the bit size of the prime will be reported in
+parentheses after the algorithm name, with "ECDHE", the curve name. </p>
+
+<li> <p> The "server-signature" attribute shows the public key signature
+algorithm used by the server. With "RSA-PSS", the bit size of the modulus will
+be reported in parentheses. With "ECDSA", the curve name. If, for example,
+the server has both an RSA and an ECDSA private key and certificate, it will be
+possible to track which one was used for a given connection. </p>
+
+<li> <p> The new "server-digest" attribute records the digest algorithm used by
+the server to prepare handshake messages for signing. The Ed25519 and Ed448
+signature algorithms do not make use of such a digest, so no "server-digest"
+will be shown for these signature algorithms. </p>
+
+<li> <p> When a client certificate is requested with "<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>" and
+the client uses a TLS client-certificate, the "client-signature" and
+"client-digest" attributes will record the corresponding properties of the
+client's TLS handshake signature. </p> </ul>
+
</ul>
<p> The next sections will explain what <i>cipher-name</i>,
@@ -462,6 +505,58 @@
differ for the legacy export ciphers where the actual key
is artificially shortened. </p>
+<p> Starting with TLS 1.3 the cipher name no longer contains enough
+information to determine which forward-secrecy scheme was employed,
+but TLS 1.3 <b>always</b> uses forward-secrecy. On the client side,
+up-to-date Postfix releases log additional information for TLS 1.3
+connections, reporting the signature and key exchange algorithms.
+Two examples below (the long single line messages are folded across
+multiple lines for readability): </p>
+
+<blockquote>
+<pre>
+postfix/smtp[<i>process-id</i>]:
+ Untrusted TLS connection established to 127.0.0.1[127.0.0.1]:25:
+ TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
+ client-signature ECDSA (P-256) client-digest SHA256
+
+postfix/smtp[<i>process-id</i>]:
+ Untrusted TLS connection established to 127.0.0.1[127.0.0.1]:25:
+ TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256
+</pre>
+</blockquote>
+
+<p> In the above connections, the "key-exchange" value records the
+"Diffie-Hellman" algorithm used for key agreement. The "server-signature" value
+records the public key algoritm used by the server to sign the key exchange.
+The "server-digest" value records any hash algorithm used to prepare the data
+for signing. With "ED25519" and "ED448", no separate hash algorithm is used.
+</p>
+
+<p> Examples of Postfix SMTP server logging: </p>
+
+<blockquote>
+<pre>
+postfix/smtpd[<i>process-id</i>]:
+ Untrusted TLS connection established from localhost[127.0.0.1]:25:
+ TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
+ client-signature ECDSA (P-256) client-digest SHA256
+
+postfix/smtpd[<i>process-id</i>]:
+ Anonymous TLS connection established from localhost[127.0.0.1]:
+ TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ server-signature RSA-PSS (2048 bits) server-digest SHA256
+
+postfix/smtpd[<i>process-id</i>]:
+ Anonymous TLS connection established from localhost[127.0.0.1]:
+ TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ server-signature ED25519
+</pre>
+</blockquote>
+
<h2><a name="status"> What do "Anonymous", "Untrusted", etc. in
Postfix logging mean? </a> </h2>
diff -Nru postfix-3.1.9/html/index.html postfix-3.1.12/html/index.html
--- postfix-3.1.9/html/index.html 2014-11-26 18:25:31.000000000 -0500
+++ postfix-3.1.12/html/index.html 2018-11-18 08:23:50.000000000 -0500
@@ -46,8 +46,6 @@
<li> <a href="IPV6_README.html"> IP Version 6 Support </a>
-<li> <a href="IPV6_README.html"> IP Version 6 Support </a>
-
<li> <a href="SMTPUTF8_README.html"> SMTPUTF8 Support </a>
<li> <a href="COMPATIBILITY_README.html"> Backwards-Compatibility Safety Net</a>
diff -Nru postfix-3.1.9/html/postconf.5.html postfix-3.1.12/html/postconf.5.html
--- postfix-3.1.9/html/postconf.5.html 2016-02-12 08:54:33.000000000 -0500
+++ postfix-3.1.12/html/postconf.5.html 2018-11-10 19:09:43.000000000 -0500
@@ -12342,8 +12342,10 @@
<p> The range of protocols advertised by an SSL/TLS client must be
contiguous. When a protocol version is enabled, disabling any
-higher version implicitly disables all versions above that higher
-version. Thus, for example: </p>
+higher version implicitly disables all versions above that higher version.
+Thus, for example (assuming the OpenSSL library supports both SSLv2
+and SSLv3):
+</p>
<blockquote>
<pre>
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !TLSv1
@@ -12360,6 +12362,10 @@
versions of Postfix ≥ 2.10 can explicitly disable support for
"TLSv1.1" or "TLSv1.2". </p>
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
+≥ 3.4 (or patch releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
+this can be disabled, if need be, via "!TLSv1.3". </p>
+
<p> At the <a href="TLS_README.html#client_tls_dane">dane</a> and
<a href="TLS_README.html#client_tls_dane">dane-only</a> security
levels, when usable TLSA records are obtained for the remote SMTP
@@ -12672,11 +12678,13 @@
<p> The range of protocols advertised by an SSL/TLS client must be
contiguous. When a protocol version is enabled, disabling any
-higher version implicitly disables all versions above that higher
-version. Thus, for example: </p>
+higher version implicitly disables all versions above that higher version.
+Thus, for example (assuming the OpenSSL library supports both SSLv2
+and SSLv3):
+</p>
<blockquote>
<pre>
-<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !TLSv1
+<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !TLSv1
</pre>
</blockquote>
<p> also disables any protocols version higher than TLSv1 leaving
@@ -12687,6 +12695,10 @@
versions of Postfix ≥ 2.10 can explicitly disable support for
"TLSv1.1" or "TLSv1.2"</p>
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
+≥ 3.4 (or patch releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
+this can be disabled, if need be, via "!TLSv1.3". </p>
+
<p> To include a protocol list its name, to exclude it, prefix the name
with a "!" character. To exclude SSLv2 for opportunistic TLS set
"<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
@@ -16753,6 +16765,10 @@
versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or
"TLSv1.2". </p>
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
+≥ 3.4 (or patch releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
+this can be disabled, if need be, via "!TLSv1.3". </p>
+
<p> Example: </p>
<pre>
@@ -16784,6 +16800,10 @@
versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or
"TLSv1.2". </p>
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
+≥ 3.4 (or patch releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
+this can be disabled, if need be, via "!TLSv1.3". </p>
+
<p> To include a protocol list its name, to exclude it, prefix the name
with a "!" character. To exclude SSLv2 for opportunistic TLS set
"<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
@@ -17597,44 +17617,46 @@
<dl>
-<dt><b>MICROSOFT_SESS_ID_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+<dt><b>CRYPTOPRO_TLSEXT_BUG</b></dt> <dd>New with GOST support in
+OpenSSL 1.0.0.</dd>
-<dt><b>NETSCAPE_CHALLENGE_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+<dt><b>DONT_INSERT_EMPTY_FRAGMENTS</b></dt> <dd>See
+SSL_CTX_set_options(3)</dd>
<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
-<dt><b>NETSCAPE_REUSE_CIPHER_CHANGE_BUG</b></dt> <dd> also aliased
-as <b>CVE-2010-4180</b>. Postfix 2.8 disables this work-around by
-default with OpenSSL versions that may predate the fix. Fixed in
-OpenSSL 0.9.8q and OpenSSL 1.0.0c.</dd>
-
-<dt><b>SSLREF2_REUSE_CERT_TYPE_BUG</b></dt> <dd>See
-SSL_CTX_set_options(3)</dd>
-
<dt><b>MICROSOFT_BIG_SSLV3_BUFFER</b></dt> <dd>See
SSL_CTX_set_options(3)</dd>
+<dt><b>MICROSOFT_SESS_ID_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+
<dt><b>MSIE_SSLV2_RSA_PADDING</b></dt> <dd> also aliased as
<b>CVE-2005-2969</b>. Postfix 2.8 disables this work-around by
default with OpenSSL versions that may predate the fix. Fixed in
OpenSSL 0.9.7h and OpenSSL 0.9.8a.</dd>
+<dt><b>NETSCAPE_CHALLENGE_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+
+<dt><b>NETSCAPE_REUSE_CIPHER_CHANGE_BUG</b></dt> <dd> also aliased
+as <b>CVE-2010-4180</b>. Postfix 2.8 disables this work-around by
+default with OpenSSL versions that may predate the fix. Fixed in
+OpenSSL 0.9.8q and OpenSSL 1.0.0c.</dd>
+
<dt><b>SSLEAY_080_CLIENT_DH_BUG</b></dt> <dd>See
SSL_CTX_set_options(3)</dd>
-<dt><b>TLS_D5_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+<dt><b>SSLREF2_REUSE_CERT_TYPE_BUG</b></dt> <dd>See
+SSL_CTX_set_options(3)</dd>
<dt><b>TLS_BLOCK_PADDING_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+<dt><b>TLS_D5_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+
<dt><b>TLS_ROLLBACK_BUG</b></dt> <dd>See SSL_CTX_set_options(3).
This is disabled in OpenSSL 0.9.7 and later. Nobody should still
be using 0.9.6! </dd>
-<dt><b>DONT_INSERT_EMPTY_FRAGMENTS</b></dt> <dd>See
-SSL_CTX_set_options(3)</dd>
-
-<dt><b>CRYPTOPRO_TLSEXT_BUG</b></dt> <dd>New with GOST support in
-OpenSSL 1.0.0.</dd>
+<dt><b>TLSEXT_PADDING</b></dt><dd>Postfix ≥ 3.4. See SSL_CTX_set_options(3).</dd>
</dl>
@@ -17981,18 +18003,39 @@
You can only enable options not already controlled by other Postfix
settings. For example, you cannot disable protocols or enable
server cipher preference. Do not attempt to turn all features by
-specifying 0xFFFFFFFF, this is unlikely to be a good idea. </p>
+specifying 0xFFFFFFFF, this is unlikely to be a good idea. Some
+bug work-arounds are also valid here, allowing them to be re-enabled
+if/when they're no longer enabled by default. The supported values
+include: </p>
<dl>
+<dt><b>ENABLE_MIDDLEBOX_COMPAT</b></dt> <dd>Postfix ≥ 3.4. See
+SSL_CTX_set_options(3).</dd>
+
<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3).</dd>
-<dt><b>NO_TICKET</b></dt> <dd>See SSL_CTX_set_options(3).</dd>
+<dt><b>NO_TICKET</b></dt> <dd>Enabled by default when needed in
+fully-patched Postfix ≥ 2.7. Not needed at all for Postfix ≥
+2.11, unless for some reason you do not want to support TLS session
+resumption. Best not set explicitly. See SSL_CTX_set_options(3).</dd>
<dt><b>NO_COMPRESSION</b></dt> <dd>Disable SSL compression even if
supported by the OpenSSL library. Compression is CPU-intensive,
and compression before encryption does not always improve security. </dd>
+<dt><b>NO_RENEGOTIATION</b></dt> <dd>Postfix ≥ 3.4. This can
+reduce opportunities for a potential CPU exhaustion attack. See
+SSL_CTX_set_options(3).</dd>
+
+<dt><b>NO_SESSION_RESUMPTION_ON_RENEGOTIATION</b></dt> <dd>Postfix
+≥ 3.4. See SSL_CTX_set_options(3).</dd>
+
+<dt><b>PRIORITIZE_CHACHA</b></dt> <dd>Postfix ≥ 3.4. See SSL_CTX_set_options(3).</dd>
+
+<dt><b>TLSEXT_PADDING</b></dt> <dd>Postfix ≥ 3.4. See
+SSL_CTX_set_options(3).</dd>
+
</dl>
<p> This feature is available in Postfix 2.11 and later. </p>
diff -Nru postfix-3.1.9/html/TLS_README.html postfix-3.1.12/html/TLS_README.html
--- postfix-3.1.9/html/TLS_README.html 2016-02-08 17:24:01.000000000 -0500
+++ postfix-3.1.12/html/TLS_README.html 2018-11-04 18:05:33.000000000 -0500
@@ -919,12 +919,13 @@
</blockquote>
<p> With Postfix 2.8 and later, the <a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> parameter
-specifies a list or bit-mask of OpenSSL bug work-arounds to disable. This
-may be necessary if one of the work-arounds enabled by default in
-OpenSSL proves to pose a security risk, or introduces an unexpected
-interoperability issue. Some bug work-arounds known to be problematic
-are disabled in the default value of the parameter when linked with
-an OpenSSL library that could be vulnerable. </p>
+specifies a list or bit-mask of default-enabled OpenSSL bug
+work-arounds to disable. This may be necessary if one of the
+work-arounds enabled by default in OpenSSL proves to pose a security
+risk, or introduces an unexpected interoperability issue. The list
+of enabled bug work-arounds is OpenSSL-release-specific. See the
+<a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> parameter documentation for the list of
+supported values.</p>
<p> Example: </p>
@@ -942,19 +943,8 @@
found in the ssl.h file corresponding to the run-time OpenSSL
library. While it may be reasonable to turn off all bug workarounds
(see above), it is not a good idea to attempt to turn on all features.
