Minor wordsmithing. Files: text in proto/postconf.proto,
warning message tls.tls_dh.c.
+
+20230115
+ Workaround for a breaking change in OpenSSL 3: always turn
+ on SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages
+ and missed opportunities for TLS session reuse. This is
+ safe because the SMTP protocol implements application-level
+ framing, and is therefore not affected by TLS truncation
+ attacks. Fix by Viktor Dukhovni. Files: tls/tls.h, tls_client.c,
+ tls/tls_server.c.
proto postconf proto src tlsproxy tlsproxy c src smtpd smtpd c
src tls tls h src tls tls_proxy_client_misc c src tls tls_misc c
src global mail_params h src smtp smtp c
+ attacks Fix by Viktor Dukhovni Files tls tls h tls_client c
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20230108"
+#define MAIL_RELEASE_DATE "20230121"
#define MAIL_VERSION_NUMBER "3.8"
#ifdef SNAPSHOT
#define SSL_OP_NO_TLSv1_3 0L /* Noop */
#endif
+/*
+ * Always used when defined, SMTP has no truncation attacks.
+ */
+#ifndef SSL_OP_IGNORE_UNEXPECTED_EOF
+#define SSL_OP_IGNORE_UNEXPECTED_EOF 0L
+#endif
+
#define TLS_KNOWN_PROTOCOLS \
( TLS_PROTOCOL_SSLv2 | TLS_PROTOCOL_SSLv3 | TLS_PROTOCOL_TLSv1 \
| TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3 )
* just exposed via hex codes or named elements of tls_ssl_options.
*/
#define TLS_SSL_OP_MANAGED_BITS \
- (SSL_OP_CIPHER_SERVER_PREFERENCE | TLS_SSL_OP_PROTOMASK(~0))
+ (SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_IGNORE_UNEXPECTED_EOF | \
+ TLS_SSL_OP_PROTOMASK(~0))
extern int tls_proto_mask_lims(const char *, int *, int *);
}
tls_dane_digest_init(client_ctx, fpt_alg);
+ /*
+ * Presently we use TLS only with SMTP where truncation attacks are not
+ * possible as a result of application framing. If we ever use TLS in
+ * some other application protocol where truncation could be relevant,
+ * we'd need to disable truncation detection conditionally, or explicitly
+ * clear the option in that code path.
+ */
+ off |= SSL_OP_IGNORE_UNEXPECTED_EOF;
+
/*
* Protocol selection is destination dependent, so we delay the protocol
* selection options to the per-session SSL object.
if (scache_timeout <= 0)
cachable = 0;
+ /*
+ * Presently we use TLS only with SMTP where truncation attacks are not
+ * possible as a result of application framing. If we ever use TLS in
+ * some other application protocol where truncation could be relevant,
+ * we'd need to disable truncation detection conditionally, or explicitly
+ * clear the option in that code path.
+ */
+ off |= SSL_OP_IGNORE_UNEXPECTED_EOF;
+
/*
* Protocol work-arounds, OpenSSL version dependent.
*/
projects / thirdparty / postfix.git / commitdiff