-</p>
-
-<dl>
-
-<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3).</dd>
-
-<dt><b>NO_TICKET</b></dt> <dd>See SSL_CTX_set_options(3).</dd>
-
-<dt><b>NO_COMPRESSION</b></dt> <dd>Disable SSL compression even if
-supported by the OpenSSL library. Compression is CPU-intensive,
-and compression before encryption does not always improve security. </dd>
-
-</dl>
+See the <a href="postconf.5.html#tls_ssl_options">tls_ssl_options</a> parameter documentation for the list of
+supported values. </p>
<p> Example: </p>
diff -Nru postfix-3.1.9/.indent.pro postfix-3.1.12/.indent.pro
--- postfix-3.1.9/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/man/man5/postconf.5 postfix-3.1.12/man/man5/postconf.5
--- postfix-3.1.9/man/man5/postconf.5 2016-02-12 08:54:33.000000000 -0500
+++ postfix-3.1.12/man/man5/postconf.5 2018-11-10 19:09:43.000000000 -0500
@@ -7923,8 +7923,9 @@
.PP
The range of protocols advertised by an SSL/TLS client must be
contiguous. When a protocol version is enabled, disabling any
-higher version implicitly disables all versions above that higher
-version. Thus, for example:
+higher version implicitly disables all versions above that higher version.
+Thus, for example (assuming the OpenSSL library supports both SSLv2
+and SSLv3):
.sp
.in +4
.nf
@@ -7946,6 +7947,10 @@
versions of Postfix >= 2.10 can explicitly disable support for
"TLSv1.1" or "TLSv1.2".
.PP
+OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
+>= 3.4 (or patch releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
+this can be disabled, if need be, via "!TLSv1.3".
+.PP
At the dane and
dane\-only security
levels, when usable TLSA records are obtained for the remote SMTP
@@ -8241,14 +8246,15 @@
.PP
The range of protocols advertised by an SSL/TLS client must be
contiguous. When a protocol version is enabled, disabling any
-higher version implicitly disables all versions above that higher
-version. Thus, for example:
+higher version implicitly disables all versions above that higher version.
+Thus, for example (assuming the OpenSSL library supports both SSLv2
+and SSLv3):
.sp
.in +4
.nf
.na
.ft C
-smtp_tls_mandatory_protocols = !SSLv2, !TLSv1
+smtp_tls_protocols = !SSLv2, !TLSv1
.fi
.ad
.ft R
@@ -8261,6 +8267,10 @@
versions of Postfix >= 2.10 can explicitly disable support for
"TLSv1.1" or "TLSv1.2"
.PP
+OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
+>= 3.4 (or patch releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
+this can be disabled, if need be, via "!TLSv1.3".
+.PP
To include a protocol list its name, to exclude it, prefix the name
with a "!" character. To exclude SSLv2 for opportunistic TLS set
"smtp_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
@@ -11490,6 +11500,10 @@
versions of Postfix >= 2.10 can disable support for "TLSv1.1" or
"TLSv1.2".
.PP
+OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
+>= 3.4 (or patch releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
+this can be disabled, if need be, via "!TLSv1.3".
+.PP
Example:
.PP
.nf
@@ -11519,6 +11533,10 @@
versions of Postfix >= 2.10 can disable support for "TLSv1.1" or
"TLSv1.2".
.PP
+OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
+>= 3.4 (or patch releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
+this can be disabled, if need be, via "!TLSv1.3".
+.PP
To include a protocol list its name, to exclude it, prefix the name
with a "!" character. To exclude SSLv2 for opportunistic TLS set
"smtpd_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
@@ -12102,57 +12120,60 @@
is possible that your OpenSSL version includes new bug work\-arounds
added after your Postfix source code was last updated, in that case
you can only disable one of these via the hexadecimal syntax above.
-.IP "\fBMICROSOFT_SESS_ID_BUG\fR"
-See SSL_CTX_\fBset_options\fR(3)
+.IP "\fBCRYPTOPRO_TLSEXT_BUG\fR"
+New with GOST support in
+OpenSSL 1.0.0.
.br
-.IP "\fBNETSCAPE_CHALLENGE_BUG\fR"
-See SSL_CTX_\fBset_options\fR(3)
+.IP "\fBDONT_INSERT_EMPTY_FRAGMENTS\fR"
+See
+SSL_CTX_\fBset_options\fR(3)
.br
.IP "\fBLEGACY_SERVER_CONNECT\fR"
See SSL_CTX_\fBset_options\fR(3)
.br
-.IP "\fBNETSCAPE_REUSE_CIPHER_CHANGE_BUG\fR"
-also aliased
-as \fBCVE\-2010\-4180\fR. Postfix 2.8 disables this work\-around by
-default with OpenSSL versions that may predate the fix. Fixed in
-OpenSSL 0.9.8q and OpenSSL 1.0.0c.
-.br
-.IP "\fBSSLREF2_REUSE_CERT_TYPE_BUG\fR"
-See
-SSL_CTX_\fBset_options\fR(3)
-.br
.IP "\fBMICROSOFT_BIG_SSLV3_BUFFER\fR"
See
SSL_CTX_\fBset_options\fR(3)
.br
+.IP "\fBMICROSOFT_SESS_ID_BUG\fR"
+See SSL_CTX_\fBset_options\fR(3)
+.br
.IP "\fBMSIE_SSLV2_RSA_PADDING\fR"
also aliased as
\fBCVE\-2005\-2969\fR. Postfix 2.8 disables this work\-around by
default with OpenSSL versions that may predate the fix. Fixed in
OpenSSL 0.9.7h and OpenSSL 0.9.8a.
.br
+.IP "\fBNETSCAPE_CHALLENGE_BUG\fR"
+See SSL_CTX_\fBset_options\fR(3)
+.br
+.IP "\fBNETSCAPE_REUSE_CIPHER_CHANGE_BUG\fR"
+also aliased
+as \fBCVE\-2010\-4180\fR. Postfix 2.8 disables this work\-around by
+default with OpenSSL versions that may predate the fix. Fixed in
+OpenSSL 0.9.8q and OpenSSL 1.0.0c.
+.br
.IP "\fBSSLEAY_080_CLIENT_DH_BUG\fR"
See
SSL_CTX_\fBset_options\fR(3)
.br
-.IP "\fBTLS_D5_BUG\fR"
-See SSL_CTX_\fBset_options\fR(3)
+.IP "\fBSSLREF2_REUSE_CERT_TYPE_BUG\fR"
+See
+SSL_CTX_\fBset_options\fR(3)
.br
.IP "\fBTLS_BLOCK_PADDING_BUG\fR"
See SSL_CTX_\fBset_options\fR(3)
.br
+.IP "\fBTLS_D5_BUG\fR"
+See SSL_CTX_\fBset_options\fR(3)
+.br
.IP "\fBTLS_ROLLBACK_BUG\fR"
See SSL_CTX_\fBset_options\fR(3).
This is disabled in OpenSSL 0.9.7 and later. Nobody should still
be using 0.9.6!
.br
-.IP "\fBDONT_INSERT_EMPTY_FRAGMENTS\fR"
-See
-SSL_CTX_\fBset_options\fR(3)
-.br
-.IP "\fBCRYPTOPRO_TLSEXT_BUG\fR"
-New with GOST support in
-OpenSSL 1.0.0.
+.IP "\fBTLSEXT_PADDING\fR"
+Postfix >= 3.4. See SSL_CTX_\fBset_options\fR(3).
.br
.br
.PP
@@ -12397,18 +12418,44 @@
You can only enable options not already controlled by other Postfix
settings. For example, you cannot disable protocols or enable
server cipher preference. Do not attempt to turn all features by
-specifying 0xFFFFFFFF, this is unlikely to be a good idea.
+specifying 0xFFFFFFFF, this is unlikely to be a good idea. Some
+bug work\-arounds are also valid here, allowing them to be re\-enabled
+if/when they're no longer enabled by default. The supported values
+include:
+.IP "\fBENABLE_MIDDLEBOX_COMPAT\fR"
+Postfix >= 3.4. See
+SSL_CTX_\fBset_options\fR(3).
+.br
.IP "\fBLEGACY_SERVER_CONNECT\fR"
See SSL_CTX_\fBset_options\fR(3).
.br
.IP "\fBNO_TICKET\fR"
-See SSL_CTX_\fBset_options\fR(3).
+Enabled by default when needed in
+fully\-patched Postfix >= 2.7. Not needed at all for Postfix >=
+2.11, unless for some reason you do not want to support TLS session
+resumption. Best not set explicitly. See SSL_CTX_\fBset_options\fR(3).
.br
.IP "\fBNO_COMPRESSION\fR"
Disable SSL compression even if
supported by the OpenSSL library. Compression is CPU\-intensive,
and compression before encryption does not always improve security.
.br
+.IP "\fBNO_RENEGOTIATION\fR"
+Postfix >= 3.4. This can
+reduce opportunities for a potential CPU exhaustion attack. See
+SSL_CTX_\fBset_options\fR(3).
+.br
+.IP "\fBNO_SESSION_RESUMPTION_ON_RENEGOTIATION\fR"
+Postfix
+>= 3.4. See SSL_CTX_\fBset_options\fR(3).
+.br
+.IP "\fBPRIORITIZE_CHACHA\fR"
+Postfix >= 3.4. See SSL_CTX_\fBset_options\fR(3).
+.br
+.IP "\fBTLSEXT_PADDING\fR"
+Postfix >= 3.4. See
+SSL_CTX_\fBset_options\fR(3).
+.br
.br
.PP
This feature is available in Postfix 2.11 and later.
diff -Nru postfix-3.1.9/proto/FORWARD_SECRECY_README.html postfix-3.1.12/proto/FORWARD_SECRECY_README.html
--- postfix-3.1.9/proto/FORWARD_SECRECY_README.html 2017-12-26 10:49:33.000000000 -0500
+++ postfix-3.1.12/proto/FORWARD_SECRECY_README.html 2018-11-17 18:10:54.000000000 -0500
@@ -378,7 +378,9 @@
<li> <p> With "smtp_tls_loglevel = 1" and "smtpd_tls_loglevel = 1",
the Postfix SMTP client and server will log TLS connection information
-to the maillog file. The general logfile format is: </p>
+to the maillog file. The general logfile format is shown below.
+With TLS 1.3 there may be additional properties logged after the
+cipher name and bits. </p>
<blockquote>
<pre>
@@ -395,7 +397,8 @@
<li> <p> With "smtpd_tls_received_header = yes", the Postfix SMTP
server will record TLS connection information in the Received:
header in the form of comments (text inside parentheses). The general
-format depends on the smtpd_tls_ask_ccert setting:
+format depends on the smtpd_tls_ask_ccert setting. With TLS 1.3 there
+may be additional properties logged after the cipher name and bits. </p>
<blockquote>
<pre>
@@ -411,6 +414,46 @@
</pre>
</blockquote>
+<p> TLS 1.3 examples. Some of the new attributes may not appear when not
+applicable or not available in older versions of the OpenSSL library. </p>
+
+<blockquote>
+<pre>
+Received: from localhost (localhost [127.0.0.1])
+ (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
+ (No client certificate requested)
+
+Received: from localhost (localhost [127.0.0.1])
+ (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
+ client-signature ECDSA (P-256) client-digest SHA256)
+ (Client CN "example.org", Issuer "example.org" (not verified))
+</pre>
+</blockquote>
+
+<ul>
+<li> <p> The "key-exchange" attribute records the type of "Diffie-Hellman"
+group used for key agreement. Possible values include "DHE", "ECDHE", "X25519"
+and "X448". With "DHE", the bit size of the prime will be reported in
+parentheses after the algorithm name, with "ECDHE", the curve name. </p>
+
+<li> <p> The "server-signature" attribute shows the public key signature
+algorithm used by the server. With "RSA-PSS", the bit size of the modulus will
+be reported in parentheses. With "ECDSA", the curve name. If, for example,
+the server has both an RSA and an ECDSA private key and certificate, it will be
+possible to track which one was used for a given connection. </p>
+
+<li> <p> The new "server-digest" attribute records the digest algorithm used by
+the server to prepare handshake messages for signing. The Ed25519 and Ed448
+signature algorithms do not make use of such a digest, so no "server-digest"
+will be shown for these signature algorithms. </p>
+
+<li> <p> When a client certificate is requested with "smtpd_tls_ask_ccert" and
+the client uses a TLS client-certificate, the "client-signature" and
+"client-digest" attributes will record the corresponding properties of the
+client's TLS handshake signature. </p> </ul>
+
</ul>
<p> The next sections will explain what <i>cipher-name</i>,
@@ -462,6 +505,58 @@
differ for the legacy export ciphers where the actual key
is artificially shortened. </p>
+<p> Starting with TLS 1.3 the cipher name no longer contains enough
+information to determine which forward-secrecy scheme was employed,
+but TLS 1.3 <b>always</b> uses forward-secrecy. On the client side,
+up-to-date Postfix releases log additional information for TLS 1.3
+connections, reporting the signature and key exchange algorithms.
+Two examples below (the long single line messages are folded across
+multiple lines for readability): </p>
+
+<blockquote>
+<pre>
+postfix/smtp[<i>process-id</i>]:
+ Untrusted TLS connection established to 127.0.0.1[127.0.0.1]:25:
+ TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
+ client-signature ECDSA (P-256) client-digest SHA256
+
+postfix/smtp[<i>process-id</i>]:
+ Untrusted TLS connection established to 127.0.0.1[127.0.0.1]:25:
+ TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256
+</pre>
+</blockquote>
+
+<p> In the above connections, the "key-exchange" value records the
+"Diffie-Hellman" algorithm used for key agreement. The "server-signature" value
+records the public key algoritm used by the server to sign the key exchange.
+The "server-digest" value records any hash algorithm used to prepare the data
+for signing. With "ED25519" and "ED448", no separate hash algorithm is used.
+</p>
+
+<p> Examples of Postfix SMTP server logging: </p>
+
+<blockquote>
+<pre>
+postfix/smtpd[<i>process-id</i>]:
+ Untrusted TLS connection established from localhost[127.0.0.1]:25:
+ TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
+ client-signature ECDSA (P-256) client-digest SHA256
+
+postfix/smtpd[<i>process-id</i>]:
+ Anonymous TLS connection established from localhost[127.0.0.1]:
+ TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ server-signature RSA-PSS (2048 bits) server-digest SHA256
+
+postfix/smtpd[<i>process-id</i>]:
+ Anonymous TLS connection established from localhost[127.0.0.1]:
+ TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ server-signature ED25519
+</pre>
+</blockquote>
+
<h2><a name="status"> What do "Anonymous", "Untrusted", etc. in
Postfix logging mean? </a> </h2>
diff -Nru postfix-3.1.9/proto/postconf.proto postfix-3.1.12/proto/postconf.proto
--- postfix-3.1.9/proto/postconf.proto 2016-02-12 08:53:59.000000000 -0500
+++ postfix-3.1.12/proto/postconf.proto 2018-11-10 19:09:28.000000000 -0500
@@ -11129,8 +11129,10 @@
<p> The range of protocols advertised by an SSL/TLS client must be
contiguous. When a protocol version is enabled, disabling any
-higher version implicitly disables all versions above that higher
-version. Thus, for example: </p>
+higher version implicitly disables all versions above that higher version.
+Thus, for example (assuming the OpenSSL library supports both SSLv2
+and SSLv3):
+</p>
<blockquote>
<pre>
smtp_tls_mandatory_protocols = !SSLv2, !TLSv1
@@ -11147,6 +11149,10 @@
versions of Postfix ≥ 2.10 can explicitly disable support for
"TLSv1.1" or "TLSv1.2". </p>
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
+≥ 3.4 (or patch releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
+this can be disabled, if need be, via "!TLSv1.3". </p>
+
<p> At the <a href="TLS_README.html#client_tls_dane">dane</a> and
<a href="TLS_README.html#client_tls_dane">dane-only</a> security
levels, when usable TLSA records are obtained for the remote SMTP
@@ -11344,6 +11350,10 @@
versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or
"TLSv1.2". </p>
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
+≥ 3.4 (or patch releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
+this can be disabled, if need be, via "!TLSv1.3". </p>
+
<p> Example: </p>
<pre>
@@ -12485,11 +12495,13 @@
<p> The range of protocols advertised by an SSL/TLS client must be
contiguous. When a protocol version is enabled, disabling any
-higher version implicitly disables all versions above that higher
-version. Thus, for example: </p>
+higher version implicitly disables all versions above that higher version.
+Thus, for example (assuming the OpenSSL library supports both SSLv2
+and SSLv3):
+</p>
<blockquote>
<pre>
-smtp_tls_mandatory_protocols = !SSLv2, !TLSv1
+smtp_tls_protocols = !SSLv2, !TLSv1
</pre>
</blockquote>
<p> also disables any protocols version higher than TLSv1 leaving
@@ -12500,6 +12512,10 @@
versions of Postfix ≥ 2.10 can explicitly disable support for
"TLSv1.1" or "TLSv1.2"</p>
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
+≥ 3.4 (or patch releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
+this can be disabled, if need be, via "!TLSv1.3". </p>
+
<p> To include a protocol list its name, to exclude it, prefix the name
with a "!" character. To exclude SSLv2 for opportunistic TLS set
"smtp_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
@@ -12532,6 +12548,10 @@
versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or
"TLSv1.2". </p>
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
+≥ 3.4 (or patch releases ≥ 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
+this can be disabled, if need be, via "!TLSv1.3". </p>
+
<p> To include a protocol list its name, to exclude it, prefix the name
with a "!" character. To exclude SSLv2 for opportunistic TLS set
"smtpd_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
@@ -14784,44 +14804,46 @@
<dl>
-<dt><b>MICROSOFT_SESS_ID_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+<dt><b>CRYPTOPRO_TLSEXT_BUG</b></dt> <dd>New with GOST support in
+OpenSSL 1.0.0.</dd>
-<dt><b>NETSCAPE_CHALLENGE_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+<dt><b>DONT_INSERT_EMPTY_FRAGMENTS</b></dt> <dd>See
+SSL_CTX_set_options(3)</dd>
<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
-<dt><b>NETSCAPE_REUSE_CIPHER_CHANGE_BUG</b></dt> <dd> also aliased
-as <b>CVE-2010-4180</b>. Postfix 2.8 disables this work-around by
-default with OpenSSL versions that may predate the fix. Fixed in
-OpenSSL 0.9.8q and OpenSSL 1.0.0c.</dd>
-
-<dt><b>SSLREF2_REUSE_CERT_TYPE_BUG</b></dt> <dd>See
-SSL_CTX_set_options(3)</dd>
-
<dt><b>MICROSOFT_BIG_SSLV3_BUFFER</b></dt> <dd>See
SSL_CTX_set_options(3)</dd>
+<dt><b>MICROSOFT_SESS_ID_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+
<dt><b>MSIE_SSLV2_RSA_PADDING</b></dt> <dd> also aliased as
<b>CVE-2005-2969</b>. Postfix 2.8 disables this work-around by
default with OpenSSL versions that may predate the fix. Fixed in
OpenSSL 0.9.7h and OpenSSL 0.9.8a.</dd>
+<dt><b>NETSCAPE_CHALLENGE_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+
+<dt><b>NETSCAPE_REUSE_CIPHER_CHANGE_BUG</b></dt> <dd> also aliased
+as <b>CVE-2010-4180</b>. Postfix 2.8 disables this work-around by
+default with OpenSSL versions that may predate the fix. Fixed in
+OpenSSL 0.9.8q and OpenSSL 1.0.0c.</dd>
+
<dt><b>SSLEAY_080_CLIENT_DH_BUG</b></dt> <dd>See
SSL_CTX_set_options(3)</dd>
-<dt><b>TLS_D5_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+<dt><b>SSLREF2_REUSE_CERT_TYPE_BUG</b></dt> <dd>See
+SSL_CTX_set_options(3)</dd>
<dt><b>TLS_BLOCK_PADDING_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+<dt><b>TLS_D5_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+
<dt><b>TLS_ROLLBACK_BUG</b></dt> <dd>See SSL_CTX_set_options(3).
This is disabled in OpenSSL 0.9.7 and later. Nobody should still
be using 0.9.6! </dd>
-<dt><b>DONT_INSERT_EMPTY_FRAGMENTS</b></dt> <dd>See
-SSL_CTX_set_options(3)</dd>
-
-<dt><b>CRYPTOPRO_TLSEXT_BUG</b></dt> <dd>New with GOST support in
-OpenSSL 1.0.0.</dd>
+<dt><b>TLSEXT_PADDING</b></dt><dd>Postfix ≥ 3.4. See SSL_CTX_set_options(3).</dd>
</dl>
@@ -15890,18 +15912,39 @@
You can only enable options not already controlled by other Postfix
settings. For example, you cannot disable protocols or enable
server cipher preference. Do not attempt to turn all features by
-specifying 0xFFFFFFFF, this is unlikely to be a good idea. </p>
+specifying 0xFFFFFFFF, this is unlikely to be a good idea. Some
+bug work-arounds are also valid here, allowing them to be re-enabled
+if/when they're no longer enabled by default. The supported values
+include: </p>
<dl>
+<dt><b>ENABLE_MIDDLEBOX_COMPAT</b></dt> <dd>Postfix ≥ 3.4. See
+SSL_CTX_set_options(3).</dd>
+
<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3).</dd>
-<dt><b>NO_TICKET</b></dt> <dd>See SSL_CTX_set_options(3).</dd>
+<dt><b>NO_TICKET</b></dt> <dd>Enabled by default when needed in
+fully-patched Postfix ≥ 2.7. Not needed at all for Postfix ≥
+2.11, unless for some reason you do not want to support TLS session
+resumption. Best not set explicitly. See SSL_CTX_set_options(3).</dd>
<dt><b>NO_COMPRESSION</b></dt> <dd>Disable SSL compression even if
supported by the OpenSSL library. Compression is CPU-intensive,
and compression before encryption does not always improve security. </dd>
+<dt><b>NO_RENEGOTIATION</b></dt> <dd>Postfix ≥ 3.4. This can
+reduce opportunities for a potential CPU exhaustion attack. See
+SSL_CTX_set_options(3).</dd>
+
+<dt><b>NO_SESSION_RESUMPTION_ON_RENEGOTIATION</b></dt> <dd>Postfix
+≥ 3.4. See SSL_CTX_set_options(3).</dd>
+
+<dt><b>PRIORITIZE_CHACHA</b></dt> <dd>Postfix ≥ 3.4. See SSL_CTX_set_options(3).</dd>
+
+<dt><b>TLSEXT_PADDING</b></dt> <dd>Postfix ≥ 3.4. See
+SSL_CTX_set_options(3).</dd>
+
</dl>
<p> This feature is available in Postfix 2.11 and later. </p>
diff -Nru postfix-3.1.9/proto/TLS_README.html postfix-3.1.12/proto/TLS_README.html
--- postfix-3.1.9/proto/TLS_README.html 2016-02-08 17:23:46.000000000 -0500
+++ postfix-3.1.12/proto/TLS_README.html 2018-11-04 18:05:04.000000000 -0500
@@ -919,12 +919,13 @@
</blockquote>
<p> With Postfix 2.8 and later, the tls_disable_workarounds parameter
-specifies a list or bit-mask of OpenSSL bug work-arounds to disable. This
-may be necessary if one of the work-arounds enabled by default in
-OpenSSL proves to pose a security risk, or introduces an unexpected
-interoperability issue. Some bug work-arounds known to be problematic
-are disabled in the default value of the parameter when linked with
-an OpenSSL library that could be vulnerable. </p>
+specifies a list or bit-mask of default-enabled OpenSSL bug
+work-arounds to disable. This may be necessary if one of the
+work-arounds enabled by default in OpenSSL proves to pose a security
+risk, or introduces an unexpected interoperability issue. The list
+of enabled bug work-arounds is OpenSSL-release-specific. See the
+tls_disable_workarounds parameter documentation for the list of
+supported values.</p>
<p> Example: </p>
@@ -942,19 +943,8 @@
found in the ssl.h file corresponding to the run-time OpenSSL
library. While it may be reasonable to turn off all bug workarounds
(see above), it is not a good idea to attempt to turn on all features.
-</p>
-
-<dl>
-
-<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3).</dd>
-
-<dt><b>NO_TICKET</b></dt> <dd>See SSL_CTX_set_options(3).</dd>
-
-<dt><b>NO_COMPRESSION</b></dt> <dd>Disable SSL compression even if
-supported by the OpenSSL library. Compression is CPU-intensive,
-and compression before encryption does not always improve security. </dd>
-
-</dl>
+See the tls_ssl_options parameter documentation for the list of
+supported values. </p>
<p> Example: </p>
diff -Nru postfix-3.1.9/README_FILES/AAAREADME postfix-3.1.12/README_FILES/AAAREADME
--- postfix-3.1.9/README_FILES/AAAREADME 2014-11-26 18:25:35.000000000 -0500
+++ postfix-3.1.12/README_FILES/AAAREADME 2018-11-18 08:34:33.000000000 -0500
@@ -12,7 +12,6 @@
* TLS_README: TLS Encryption and authentication
* FORWARD_SECRECY_README: TLS Forward Secrecy
* IPV6_README: IP Version 6 Support
- * IPV6_README: IP Version 6 Support
* SMTPUTF8_README: SMTPUTF8 Support
* COMPATIBILITY_README: Backwards-Compatibility Safety Net
* INSTALL: Installation from source code
diff -Nru postfix-3.1.9/README_FILES/FORWARD_SECRECY_README postfix-3.1.12/README_FILES/FORWARD_SECRECY_README
--- postfix-3.1.9/README_FILES/FORWARD_SECRECY_README 2018-01-27 21:41:38.000000000 -0500
+++ postfix-3.1.12/README_FILES/FORWARD_SECRECY_README 2018-11-17 18:11:07.000000000 -0500
@@ -14,7 +14,7 @@
O�Ov�ve�er�rv�vi�ie�ew�w
Postfix supports forward secrecy of TLS network communication since version
-2.2. This support was adopted from Lutz Jänicke's "Postfix TLS patch" for
+2.2. This support was adopted from Lutz Ja"nicke's "Postfix TLS patch" for
earlier Postfix versions. This document will focus on TLS Forward Secrecy in
the Postfix SMTP client and server. See TLS_README for a general description of
Postfix TLS support.
@@ -279,7 +279,8 @@
* With "smtp_tls_loglevel = 1" and "smtpd_tls_loglevel = 1", the Postfix SMTP
client and server will log TLS connection information to the maillog file.
- The general logfile format is:
+ The general logfile format is shown below. With TLS 1.3 there may be
+ additional properties logged after the cipher name and bits.
postfix/smtp[process-id]: Untrusted TLS connection established
to host.example.com[192.168.0.2]:25: TLSv1 with cipher cipher-name
@@ -292,7 +293,8 @@
* With "smtpd_tls_received_header = yes", the Postfix SMTP server will record
TLS connection information in the Received: header in the form of comments
(text inside parentheses). The general format depends on the
- smtpd_tls_ask_ccert setting:
+ smtpd_tls_ask_ccert setting. With TLS 1.3 there may be additional
+ properties logged after the cipher name and bits.
Received: from host.example.com (host.example.com [192.168.0.2])
(using TLSv1 with cipher cipher-name
@@ -305,6 +307,47 @@
(actual-key-size/raw-key-size bits))
(No client certificate requested)
+ TLS 1.3 examples. Some of the new attributes may not appear when not
+ applicable or not available in older versions of the OpenSSL library.
+
+ Received: from localhost (localhost [127.0.0.1])
+ (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256
+ bits)
+ key-exchange X25519 server-signature RSA-PSS (2048 bits)
+ server-digest SHA256)
+ (No client certificate requested)
+
+ Received: from localhost (localhost [127.0.0.1])
+ (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256
+ bits)
+ key-exchange X25519 server-signature RSA-PSS (2048 bits)
+ server-digest SHA256
+ client-signature ECDSA (P-256) client-digest SHA256)
+ (Client CN "example.org", Issuer "example.org" (not verified))
+
+ o The "key-exchange" attribute records the type of "Diffie-Hellman" group
+ used for key agreement. Possible values include "DHE", "ECDHE",
+ "X25519" and "X448". With "DHE", the bit size of the prime will be
+ reported in parentheses after the algorithm name, with "ECDHE", the
+ curve name.
+
+ o The "server-signature" attribute shows the public key signature
+ algorithm used by the server. With "RSA-PSS", the bit size of the
+ modulus will be reported in parentheses. With "ECDSA", the curve name.
+ If, for example, the server has both an RSA and an ECDSA private key
+ and certificate, it will be possible to track which one was used for a
+ given connection.
+
+ o The new "server-digest" attribute records the digest algorithm used by
+ the server to prepare handshake messages for signing. The Ed25519 and
+ Ed448 signature algorithms do not make use of such a digest, so no
+ "server-digest" will be shown for these signature algorithms.
+
+ o When a client certificate is requested with "smtpd_tls_ask_ccert" and
+ the client uses a TLS client-certificate, the "client-signature" and
+ "client-digest" attributes will record the corresponding properties of
+ the client's TLS handshake signature.
+
The next sections will explain what cipher-name, key-size, and peer
verification status information to expect.
@@ -346,6 +389,51 @@
non-export ciphers, but may they differ for the legacy export ciphers where the
actual key is artificially shortened.
+Starting with TLS 1.3 the cipher name no longer contains enough information to
+determine which forward-secrecy scheme was employed, but TLS 1.3 a�al�lw�wa�ay�ys�s uses
+forward-secrecy. On the client side, up-to-date Postfix releases log additional
+information for TLS 1.3 connections, reporting the signature and key exchange
+algorithms. Two examples below (the long single line messages are folded across
+multiple lines for readability):
+
+ postfix/smtp[process-id]:
+ Untrusted TLS connection established to 127.0.0.1[127.0.0.1]:25:
+ TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
+ SHA256
+ client-signature ECDSA (P-256) client-digest SHA256
+
+ postfix/smtp[process-id]:
+ Untrusted TLS connection established to 127.0.0.1[127.0.0.1]:25:
+ TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest
+ SHA256
+
+In the above connections, the "key-exchange" value records the "Diffie-Hellman"
+algorithm used for key agreement. The "server-signature" value records the
+public key algoritm used by the server to sign the key exchange. The "server-
+digest" value records any hash algorithm used to prepare the data for signing.
+With "ED25519" and "ED448", no separate hash algorithm is used.
+
+Examples of Postfix SMTP server logging:
+
+ postfix/smtpd[process-id]:
+ Untrusted TLS connection established from localhost[127.0.0.1]:25:
+ TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
+ SHA256
+ client-signature ECDSA (P-256) client-digest SHA256
+
+ postfix/smtpd[process-id]:
+ Anonymous TLS connection established from localhost[127.0.0.1]:
+ TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ server-signature RSA-PSS (2048 bits) server-digest SHA256
+
+ postfix/smtpd[process-id]:
+ Anonymous TLS connection established from localhost[127.0.0.1]:
+ TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ server-signature ED25519
+
W�Wh�ha�at�t d�do�o "�"A�An�no�on�ny�ym�mo�ou�us�s"�",�, "�"U�Un�nt�tr�ru�us�st�te�ed�d"�",�, e�et�tc�c.�. i�in�n P�Po�os�st�tf�fi�ix�x l�lo�og�gg�gi�in�ng�g m�me�ea�an�n?�?
The verification levels below are subject to man-in-the-middle attacks to
@@ -421,8 +509,8 @@
C�Cr�re�ed�di�it�ts�s
- * TLS support for Postfix was originally developed by Lutz Jänicke at Cottbus
- Technical University.
+ * TLS support for Postfix was originally developed by Lutz Ja"nicke at
+ Cottbus Technical University.
* Wietse Venema adopted and restructured the code and documentation.
* Viktor Dukhovni implemented support for many subsequent TLS features,
including EECDH, and authored the initial version of this document.
diff -Nru postfix-3.1.9/README_FILES/TLS_README postfix-3.1.12/README_FILES/TLS_README
--- postfix-3.1.9/README_FILES/TLS_README 2016-02-08 20:04:29.000000000 -0500
+++ postfix-3.1.12/README_FILES/TLS_README 2018-11-04 18:05:36.000000000 -0500
@@ -659,11 +659,12 @@
smtpd_starttls_timeout = 300s
With Postfix 2.8 and later, the tls_disable_workarounds parameter specifies a
-list or bit-mask of OpenSSL bug work-arounds to disable. This may be necessary
-if one of the work-arounds enabled by default in OpenSSL proves to pose a
-security risk, or introduces an unexpected interoperability issue. Some bug
-work-arounds known to be problematic are disabled in the default value of the
-parameter when linked with an OpenSSL library that could be vulnerable.
+list or bit-mask of default-enabled OpenSSL bug work-arounds to disable. This
+may be necessary if one of the work-arounds enabled by default in OpenSSL
+proves to pose a security risk, or introduces an unexpected interoperability
+issue. The list of enabled bug work-arounds is OpenSSL-release-specific. See
+the tls_disable_workarounds parameter documentation for the list of supported
+values.
Example:
@@ -676,16 +677,9 @@
below, or a hexadecimal bitmask of options found in the ssl.h file
corresponding to the run-time OpenSSL library. While it may be reasonable to
turn off all bug workarounds (see above), it is not a good idea to attempt to
-turn on all features.
+turn on all features. See the tls_ssl_options parameter documentation for the
+list of supported values.
-L�LE�EG�GA�AC�CY�Y_�_S�SE�ER�RV�VE�ER�R_�_C�CO�ON�NN�NE�EC�CT�T
- See SSL_CTX_set_options(3).
-N�NO�O_�_T�TI�IC�CK�KE�ET�T
- See SSL_CTX_set_options(3).
-N�NO�O_�_C�CO�OM�MP�PR�RE�ES�SS�SI�IO�ON�N
- Disable SSL compression even if supported by the OpenSSL library.
- Compression is CPU-intensive, and compression before encryption does not
- always improve security.
Example:
/etc/postfix/main.cf:
diff -Nru postfix-3.1.9/src/anvil/.indent.pro postfix-3.1.12/src/anvil/.indent.pro
--- postfix-3.1.9/src/anvil/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/anvil/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/bounce/.indent.pro postfix-3.1.12/src/bounce/.indent.pro
--- postfix-3.1.9/src/bounce/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/bounce/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/cleanup/.indent.pro postfix-3.1.12/src/cleanup/.indent.pro
--- postfix-3.1.9/src/cleanup/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/cleanup/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/discard/.indent.pro postfix-3.1.12/src/discard/.indent.pro
--- postfix-3.1.9/src/discard/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/discard/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/dns/.indent.pro postfix-3.1.12/src/dns/.indent.pro
--- postfix-3.1.9/src/dns/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/dns/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/dnsblog/.indent.pro postfix-3.1.12/src/dnsblog/.indent.pro
--- postfix-3.1.9/src/dnsblog/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/dnsblog/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/error/.indent.pro postfix-3.1.12/src/error/.indent.pro
--- postfix-3.1.9/src/error/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/error/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/flush/.indent.pro postfix-3.1.12/src/flush/.indent.pro
--- postfix-3.1.9/src/flush/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/flush/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/fsstone/.indent.pro postfix-3.1.12/src/fsstone/.indent.pro
--- postfix-3.1.9/src/fsstone/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/fsstone/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/global/ehlo_mask.c postfix-3.1.12/src/global/ehlo_mask.c
--- postfix-3.1.9/src/global/ehlo_mask.c 2014-07-06 19:31:07.000000000 -0400
+++ postfix-3.1.12/src/global/ehlo_mask.c 2018-11-17 18:12:27.000000000 -0500
@@ -77,6 +77,7 @@
"ENHANCEDSTATUSCODES", EHLO_MASK_ENHANCEDSTATUSCODES,
"DSN", EHLO_MASK_DSN,
"EHLO_MASK_SMTPUTF8", EHLO_MASK_SMTPUTF8,
+ "SMTPUTF8", EHLO_MASK_SMTPUTF8,
"SILENT-DISCARD", EHLO_MASK_SILENT, /* XXX In-band signaling */
0,
};
diff -Nru postfix-3.1.9/src/global/.indent.pro postfix-3.1.12/src/global/.indent.pro
--- postfix-3.1.9/src/global/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/global/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/global/mail_proto.h postfix-3.1.12/src/global/mail_proto.h
--- postfix-3.1.9/src/global/mail_proto.h 2015-09-13 12:36:51.000000000 -0400
+++ postfix-3.1.12/src/global/mail_proto.h 2018-11-17 18:10:03.000000000 -0500
@@ -291,6 +291,18 @@
#define MAIL_ATTR_CIPHER_NAME "cipher_name"
#define MAIL_ATTR_CIPHER_USEBITS "cipher_usebits"
#define MAIL_ATTR_CIPHER_ALGBITS "cipher_algbits"
+#define MAIL_ATTR_KEX_NAME "key_exchange"
+#define MAIL_ATTR_KEX_CURVE "key_exchange_curve"
+#define MAIL_ATTR_KEX_BITS "key_exchange_bits"
+#define MAIL_ATTR_CLNT_SIG_NAME "clnt_signature"
+#define MAIL_ATTR_CLNT_SIG_CURVE "clnt_signature_curve"
+#define MAIL_ATTR_CLNT_SIG_BITS "clnt_signature_bits"
+#define MAIL_ATTR_CLNT_SIG_DGST "clnt_signature_digest"
+#define MAIL_ATTR_SRVR_SIG_NAME "srvr_signature"
+#define MAIL_ATTR_SRVR_SIG_CURVE "srvr_signature_curve"
+#define MAIL_ATTR_SRVR_SIG_BITS "srvr_signature_bits"
+#define MAIL_ATTR_SRVR_SIG_DGST "srvr_signature_digest"
+#define MAIL_ATTR_NAMADDR "namaddr"
#define MAIL_ATTR_SERVER_ID "server_id"
/*
diff -Nru postfix-3.1.9/src/global/mail_version.h postfix-3.1.12/src/global/mail_version.h
--- postfix-3.1.9/src/global/mail_version.h 2018-05-19 16:42:39.000000000 -0400
+++ postfix-3.1.12/src/global/mail_version.h 2019-03-30 10:35:34.000000000 -0400
@@ -20,8 +20,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20180519"
-#define MAIL_VERSION_NUMBER "3.1.9"
+#define MAIL_RELEASE_DATE "20190330"
+#define MAIL_VERSION_NUMBER "3.1.12"
#ifdef SNAPSHOT
#define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
diff -Nru postfix-3.1.9/src/local/.indent.pro postfix-3.1.12/src/local/.indent.pro
--- postfix-3.1.9/src/local/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/local/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/master/.indent.pro postfix-3.1.12/src/master/.indent.pro
--- postfix-3.1.9/src/master/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/master/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/milter/.indent.pro postfix-3.1.12/src/milter/.indent.pro
--- postfix-3.1.9/src/milter/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/milter/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/oqmgr/.indent.pro postfix-3.1.12/src/oqmgr/.indent.pro
--- postfix-3.1.9/src/oqmgr/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/oqmgr/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/pickup/.indent.pro postfix-3.1.12/src/pickup/.indent.pro
--- postfix-3.1.9/src/pickup/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/pickup/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/pipe/.indent.pro postfix-3.1.12/src/pipe/.indent.pro
--- postfix-3.1.9/src/pipe/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/pipe/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/postalias/.indent.pro postfix-3.1.12/src/postalias/.indent.pro
--- postfix-3.1.9/src/postalias/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/postalias/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/postcat/.indent.pro postfix-3.1.12/src/postcat/.indent.pro
--- postfix-3.1.9/src/postcat/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/postcat/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/postconf/.indent.pro postfix-3.1.12/src/postconf/.indent.pro
--- postfix-3.1.9/src/postconf/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/postconf/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/postdrop/.indent.pro postfix-3.1.12/src/postdrop/.indent.pro
--- postfix-3.1.9/src/postdrop/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/postdrop/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/postfix/.indent.pro postfix-3.1.12/src/postfix/.indent.pro
--- postfix-3.1.9/src/postfix/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/postfix/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/postkick/.indent.pro postfix-3.1.12/src/postkick/.indent.pro
--- postfix-3.1.9/src/postkick/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/postkick/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/postlock/.indent.pro postfix-3.1.12/src/postlock/.indent.pro
--- postfix-3.1.9/src/postlock/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/postlock/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/postlog/.indent.pro postfix-3.1.12/src/postlog/.indent.pro
--- postfix-3.1.9/src/postlog/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/postlog/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/postmap/.indent.pro postfix-3.1.12/src/postmap/.indent.pro
--- postfix-3.1.9/src/postmap/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/postmap/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/postmulti/.indent.pro postfix-3.1.12/src/postmulti/.indent.pro
--- postfix-3.1.9/src/postmulti/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/postmulti/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/postscreen/.indent.pro postfix-3.1.12/src/postscreen/.indent.pro
--- postfix-3.1.9/src/postscreen/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/postscreen/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/postsuper/.indent.pro postfix-3.1.12/src/postsuper/.indent.pro
--- postfix-3.1.9/src/postsuper/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/postsuper/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/posttls-finger/.indent.pro postfix-3.1.12/src/posttls-finger/.indent.pro
--- postfix-3.1.9/src/posttls-finger/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/posttls-finger/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/posttls-finger/posttls-finger.c postfix-3.1.12/src/posttls-finger/posttls-finger.c
--- postfix-3.1.9/src/posttls-finger/posttls-finger.c 2016-08-27 16:27:50.000000000 -0400
+++ postfix-3.1.12/src/posttls-finger/posttls-finger.c 2018-12-02 18:22:57.000000000 -0500
@@ -1407,7 +1407,7 @@
*/
if (state->smtp == 0) {
if (strncmp(dest, "unix:", 5) == 0) {
- connect_unix(state, dest + 5);
+ state->stream = connect_unix(state, dest + 5);
if (!state->stream)
msg_info("Failed to establish session to %s: %s",
dest, vstring_str(state->why->reason));
diff -Nru postfix-3.1.9/src/proxymap/.indent.pro postfix-3.1.12/src/proxymap/.indent.pro
--- postfix-3.1.9/src/proxymap/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/proxymap/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/qmgr/.indent.pro postfix-3.1.12/src/qmgr/.indent.pro
--- postfix-3.1.9/src/qmgr/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/qmgr/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/qmqpd/.indent.pro postfix-3.1.12/src/qmqpd/.indent.pro
--- postfix-3.1.9/src/qmqpd/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/qmqpd/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/scache/.indent.pro postfix-3.1.12/src/scache/.indent.pro
--- postfix-3.1.9/src/scache/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/scache/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/sendmail/.indent.pro postfix-3.1.12/src/sendmail/.indent.pro
--- postfix-3.1.9/src/sendmail/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/sendmail/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/showq/.indent.pro postfix-3.1.12/src/showq/.indent.pro
--- postfix-3.1.9/src/showq/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/showq/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/smtp/.indent.pro postfix-3.1.12/src/smtp/.indent.pro
--- postfix-3.1.9/src/smtp/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/smtp/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/smtp/smtp_connect.c postfix-3.1.12/src/smtp/smtp_connect.c
--- postfix-3.1.9/src/smtp/smtp_connect.c 2015-03-29 15:04:22.000000000 -0400
+++ postfix-3.1.12/src/smtp/smtp_connect.c 2019-03-29 07:15:16.000000000 -0400
@@ -487,6 +487,8 @@
* the "unix:" prefix.
*/
smtp_cache_policy(state, path);
+ if (state->misc_flags & SMTP_MISC_FLAG_CONN_CACHE_MASK)
+ SET_NEXTHOP_STATE(state, path);
/*
* Here we ensure that the iter->addr member refers to a copy of the
@@ -562,6 +564,12 @@
msg_panic("%s: unix-domain destination not final!", myname);
smtp_cleanup_session(state);
}
+
+ /*
+ * Cleanup.
+ */
+ if (HAVE_NEXTHOP_STATE(state))
+ FREE_NEXTHOP_STATE(state);
}
/* smtp_scrub_address_list - delete all cached addresses from list */
diff -Nru postfix-3.1.9/src/smtpd/.indent.pro postfix-3.1.12/src/smtpd/.indent.pro
--- postfix-3.1.9/src/smtpd/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/smtpd/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/smtpd/smtpd.c postfix-3.1.12/src/smtpd/smtpd.c
--- postfix-3.1.9/src/smtpd/smtpd.c 2017-01-01 12:48:24.000000000 -0500
+++ postfix-3.1.12/src/smtpd/smtpd.c 2018-11-17 18:10:03.000000000 -0500
@@ -3207,12 +3207,70 @@
#ifdef USE_TLS
if (var_smtpd_tls_received_header && state->tls_context) {
- out_fprintf(out_stream, REC_TYPE_NORM,
- "\t(using %s with cipher %s (%d/%d bits))",
- state->tls_context->protocol,
- state->tls_context->cipher_name,
- state->tls_context->cipher_usebits,
- state->tls_context->cipher_algbits);
+ int cont = 0;
+
+ vstring_sprintf(state->buffer,
+ "\t(using %s with cipher %s (%d/%d bits)",
+ state->tls_context->protocol,
+ state->tls_context->cipher_name,
+ state->tls_context->cipher_usebits,
+ state->tls_context->cipher_algbits);
+ if (state->tls_context->kex_name && *state->tls_context->kex_name) {
+ out_record(out_stream, REC_TYPE_NORM, STR(state->buffer),
+ LEN(state->buffer));
+ vstring_sprintf(state->buffer, "\t key-exchange %s",
+ state->tls_context->kex_name);
+ if (state->tls_context->kex_curve
+ && *state->tls_context->kex_curve)
+ vstring_sprintf_append(state->buffer, " (%s)",
+ state->tls_context->kex_curve);
+ else if (state->tls_context->kex_bits > 0)
+ vstring_sprintf_append(state->buffer, " (%d bits)",
+ state->tls_context->kex_bits);
+ cont = 1;
+ }
+ if (state->tls_context->srvr_sig_name
+ && *state->tls_context->srvr_sig_name) {
+ if (cont) {
+ vstring_sprintf_append(state->buffer, " server-signature %s",
+ state->tls_context->srvr_sig_name);
+ } else {
+ out_record(out_stream, REC_TYPE_NORM, STR(state->buffer),
+ LEN(state->buffer));
+ vstring_sprintf(state->buffer, "\t server-signature %s",
+ state->tls_context->srvr_sig_name);
+ }
+ if (state->tls_context->srvr_sig_curve
+ && *state->tls_context->srvr_sig_curve)
+ vstring_sprintf_append(state->buffer, " (%s)",
+ state->tls_context->srvr_sig_curve);
+ else if (state->tls_context->srvr_sig_bits > 0)
+ vstring_sprintf_append(state->buffer, " (%d bits)",
+ state->tls_context->srvr_sig_bits);
+ if (state->tls_context->srvr_sig_dgst
+ && *state->tls_context->srvr_sig_dgst)
+ vstring_sprintf_append(state->buffer, " server-digest %s",
+ state->tls_context->srvr_sig_dgst);
+ }
+ if (state->tls_context->clnt_sig_name
+ && *state->tls_context->clnt_sig_name) {
+ out_record(out_stream, REC_TYPE_NORM, STR(state->buffer),
+ LEN(state->buffer));
+ vstring_sprintf(state->buffer, "\t client-signature %s",
+ state->tls_context->clnt_sig_name);
+ if (state->tls_context->clnt_sig_curve
+ && *state->tls_context->clnt_sig_curve)
+ vstring_sprintf_append(state->buffer, " (%s)",
+ state->tls_context->clnt_sig_curve);
+ else if (state->tls_context->clnt_sig_bits > 0)
+ vstring_sprintf_append(state->buffer, " (%d bits)",
+ state->tls_context->clnt_sig_bits);
+ if (state->tls_context->clnt_sig_dgst
+ && *state->tls_context->clnt_sig_dgst)
+ vstring_sprintf_append(state->buffer, " client-digest %s",
+ state->tls_context->clnt_sig_dgst);
+ }
+ out_fprintf(out_stream, REC_TYPE_NORM, "%s)", STR(state->buffer));
if (TLS_CERT_IS_PRESENT(state->tls_context)) {
peer_CN = VSTRING_STRDUP(state->tls_context->peer_CN);
comment_sanitize(peer_CN);
diff -Nru postfix-3.1.9/src/smtpd/smtpd_check.c postfix-3.1.12/src/smtpd/smtpd_check.c
--- postfix-3.1.9/src/smtpd/smtpd_check.c 2017-12-20 20:27:37.000000000 -0500
+++ postfix-3.1.12/src/smtpd/smtpd_check.c 2019-03-29 08:16:11.000000000 -0400
@@ -4585,7 +4585,7 @@
status = check_recipient_rcpt_maps(state, state->recipient);
} else if (strcasecmp(name, REJECT_MUL_RCPT_BOUNCE) == 0) {
if (state->sender && *state->sender == 0 && state->rcpt_count
- > (strcmp(state->where, SMTPD_CMD_DATA) ? 0 : 1))
+ > (strcmp(state->where, SMTPD_CMD_RCPT) != 0))
status = smtpd_check_reject(state, MAIL_ERROR_POLICY,
var_mul_rcpt_code, "5.5.3",
"<%s>: %s rejected: Multi-recipient bounce",
diff -Nru postfix-3.1.9/src/smtpstone/.indent.pro postfix-3.1.12/src/smtpstone/.indent.pro
--- postfix-3.1.9/src/smtpstone/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/smtpstone/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/spawn/.indent.pro postfix-3.1.12/src/spawn/.indent.pro
--- postfix-3.1.9/src/spawn/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/spawn/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/tls/.indent.pro postfix-3.1.12/src/tls/.indent.pro
--- postfix-3.1.9/src/tls/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/tls/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/tls/tls_client.c postfix-3.1.12/src/tls/tls_client.c
--- postfix-3.1.9/src/tls/tls_client.c 2016-08-27 16:27:50.000000000 -0400
+++ postfix-3.1.12/src/tls/tls_client.c 2018-11-17 18:10:03.000000000 -0500
@@ -1141,16 +1141,12 @@
TLScontext->peer_status |= TLS_CERT_FLAG_SECURED;
/*
- * All the key facts in a single log entry.
+ * With the handshake done, extract TLS 1.3 signature metadata.
*/
+ tls_get_signature_params(TLScontext);
+
if (log_mask & TLS_LOG_SUMMARY)
- msg_info("%s TLS connection established to %s: %s with cipher %s "
- "(%d/%d bits)",
- !TLS_CERT_IS_PRESENT(TLScontext) ? "Anonymous" :
- TLS_CERT_IS_SECURED(TLScontext) ? "Verified" :
- TLS_CERT_IS_TRUSTED(TLScontext) ? "Trusted" : "Untrusted",
- props->namaddr, TLScontext->protocol, TLScontext->cipher_name,
- TLScontext->cipher_usebits, TLScontext->cipher_algbits);
+ tls_log_summary(TLS_ROLE_CLIENT, TLS_USAGE_NEW, TLScontext);
tls_int_seed();
diff -Nru postfix-3.1.9/src/tls/tls_dane.c postfix-3.1.12/src/tls/tls_dane.c
--- postfix-3.1.9/src/tls/tls_dane.c 2017-10-09 11:02:57.000000000 -0400
+++ postfix-3.1.12/src/tls/tls_dane.c 2018-11-04 18:05:27.000000000 -0500
@@ -1402,26 +1402,20 @@
return (matched);
}
-/* push_ext - push extension onto certificate's stack, else free it */
-
-static int push_ext(X509 *cert, X509_EXTENSION *ext)
-{
- if (ext) {
- if (X509_add_ext(cert, ext, -1))
- return 1;
- X509_EXTENSION_free(ext);
- }
- return 0;
-}
-
/* add_ext - add simple extension (no config section references) */
static int add_ext(X509 *issuer, X509 *subject, int ext_nid, char *ext_val)
{
+ int ret = 0;
X509V3_CTX v3ctx;
+ X509_EXTENSION *ext;
X509V3_set_ctx(&v3ctx, issuer, subject, 0, 0, 0);
- return push_ext(subject, X509V3_EXT_conf_nid(0, &v3ctx, ext_nid, ext_val));
+ if ((ext = X509V3_EXT_conf_nid(0, &v3ctx, ext_nid, ext_val)) != 0) {
+ ret = X509_add_ext(subject, ext, -1);
+ X509_EXTENSION_free(ext);
+ }
+ return ret;
}
/* set_serial - set serial number to match akid or use subject's plus 1 */
diff -Nru postfix-3.1.9/src/tls/tls.h postfix-3.1.12/src/tls/tls.h
--- postfix-3.1.9/src/tls/tls.h 2016-08-27 16:27:50.000000000 -0400
+++ postfix-3.1.12/src/tls/tls.h 2018-11-17 18:10:41.000000000 -0500
@@ -106,6 +106,27 @@
#define X509_getm_notAfter X509_get_notAfter
#endif
+ /* Backwards compatibility with OpenSSL < 1.1.1 */
+#if OPENSSL_VERSION_NUMBER < 0x1010100fUL
+#define SSL_CTX_set_num_tickets(ctx, num) ((void)0)
+#endif
+
+ /*-
+ * Backwards compatibility with OpenSSL < 1.1.1a.
+ *
+ * In OpenSSL 1.1.1a the client-only interface SSL_get_server_tmp_key() was
+ * updated to work on both the client and the server, and was renamed to
+ * SSL_get_peer_tmp_key(), with the original name left behind as an alias. We
+ * use the new name when available.
+ */
+#if OPENSSL_VERSION_NUMBER < 0x1010101fUL
+#undef SSL_get_signature_nid
+#define SSL_get_signature_nid(ssl, pnid) (NID_undef)
+#define tls_get_peer_dh_pubkey SSL_get_server_tmp_key
+#else
+#define tls_get_peer_dh_pubkey SSL_get_peer_tmp_key
+#endif
+
/* SSL_CIPHER_get_name() got constified in 0.9.7g */
#if OPENSSL_VERSION_NUMBER >= 0x0090707fL /* constification */
#define SSL_CIPHER_const const
@@ -133,6 +154,17 @@
#include <dns.h>
/*
+ * TLS role, presently for logging.
+ */
+typedef enum {
+ TLS_ROLE_CLIENT, TLS_ROLE_SERVER,
+} TLS_ROLE;
+
+typedef enum {
+ TLS_USAGE_NEW, TLS_USAGE_USED,
+} TLS_USAGE;
+
+ /*
* Names of valid tlsmgr(8) session caches.
*/
#define TLS_MGR_SCACHE_SMTPD "smtpd"
@@ -231,6 +263,17 @@
const char *cipher_name;
int cipher_usebits;
int cipher_algbits;
+ const char *kex_name; /* shared key-exchange algorithm */
+ const char *kex_curve; /* shared key-exchange ECDHE curve */
+ int kex_bits; /* shared FFDHE key exchange bits */
+ const char *clnt_sig_name; /* client's signature key algorithm */
+ const char *clnt_sig_curve; /* client's ECDSA curve name */
+ int clnt_sig_bits; /* client's RSA signature key bits */
+ const char *clnt_sig_dgst; /* client's signature digest */
+ const char *srvr_sig_name; /* server's signature key algorithm */
+ const char *srvr_sig_curve; /* server's ECDSA curve name */
+ int srvr_sig_bits; /* server's RSA signature key bits */
+ const char *srvr_sig_dgst; /* server's signature digest */
/* Private. */
SSL *con;
char *cache_type; /* tlsmgr(8) cache type if enabled */
@@ -369,10 +412,15 @@
#define SSL_OP_NO_TLSv1_2 0L /* Noop */
#endif
-#ifdef SSL_TXT_TLSV1_3
+ /*
+ * OpenSSL 1.1.1 does not define a TXT macro for TLS 1.3, so we roll our
+ * own.
+ */
+#define TLS_PROTOCOL_TXT_TLSV1_3 "TLSv1.3"
+
+#if defined(TLS1_3_VERSION) && defined(SSL_OP_NO_TLSv1_3)
#define TLS_PROTOCOL_TLSv1_3 (1<<5) /* TLSv1_3 */
#else
-#define SSL_TXT_TLSV1_3 "TLSv1.3"
#define TLS_PROTOCOL_TLSv1_3 0 /* Unknown */
#undef SSL_OP_NO_TLSv1_3
#define SSL_OP_NO_TLSv1_3 0L /* Noop */
@@ -380,7 +428,7 @@
#define TLS_KNOWN_PROTOCOLS \
( TLS_PROTOCOL_SSLv2 | TLS_PROTOCOL_SSLv3 | TLS_PROTOCOL_TLSv1 \
- | TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 )
+ | TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3 )
#define TLS_SSL_OP_PROTOMASK(m) \
((((m) & TLS_PROTOCOL_SSLv2) ? SSL_OP_NO_SSLv2 : 0L) \
| (((m) & TLS_PROTOCOL_SSLv3) ? SSL_OP_NO_SSLv3 : 0L) \
@@ -421,7 +469,12 @@
extern const char *tls_set_ciphers(TLS_APPL_STATE *, const char *,
const char *, const char *);
-#endif
+ /*
+ * Populate TLS context with TLS 1.3-related signature parameters.
+ */
+extern void tls_get_signature_params(TLS_SESS_STATE *);
+
+#endif /* TLS_INTERNAL */
/*
* tls_client.c
@@ -549,6 +602,7 @@
extern const char *tls_compile_version(void);
extern const char *tls_run_version(void);
extern const char **tls_pkey_algorithms(void);
+extern void tls_log_summary(TLS_ROLE, TLS_USAGE, TLS_SESS_STATE *);
#ifdef TLS_INTERNAL
diff -Nru postfix-3.1.9/src/tls/tls_misc.c postfix-3.1.12/src/tls/tls_misc.c
--- postfix-3.1.9/src/tls/tls_misc.c 2016-02-06 15:20:45.000000000 -0500
+++ postfix-3.1.12/src/tls/tls_misc.c 2018-11-17 18:10:03.000000000 -0500
@@ -4,6 +4,25 @@
/* SUMMARY
/* miscellaneous TLS support routines
/* SYNOPSIS
+/* .SH Public functions
+/* .nf
+/* .na
+/* #include <tls.h>
+/*
+/* void tls_log_summary(role, usage, TLScontext)
+/* TLS_ROLE role;
+/* TLS_USAGE usage;
+/* TLS_SESS_STATE *TLScontext;
+/*
+/* const char *tls_compile_version(void)
+/*
+/* const char *tls_run_version(void)
+/*
+/* const char **tls_pkey_algorithms(void)
+/*
+/* .SH Internal functions
+/* .nf
+/* .na
/* #define TLS_INTERNAL
/* #include <tls.h>
/*
@@ -61,6 +80,9 @@
/* int grade;
/* const char *exclusions;
/*
+/* void tls_get_signature_params(TLScontext)
+/* TLS_SESS_STATE *TLScontext;
+/*
/* void tls_print_errors()
/*
/* void tls_info_callback(ssl, where, ret)
@@ -86,15 +108,24 @@
/*
/* int tls_validate_digest(dgst)
/* const char *dgst;
+/* DESCRIPTION
+/* This module implements public and internal routines that
+/* support the TLS client and server.
/*
-/* const char *tls_compile_version(void)
+/* tls_log_summary() logs a summary of a completed TLS connection.
+/* The "role" argument must be TLS_ROLE_CLIENT for outgoing client
+/* connections, or TLS_ROLE_SERVER for incoming server connections,
+/* and the "usage" must be TLS_USAGE_NEW or TLS_USAGE_USED.
/*
-/* const char *tls_run_version(void)
+/* tls_compile_version() returns a text string description of
+/* the compile-time TLS library.
/*
-/* const char **tls_pkey_algorithms(void)
-/* DESCRIPTION
-/* This module implements routines that support the TLS client
-/* and server internals.
+/* tls_run_version() is just tls_compile_version() but with the runtime
+/* version instead of the compile-time version.
+/*
+/* tls_pkey_algorithms() returns a pointer to null-terminated
+/* array of string constants with the names of the supported
+/* public-key algorithms.
/*
/* tls_alloc_app_context() creates an application context that
/* holds the SSL context for the application and related cached state.
@@ -142,6 +173,12 @@
/* When the input is invalid, tls_set_ciphers() logs a warning with
/* the specified context, and returns a null pointer result.
/*
+/* tls_get_signature_params() updates the "TLScontext" with handshake
+/* signature parameters pertaining to TLS 1.3, where the ciphersuite
+/* no longer describes the asymmetric algorithms employed in the
+/* handshake, which are negotiated separately. This function
+/* has no effect for TLS 1.2 and earlier.
+/*
/* tls_print_errors() queries the OpenSSL error stack,
/* logs the error messages, and clears the error stack.
/*
@@ -162,16 +199,6 @@
/*
/* tls_validate_digest() returns non-zero if the named digest
/* is usable and zero otherwise.
-/*
-/* tls_compile_version() returns a text string description of
-/* the compile-time TLS library.
-/*
-/* tls_run_version() is just tls_compile_version() but with the runtime
-/* version instead of the compile-time version.
-/*
-/* tls_pkey_algorithms() returns a pointer to null-terminated
-/* array of string constants with the names of the supported
-/* public-key algorithms.
/* LICENSE
/* .ad
/* .fi
@@ -277,7 +304,7 @@
SSL_TXT_TLSV1, TLS_PROTOCOL_TLSv1,
SSL_TXT_TLSV1_1, TLS_PROTOCOL_TLSv1_1,
SSL_TXT_TLSV1_2, TLS_PROTOCOL_TLSv1_2,
- SSL_TXT_TLSV1_3, TLS_PROTOCOL_TLSv1_3,
+ TLS_PROTOCOL_TXT_TLSV1_3, TLS_PROTOCOL_TLSv1_3,
0, TLS_PROTOCOL_INVALID,
};
@@ -353,6 +380,29 @@
#define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0
#endif
NAMEBUG(CRYPTOPRO_TLSEXT_BUG),
+
+#ifndef SSL_OP_TLSEXT_PADDING
+#define SSL_OP_TLSEXT_PADDING 0
+#endif
+ NAMEBUG(TLSEXT_PADDING),
+
+#if 0
+
+ /*
+ * XXX: New with OpenSSL 1.1.1, this is turned on implicitly in
+ * SSL_CTX_new() and is not included in SSL_OP_ALL. Allowing users to
+ * disable this would thus be a code change that would require clearing
+ * bug work-around bits in SSL_CTX, after setting SSL_OP_ALL. Since this
+ * is presumably required for TLS 1.3 on today's Internet, the code
+ * change will be done separately later. For now this implicit bug
+ * work-around cannot be disabled via supported Postfix mechanisms.
+ */
+#ifndef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
+#define SSL_OP_ENABLE_MIDDLEBOX_COMPAT 0
+#endif
+ NAMEBUG(ENABLE_MIDDLEBOX_COMPAT),
+#endif
+
0, 0,
};
@@ -378,6 +428,27 @@
#define SSL_OP_NO_COMPRESSION 0
#endif
NAME_SSL_OP(NO_COMPRESSION),
+
+#ifndef SSL_OP_NO_RENEGOTIATION
+#define SSL_OP_NO_RENEGOTIATION 0
+#endif
+ NAME_SSL_OP(NO_RENEGOTIATION),
+
+#ifndef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0
+#endif
+ NAME_SSL_OP(NO_SESSION_RESUMPTION_ON_RENEGOTIATION),
+
+#ifndef SSL_OP_PRIORITIZE_CHACHA
+#define SSL_OP_PRIORITIZE_CHACHA 0
+#endif
+ NAME_SSL_OP(PRIORITIZE_CHACHA),
+
+#ifndef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
+#define SSL_OP_ENABLE_MIDDLEBOX_COMPAT 0
+#endif
+ NAME_SSL_OP(ENABLE_MIDDLEBOX_COMPAT),
+
0, 0,
};
@@ -767,6 +838,224 @@
return (app_ctx->cipher_list = mystrdup(new_list));
}
+/* tls_get_signature_params - TLS 1.3 signature details */
+
+void tls_get_signature_params(TLS_SESS_STATE *TLScontext)
+{
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fUL && defined(TLS1_3_VERSION)
+ const char *kex_name = 0;
+ const char *kex_curve = 0;
+ const char *locl_sig_name = 0;
+ const char *locl_sig_curve = 0;
+ const char *locl_sig_dgst = 0;
+ const char *peer_sig_name = 0;
+ const char *peer_sig_curve = 0;
+ const char *peer_sig_dgst = 0;
+ int nid;
+ int got_kex_key;
+ SSL *ssl = TLScontext->con;
+ int srvr = SSL_is_server(ssl);
+ X509 *cert;
+ EVP_PKEY *pkey = 0;
+
+#ifndef OPENSSL_NO_EC
+ EC_KEY *eckey;
+
+#endif
+
+#define SIG_PROP(c, s, p) (*((s) ? &c->srvr_sig_##p : &c->clnt_sig_##p))
+
+ if (SSL_version(ssl) < TLS1_3_VERSION)
+ return;
+
+ if (tls_get_peer_dh_pubkey(ssl, &pkey)) {
+ switch (nid = EVP_PKEY_id(pkey)) {
+ default:
+ kex_name = OBJ_nid2sn(EVP_PKEY_type(nid));
+ break;
+
+ case EVP_PKEY_DH:
+ kex_name = "DHE";
+ TLScontext->kex_bits = EVP_PKEY_bits(pkey);
+ break;
+
+#ifndef OPENSSL_NO_EC
+ case EVP_PKEY_EC:
+ kex_name = "ECDHE";
+ eckey = EVP_PKEY_get0_EC_KEY(pkey);
+ nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(eckey));
+ kex_curve = EC_curve_nid2nist(nid);
+ if (!kex_curve)
+ kex_curve = OBJ_nid2sn(nid);
+ break;
+#endif
+ }
+ EVP_PKEY_free(pkey);
+ }
+
+ /*
+ * On the client end, the certificate may be preset, but not used, so we
+ * check via SSL_get_signature_nid(). This means that local signature
+ * data on clients requires at least 1.1.1a.
+ */
+ if (srvr || SSL_get_signature_nid(ssl, &nid))
+ cert = SSL_get_certificate(ssl);
+ else
+ cert = 0;
+
+ /* Signature algorithms for the local end of the connection */
+ if (cert) {
+ pkey = X509_get0_pubkey(cert);
+
+ /*
+ * Override the built-in name for the "ECDSA" algorithms OID, with
+ * the more familiar name. For "RSA" keys report "RSA-PSS", which
+ * must be used with TLS 1.3.
+ */
+ if ((nid = EVP_PKEY_type(EVP_PKEY_id(pkey))) != NID_undef) {
+ switch (nid) {
+ default:
+ locl_sig_name = OBJ_nid2sn(nid);
+ break;
+
+ case EVP_PKEY_RSA:
+ /* For RSA, TLS 1.3 mandates PSS signatures */
+ locl_sig_name = "RSA-PSS";
+ SIG_PROP(TLScontext, srvr, bits) = EVP_PKEY_bits(pkey);
+ break;
+
+#ifndef OPENSSL_NO_EC
+ case EVP_PKEY_EC:
+ locl_sig_name = "ECDSA";
+ eckey = EVP_PKEY_get0_EC_KEY(pkey);
+ nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(eckey));
+ locl_sig_curve = EC_curve_nid2nist(nid);
+ if (!locl_sig_curve)
+ locl_sig_curve = OBJ_nid2sn(nid);
+ break;
+#endif
+ }
+ }
+
+ /*
+ * With Ed25519 and Ed448 there is no pre-signature digest, but the
+ * accessor does not fail, rather we get NID_undef.
+ */
+ if (SSL_get_signature_nid(ssl, &nid) && nid != NID_undef)
+ locl_sig_dgst = OBJ_nid2sn(nid);
+ }
+ /* Signature algorithms for the peer end of the connection */
+ if ((cert = SSL_get_peer_certificate(ssl)) != 0) {
+ pkey = X509_get0_pubkey(cert);
+
+ /*
+ * Override the built-in name for the "ECDSA" algorithms OID, with
+ * the more familiar name. For "RSA" keys report "RSA-PSS", which
+ * must be used with TLS 1.3.
+ */
+ if ((nid = EVP_PKEY_type(EVP_PKEY_id(pkey))) != NID_undef) {
+ switch (nid) {
+ default:
+ peer_sig_name = OBJ_nid2sn(nid);
+ break;
+
+ case EVP_PKEY_RSA:
+ /* For RSA, TLS 1.3 mandates PSS signatures */
+ peer_sig_name = "RSA-PSS";
+ SIG_PROP(TLScontext, !srvr, bits) = EVP_PKEY_bits(pkey);
+ break;
+
+#ifndef OPENSSL_NO_EC
+ case EVP_PKEY_EC:
+ peer_sig_name = "ECDSA";
+ eckey = EVP_PKEY_get0_EC_KEY(pkey);
+ nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(eckey));
+ peer_sig_curve = EC_curve_nid2nist(nid);
+ if (!peer_sig_curve)
+ peer_sig_curve = OBJ_nid2sn(nid);
+ break;
+#endif
+ }
+ }
+
+ /*
+ * With Ed25519 and Ed448 there is no pre-signature digest, but the
+ * accessor does not fail, rather we get NID_undef.
+ */
+ if (SSL_get_peer_signature_nid(ssl, &nid) && nid != NID_undef)
+ peer_sig_dgst = OBJ_nid2sn(nid);
+ }
+ if (kex_name) {
+ TLScontext->kex_name = mystrdup(kex_name);
+ if (kex_curve)
+ TLScontext->kex_curve = mystrdup(kex_curve);
+ }
+ if (locl_sig_name) {
+ SIG_PROP(TLScontext, srvr, name) = mystrdup(locl_sig_name);
+ if (locl_sig_curve)
+ SIG_PROP(TLScontext, srvr, curve) = mystrdup(locl_sig_curve);
+ if (locl_sig_dgst)
+ SIG_PROP(TLScontext, srvr, dgst) = mystrdup(locl_sig_dgst);
+ }
+ if (peer_sig_name) {
+ SIG_PROP(TLScontext, !srvr, name) = mystrdup(peer_sig_name);
+ if (peer_sig_curve)
+ SIG_PROP(TLScontext, !srvr, curve) = mystrdup(peer_sig_curve);
+ if (peer_sig_dgst)
+ SIG_PROP(TLScontext, !srvr, dgst) = mystrdup(peer_sig_dgst);
+ }
+#endif /* OPENSSL_VERSION_NUMBER ... */
+}
+
+/* tls_log_summary - TLS loglevel 1 one-liner, embellished with TLS 1.3 details */
+
+void tls_log_summary(TLS_ROLE role, TLS_USAGE usage, TLS_SESS_STATE *ctx)
+{
+ VSTRING *msg = vstring_alloc(100);
+ const char *direction = (role == TLS_ROLE_CLIENT) ? "to" : "from";
+
+ vstring_sprintf(msg, "%s TLS connection %s %s %s: %s"
+ " with cipher %s (%d/%d bits)",
+ !TLS_CERT_IS_PRESENT(ctx) ? "Anonymous" :
+ TLS_CERT_IS_SECURED(ctx) ? "Verified" :
+ TLS_CERT_IS_TRUSTED(ctx) ? "Trusted" : "Untrusted",
+ usage == TLS_USAGE_NEW ? "established" : "reused",
+ direction, ctx->namaddr, ctx->protocol, ctx->cipher_name,
+ ctx->cipher_usebits, ctx->cipher_algbits);
+
+ if (ctx->kex_name && *ctx->kex_name) {
+ vstring_sprintf_append(msg, " key-exchange %s", ctx->kex_name);
+ if (ctx->kex_curve && *ctx->kex_curve)
+ vstring_sprintf_append(msg, " (%s)", ctx->kex_curve);
+ else if (ctx->kex_bits > 0)
+ vstring_sprintf_append(msg, " (%d bits)", ctx->kex_bits);
+ }
+ if (ctx->srvr_sig_name && *ctx->srvr_sig_name) {
+ vstring_sprintf_append(msg, " server-signature %s",
+ ctx->srvr_sig_name);
+ if (ctx->srvr_sig_curve && *ctx->srvr_sig_curve)
+ vstring_sprintf_append(msg, " (%s)", ctx->srvr_sig_curve);
+ else if (ctx->srvr_sig_bits > 0)
+ vstring_sprintf_append(msg, " (%d bits)", ctx->srvr_sig_bits);
+ if (ctx->srvr_sig_dgst && *ctx->srvr_sig_dgst)
+ vstring_sprintf_append(msg, " server-digest %s",
+ ctx->srvr_sig_dgst);
+ }
+ if (ctx->clnt_sig_name && *ctx->clnt_sig_name) {
+ vstring_sprintf_append(msg, " client-signature %s",
+ ctx->clnt_sig_name);
+ if (ctx->clnt_sig_curve && *ctx->clnt_sig_curve)
+ vstring_sprintf_append(msg, " (%s)", ctx->clnt_sig_curve);
+ else if (ctx->clnt_sig_bits > 0)
+ vstring_sprintf_append(msg, " (%d bits)", ctx->clnt_sig_bits);
+ if (ctx->clnt_sig_dgst && *ctx->clnt_sig_dgst)
+ vstring_sprintf_append(msg, " client-digest %s",
+ ctx->clnt_sig_dgst);
+ }
+ msg_info("%s", vstring_str(msg));
+ vstring_free(msg);
+}
+
/* tls_alloc_app_context - allocate TLS application context */
TLS_APPL_STATE *tls_alloc_app_context(SSL_CTX *ssl_ctx, int log_mask)
@@ -834,6 +1123,14 @@
TLScontext->peer_pkey_fprint = 0;
TLScontext->protocol = 0;
TLScontext->cipher_name = 0;
+ TLScontext->kex_name = 0;
+ TLScontext->kex_curve = 0;
+ TLScontext->clnt_sig_name = 0;
+ TLScontext->clnt_sig_curve = 0;
+ TLScontext->clnt_sig_dgst = 0;
+ TLScontext->srvr_sig_name = 0;
+ TLScontext->srvr_sig_curve = 0;
+ TLScontext->srvr_sig_dgst = 0;
TLScontext->log_mask = log_mask;
TLScontext->namaddr = lowercase(mystrdup(namaddr));
TLScontext->mdalg = 0; /* Alias for props->mdalg */
@@ -961,9 +1258,16 @@
tls_version_split(OPENSSL_VERSION_NUMBER, &hdr_info);
tls_version_split(OpenSSL_version_num(), &lib_info);
+ /*
+ * Warn if run-time library is different from compile-time library,
+ * allowing later run-time "micro" versions starting with 1.1.0.
+ */
if (lib_info.major != hdr_info.major
|| lib_info.minor != hdr_info.minor
- || lib_info.micro != hdr_info.micro)
+ || (lib_info.micro != hdr_info.micro
+ && (lib_info.micro < hdr_info.micro
+ || hdr_info.major == 0
+ || (hdr_info.major == 1 && hdr_info.minor == 0))))
msg_warn("run-time library vs. compile-time header version mismatch: "
"OpenSSL %d.%d.%d may not be compatible with OpenSSL %d.%d.%d",
lib_info.major, lib_info.minor, lib_info.micro,
diff -Nru postfix-3.1.9/src/tls/tls_proxy_clnt.c postfix-3.1.12/src/tls/tls_proxy_clnt.c
--- postfix-3.1.9/src/tls/tls_proxy_clnt.c 2014-12-25 11:47:17.000000000 -0500
+++ postfix-3.1.12/src/tls/tls_proxy_clnt.c 2018-11-17 18:10:03.000000000 -0500
@@ -239,6 +239,24 @@
myfree((void *) tls_context->protocol);
if (tls_context->cipher_name)
myfree((void *) tls_context->cipher_name);
+ if (tls_context->kex_name)
+ myfree((void *) tls_context->kex_name);
+ if (tls_context->kex_curve)
+ myfree((void *) tls_context->kex_curve);
+ if (tls_context->clnt_sig_name)
+ myfree((void *) tls_context->clnt_sig_name);
+ if (tls_context->clnt_sig_curve)
+ myfree((void *) tls_context->clnt_sig_curve);
+ if (tls_context->clnt_sig_dgst)
+ myfree((void *) tls_context->clnt_sig_dgst);
+ if (tls_context->srvr_sig_name)
+ myfree((void *) tls_context->srvr_sig_name);
+ if (tls_context->srvr_sig_curve)
+ myfree((void *) tls_context->srvr_sig_curve);
+ if (tls_context->srvr_sig_dgst)
+ myfree((void *) tls_context->srvr_sig_dgst);
+ if (tls_context->namaddr)
+ myfree((void *) tls_context->namaddr);
myfree((void *) tls_context);
}
diff -Nru postfix-3.1.9/src/tls/tls_proxy_print.c postfix-3.1.12/src/tls/tls_proxy_print.c
--- postfix-3.1.9/src/tls/tls_proxy_print.c 2014-12-14 13:22:06.000000000 -0500
+++ postfix-3.1.12/src/tls/tls_proxy_print.c 2018-11-17 18:10:03.000000000 -0500
@@ -79,6 +79,30 @@
tp->cipher_usebits),
SEND_ATTR_INT(MAIL_ATTR_CIPHER_ALGBITS,
tp->cipher_algbits),
+ SEND_ATTR_STR(MAIL_ATTR_KEX_NAME,
+ STRING_OR_EMPTY(tp->kex_name)),
+ SEND_ATTR_STR(MAIL_ATTR_KEX_CURVE,
+ STRING_OR_EMPTY(tp->kex_curve)),
+ SEND_ATTR_INT(MAIL_ATTR_KEX_BITS,
+ tp->kex_bits),
+ SEND_ATTR_STR(MAIL_ATTR_CLNT_SIG_NAME,
+ STRING_OR_EMPTY(tp->clnt_sig_name)),
+ SEND_ATTR_STR(MAIL_ATTR_CLNT_SIG_CURVE,
+ STRING_OR_EMPTY(tp->clnt_sig_curve)),
+ SEND_ATTR_INT(MAIL_ATTR_CLNT_SIG_BITS,
+ tp->clnt_sig_bits),
+ SEND_ATTR_STR(MAIL_ATTR_CLNT_SIG_DGST,
+ STRING_OR_EMPTY(tp->clnt_sig_dgst)),
+ SEND_ATTR_STR(MAIL_ATTR_SRVR_SIG_NAME,
+ STRING_OR_EMPTY(tp->srvr_sig_name)),
+ SEND_ATTR_STR(MAIL_ATTR_SRVR_SIG_CURVE,
+ STRING_OR_EMPTY(tp->srvr_sig_curve)),
+ SEND_ATTR_INT(MAIL_ATTR_SRVR_SIG_BITS,
+ tp->srvr_sig_bits),
+ SEND_ATTR_STR(MAIL_ATTR_SRVR_SIG_DGST,
+ STRING_OR_EMPTY(tp->srvr_sig_dgst)),
+ SEND_ATTR_STR(MAIL_ATTR_NAMADDR,
+ STRING_OR_EMPTY(tp->namaddr)),
ATTR_TYPE_END);
return (ret);
}
diff -Nru postfix-3.1.9/src/tls/tls_proxy_scan.c postfix-3.1.12/src/tls/tls_proxy_scan.c
--- postfix-3.1.9/src/tls/tls_proxy_scan.c 2014-12-14 13:22:06.000000000 -0500
+++ postfix-3.1.12/src/tls/tls_proxy_scan.c 2018-11-17 18:10:03.000000000 -0500
@@ -63,6 +63,15 @@
VSTRING *peer_pkey_fprint = vstring_alloc(60); /* 60 for SHA-1 */
VSTRING *protocol = vstring_alloc(25);
VSTRING *cipher_name = vstring_alloc(25);
+ VSTRING *kex_name = vstring_alloc(25);
+ VSTRING *kex_curve = vstring_alloc(25);
+ VSTRING *clnt_sig_name = vstring_alloc(25);
+ VSTRING *clnt_sig_curve = vstring_alloc(25);
+ VSTRING *clnt_sig_dgst = vstring_alloc(25);
+ VSTRING *srvr_sig_name = vstring_alloc(25);
+ VSTRING *srvr_sig_curve = vstring_alloc(25);
+ VSTRING *srvr_sig_dgst = vstring_alloc(25);
+ VSTRING *namaddr = vstring_alloc(100);
/*
* Note: memset() is not a portable way to initialize non-integer types.
@@ -81,6 +90,18 @@
&tls_context->cipher_usebits),
RECV_ATTR_INT(MAIL_ATTR_CIPHER_ALGBITS,
&tls_context->cipher_algbits),
+ RECV_ATTR_STR(MAIL_ATTR_KEX_NAME, kex_name),
+ RECV_ATTR_STR(MAIL_ATTR_KEX_CURVE, kex_curve),
+ RECV_ATTR_INT(MAIL_ATTR_KEX_BITS, &tls_context->kex_bits),
+ RECV_ATTR_STR(MAIL_ATTR_CLNT_SIG_NAME, clnt_sig_name),
+ RECV_ATTR_STR(MAIL_ATTR_CLNT_SIG_CURVE, clnt_sig_curve),
+ RECV_ATTR_INT(MAIL_ATTR_CLNT_SIG_BITS, &tls_context->clnt_sig_bits),
+ RECV_ATTR_STR(MAIL_ATTR_CLNT_SIG_DGST, clnt_sig_dgst),
+ RECV_ATTR_STR(MAIL_ATTR_SRVR_SIG_NAME, srvr_sig_name),
+ RECV_ATTR_STR(MAIL_ATTR_SRVR_SIG_CURVE, srvr_sig_curve),
+ RECV_ATTR_INT(MAIL_ATTR_SRVR_SIG_BITS, &tls_context->srvr_sig_bits),
+ RECV_ATTR_STR(MAIL_ATTR_SRVR_SIG_DGST, srvr_sig_dgst),
+ RECV_ATTR_STR(MAIL_ATTR_NAMADDR, namaddr),
ATTR_TYPE_END);
tls_context->peer_CN = vstring_export(peer_CN);
tls_context->issuer_CN = vstring_export(issuer_CN);
@@ -88,7 +109,16 @@
tls_context->peer_pkey_fprint = vstring_export(peer_pkey_fprint);
tls_context->protocol = vstring_export(protocol);
tls_context->cipher_name = vstring_export(cipher_name);
- return (ret == 9 ? 1 : -1);
+ tls_context->kex_name = vstring_export(kex_name);
+ tls_context->kex_curve = vstring_export(kex_curve);
+ tls_context->clnt_sig_name = vstring_export(clnt_sig_name);
+ tls_context->clnt_sig_curve = vstring_export(clnt_sig_curve);
+ tls_context->clnt_sig_dgst = vstring_export(clnt_sig_dgst);
+ tls_context->srvr_sig_name = vstring_export(srvr_sig_name);
+ tls_context->srvr_sig_curve = vstring_export(srvr_sig_curve);
+ tls_context->srvr_sig_dgst = vstring_export(srvr_sig_dgst);
+ tls_context->namaddr = vstring_export(namaddr);
+ return (ret == 21 ? 1 : -1);
}
#endif
diff -Nru postfix-3.1.9/src/tls/tls_server.c postfix-3.1.12/src/tls/tls_server.c
--- postfix-3.1.9/src/tls/tls_server.c 2016-08-27 16:27:50.000000000 -0400
+++ postfix-3.1.12/src/tls/tls_server.c 2018-11-17 18:10:03.000000000 -0500
@@ -510,8 +510,23 @@
ticketable = 0;
}
}
- if (ticketable)
+ if (ticketable) {
SSL_CTX_set_tlsext_ticket_key_cb(server_ctx, ticket_cb);
+
+ /*
+ * OpenSSL 1.1.1 introduces support for TLS 1.3, which can issue more
+ * than one ticket per handshake. While this may be appropriate for
+ * communication between browsers and webservers, it is not terribly
+ * useful for MTAs, many of which other than Postfix don't do TLS
+ * session caching at all, and Postfix has no mechanism for storing
+ * multiple session tickets, if more than one sent, the second
+ * clobbers the first. OpenSSL 1.1.1 servers default to issuing two
+ * tickets for non-resumption handshakes, we reduce this to one. Our
+ * ticket decryption callback already (since 2.11) asks OpenSSL to
+ * avoid issuing new tickets when the presented ticket is re-usable.
+ */
+ SSL_CTX_set_num_tickets(server_ctx, 1);
+ }
#endif
if (!ticketable)
off |= SSL_OP_NO_TICKET;
@@ -946,14 +961,12 @@
tls_stream_start(TLScontext->stream, TLScontext);
/*
- * All the key facts in a single log entry.
+ * With the handshake done, extract TLS 1.3 signature metadata.
*/
+ tls_get_signature_params(TLScontext);
+
if (TLScontext->log_mask & TLS_LOG_SUMMARY)
- msg_info("%s TLS connection established from %s: %s with cipher %s "
- "(%d/%d bits)", !TLS_CERT_IS_PRESENT(TLScontext) ? "Anonymous"
- : TLS_CERT_IS_TRUSTED(TLScontext) ? "Trusted" : "Untrusted",
- TLScontext->namaddr, TLScontext->protocol, TLScontext->cipher_name,
- TLScontext->cipher_usebits, TLScontext->cipher_algbits);
+ tls_log_summary(TLS_ROLE_SERVER, TLS_USAGE_NEW, TLScontext);
tls_int_seed();
diff -Nru postfix-3.1.9/src/tlsmgr/.indent.pro postfix-3.1.12/src/tlsmgr/.indent.pro
--- postfix-3.1.9/src/tlsmgr/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/tlsmgr/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/tlsproxy/.indent.pro postfix-3.1.12/src/tlsproxy/.indent.pro
--- postfix-3.1.9/src/tlsproxy/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/tlsproxy/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/trivial-rewrite/.indent.pro postfix-3.1.12/src/trivial-rewrite/.indent.pro
--- postfix-3.1.9/src/trivial-rewrite/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/trivial-rewrite/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/util/dict_utf8.c postfix-3.1.12/src/util/dict_utf8.c
--- postfix-3.1.9/src/util/dict_utf8.c 2015-02-03 11:19:19.000000000 -0500
+++ postfix-3.1.12/src/util/dict_utf8.c 2018-12-27 18:31:11.000000000 -0500
@@ -104,8 +104,9 @@
/*
* Casefold UTF-8.
*/
- if (fold_flag != 0 && (fold_flag & (dict->flags & DICT_FLAG_FIXED) ?
- DICT_FLAG_FOLD_FIX : DICT_FLAG_FOLD_MUL)) {
+ if (fold_flag != 0
+ && (fold_flag & ((dict->flags & DICT_FLAG_FIXED) ?
+ DICT_FLAG_FOLD_FIX : DICT_FLAG_FOLD_MUL))) {
if (dict->fold_buf == 0)
dict->fold_buf = vstring_alloc(10);
return (casefold(dict->fold_buf, string));
diff -Nru postfix-3.1.9/src/util/.indent.pro postfix-3.1.12/src/util/.indent.pro
--- postfix-3.1.9/src/util/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/util/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/verify/.indent.pro postfix-3.1.12/src/verify/.indent.pro
--- postfix-3.1.9/src/verify/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/verify/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/virtual/.indent.pro postfix-3.1.12/src/virtual/.indent.pro
--- postfix-3.1.9/src/virtual/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/virtual/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
diff -Nru postfix-3.1.9/src/xsasl/.indent.pro postfix-3.1.12/src/xsasl/.indent.pro
--- postfix-3.1.9/src/xsasl/.indent.pro 2015-12-27 17:04:47.000000000 -0500
+++ postfix-3.1.12/src/xsasl/.indent.pro 2018-11-17 18:09:24.000000000 -0500
@@ -343,6 +343,7 @@
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
@@ -350,6 +351,7 @@
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
+-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
Reply to: