From: Wietse Venema Date: Tue, 10 Dec 2013 05:00:00 +0000 (-0500) Subject: postfix-2.11-20131210-nonprod X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fheads%2F20131210-nonprod;p=thirdparty%2Fpostfix.git postfix-2.11-20131210-nonprod --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 396760acb..53f08e971 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -19316,3 +19316,21 @@ Apologies for any names omitted. src/smtp/smtp_tls_policy.c src/tls/tls_dane.c src/posttls-finger/posttls-finger.c. +20131209 + + Cleanup: safe_strtoul() did not report an error for empty + or all-space input (the code to report this was in the wrong + place). This was not a problem as long as safe_strtoul() + was used only for output from safe_ultostr(). Files: + global/safe_ultostr.c, global/safe_ultostr.in, + global/safe_ultostr.ref. + +20131210 + + Documentation: updated description of SSL protocol controls. + In particular, emabled protocols are psrt of a contiguous + range. Viktor Dukhovni. Files: proto/TLS_README.html, + proto/postconf.proto. + + Bugfix (DANE support): handle OpenSSL memory allocation + error. Viktor Dukhovni. File: tls/tls_dane.c. diff --git a/postfix/README_FILES/TLS_README b/postfix/README_FILES/TLS_README index 2d07f9a99..552279f72 100644 --- a/postfix/README_FILES/TLS_README +++ b/postfix/README_FILES/TLS_README @@ -412,7 +412,7 @@ from scratch. Since Postfix uses multiple smtpd(8) service processes, an in-memory cache is not sufficient for session re-use. Clients store at most one cached session per -server and are very unlikey to repeatedly connect to the same server process. +server and are very unlikely to repeatedly connect to the same server process. Thus session caching in the Postfix SMTP server generally requires a shared cache (an alternative available with Postfix >= 2.11 is described below). @@ -617,9 +617,9 @@ ciphers: smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 smtpd_tls_security_level = encrypt - # Postfix >= 2.5: + # Preferred syntax with Postfix >= 2.5: smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 - # Legacy form with Postfix prior to 2.5: + # Legacy syntax: smtpd_tls_mandatory_protocols = TLSv1 If you want to take advantage of ciphers with ephemeral Diffie-Hellman (EDH) @@ -931,7 +931,7 @@ not look for TLSA records associated with MX hosts whose "A" or "AAAA" records lie in an "insecure" DNS zone. Such lookups have been observed to cause interoperability issues with poorly implemented DNS servers, and are in any case not expected to ever yield "secure" results, since that would require a -very unlikey DLV DNS trust anchor configured between the host record and the +very unlikely DLV DNS trust anchor configured between the host record and the associated "_25._tcp" child TLSA record. The "dane-only" level is a form of secure-channel TLS based on the DANE PKI. If diff --git a/postfix/html/TLS_README.html b/postfix/html/TLS_README.html index fd14e88b6..cd75ee8ab 100644 --- a/postfix/html/TLS_README.html +++ b/postfix/html/TLS_README.html @@ -607,7 +607,7 @@ from scratch.

Since Postfix uses multiple smtpd(8) service processes, an in-memory cache is not sufficient for session re-use. Clients store -at most one cached session per server and are very unlikey to +at most one cached session per server and are very unlikely to repeatedly connect to the same server process. Thus session caching in the Postfix SMTP server generally requires a shared cache (an alternative available with Postfix ≥ 2.11 is described below). @@ -865,9 +865,9 @@ with high grade ciphers:

smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 smtpd_tls_security_level = encrypt - # Postfix ≥ 2.5: + # Preferred syntax with Postfix ≥ 2.5: smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 - # Legacy form with Postfix prior to 2.5: + # Legacy syntax: smtpd_tls_mandatory_protocols = TLSv1 @@ -1266,7 +1266,7 @@ with MX hosts whose "A" or "AAAA" records lie in an "insecure" DNS zone. Such lookups have been observed to cause interoperability issues with poorly implemented DNS servers, and are in any case not expected to ever yield "secure" results, since that would require -a very unlikey DLV DNS trust anchor configured between the host +a very unlikely DLV DNS trust anchor configured between the host record and the associated "_25._tcp" child TLSA record.

The "dane-only" level is a form of btree:, hash:, or ldap: - tables. + Postfix access, address mapping and routing table lookups + may generate partial search keys such as domain names + without one or more subdomains, network addresses without + one or more least-significant octets, or email addresses + without the localpart, address extension or domain por- + tion. This behavior is also found with btree:, hash:, or + ldap: tables. Unlike other flat-file based Postfix databases, changes to - an LMDB database do not require automatic daemon program + an LMDB database do not trigger automatic daemon program restart. RELIABILITY diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 2d5bc1984..44edbb94f 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -11479,20 +11479,47 @@ whitespace, commas or colons. In the policy table "protocols" attribute empty value means allow all protocols. The valid protocol names, (see SSL_get_version(3)), are "SSLv2", "SSLv3" and "TLSv1".

-

Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" -and "TLSv1.2". If an older Postfix version is linked against OpenSSL -1.0.1 or later, these, or any other new protocol versions, are -unconditionally enabled.

- -

With Postfix ≥ 2.5 the parameter syntax is expanded to support -protocol exclusions. One can now explicitly exclude SSLv2 by setting -"smtp_tls_mandatory_protocols = !SSLv2". To exclude both SSLv2 and -SSLv3 set "smtp_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing +

With Postfix ≥ 2.5 the parameter syntax was expanded to support +protocol exclusions. One can explicitly exclude "SSLv2" by setting +"smtp_tls_mandatory_protocols = !SSLv2". To exclude both "SSLv2" and +"SSLv3" set "smtp_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing the protocols to include, rather than protocols to exclude, is supported, but not recommended. The exclusion form more closely -matches the behavior when the OpenSSL library is newer than Postfix. +matches the underlying OpenSSL interface semantics.

+

The range of protocols advertised by an SSL/TLS client must be +contiguous. When a protocol version is enabled, disabling any +higher version implicitly disables all versions above that higher +version. Thus, for example:

+
+
+smtp_tls_mandatory_protocols = !SSLv2, !TLSv1
+
+
+

also disables any protocols version higher than TLSv1 leaving +only "SSLv3" enabled.

+ +

Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" +and "TLSv1.2". When Postfix ≤ 2.5 is linked against OpenSSL 1.0.1 +or later, these, or any other new protocol versions, cannot be +disabled except by also disabling "TLSv1" (typically leaving just +"SSLv3"). The latest patch levels of Postfix ≥ 2.6, and all +versions of Postfix ≥ 2.10 can explicitly disable support for +"TLSv1.1" or "TLSv1.2".

+ +

At the dane and +dane-only security +levels, when usable TLSA records are obtained for the remote SMTP +server, the Postfix SMTP client is obligated to include the SNI TLS +extension in its SSL client hello message. This may help the remote +SMTP server live up to its promise to provide a certificate that +matches its TLSA records. Since TLS extensions require TLS 1.0 or +later, the Postfix SMTP client must disable "SSLv2" and "SSLv3" when +SNI is required. If you use "dane" or "dane-only" do not disable +TLSv1, except perhaps via the policy table for destinations which +you are sure will support "TLSv1.1" or "TLSv1.2".

+

Since SSL version 2 has known protocol weaknesses and is now deprecated, the default setting excludes "SSLv2". This means that by default, SSL version 2 will not be used at the "encrypt" security level @@ -11504,9 +11531,9 @@ and higher.

Example: 

-# Preferred form with Postfix ≥ 2.5:
+# Preferred syntax with Postfix ≥ 2.5:
 smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
-# Legacy form with Postfix < 2.5:
+# Legacy syntax:
 smtp_tls_mandatory_protocols = TLSv1
@@ -11789,18 +11816,30 @@ separator is colon. An empty value means allow all protocols. The valid protocol names, (see SSL_get_version(3)), are "SSLv2", "SSLv3" and "TLSv1".

+

The range of protocols advertised by an SSL/TLS client must be +contiguous. When a protocol version is enabled, disabling any +higher version implicitly disables all versions above that higher +version. Thus, for example:

+
+
+smtp_tls_mandatory_protocols = !SSLv2, !TLSv1
+
+
+

also disables any protocols version higher than TLSv1 leaving +only "SSLv3" enabled.

+

Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" -and "TLSv1.2". If an older Postfix version is linked against OpenSSL -1.0.1 or later, these, or any other new protocol versions, are -unconditionally enabled.

+and "TLSv1.2". The latest patch levels of Postfix ≥ 2.6, and all +versions of Postfix ≥ 2.10 can explicitly disable support for +"TLSv1.1" or "TLSv1.2"

To include a protocol list its name, to exclude it, prefix the name with a "!" character. To exclude SSLv2 even for opportunistic TLS set "smtp_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set "smtp_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to include, rather than protocols to exclude, is supported, but not -recommended. The exclusion form more closely matches the behavior -when the OpenSSL library is newer than Postfix.

+recommended. The exclusion form more closely matches the underlying +OpenSSL interface semantics.

Example: 

@@ -15600,19 +15639,20 @@ list of protocol names separated by whitespace, commas or colons.
 The supported protocol names are "SSLv2", "SSLv3" and "TLSv1", and
 are not case sensitive. 

 
-
 Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
-and "TLSv1.2". If an older Postfix version is linked against OpenSSL
-1.0.1 or later, these, or any other new protocol versions, are
-unconditionally enabled. 

-
-
 With Postfix ≥ 2.5 the parameter syntax is expanded to support
-protocol exclusions. One can now explicitly exclude SSLv2 by setting
-"smtpd_tls_mandatory_protocols = !SSLv2". To exclude both SSLv2 and
-SSLv3 set "smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing
+
 With Postfix ≥ 2.5 the parameter syntax was expanded to support
+protocol exclusions. One can explicitly exclude "SSLv2" by setting
+"smtpd_tls_mandatory_protocols = !SSLv2". To exclude both "SSLv2" and
+"SSLv3" set "smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing
 the protocols to include, rather than protocols to exclude, is
 supported, but not recommended. The exclusion form more closely
-matches the behavior when the OpenSSL library is newer than Postfix.
-

+matches the underlying OpenSSL interface semantics.  

+
+
 Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
+and "TLSv1.2". When Postfix ≤ 2.5 is linked against OpenSSL 1.0.1
+or later, these, or any other new protocol versions, cannot be
+disabled.  The latest patch levels of Postfix ≥ 2.6, and all
+versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or
+"TLSv1.2". 

 
 
 Since SSL version 2 has known protocol weaknesses and is now
 deprecated, the default setting excludes "SSLv2".  This means that
@@ -15622,8 +15662,9 @@ level. 

 
 Example: 

 
 
+# Preferred syntax with Postfix ≥ 2.5:
 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
-# Legacy form with Postfix < 2.5:
+# Legacy syntax:
 smtpd_tls_mandatory_protocols = TLSv1
 

 
@@ -15636,28 +15677,25 @@ level. 

 (default: empty)

 
 
 List of TLS protocols that the Postfix SMTP server will exclude
-or include with opportunistic TLS encryption. This parameter SHOULD be
-left at its default empty value, allowing all protocols to be used with
-opportunistic TLS. 

-
-
 In main.cf the values are separated by whitespace, commas or
-colons. An empty value means allow all protocols. The valid protocol
-names, (see SSL_get_version(3)), are "SSLv2", "SSLv3" and
-"TLSv1". In smtp_tls_policy_maps table entries, "protocols" attribute
-values are separated by a colon. 

+or include with opportunistic TLS encryption. This parameter SHOULD
+be left at its default empty value, allowing all protocols to be
+used with opportunistic TLS.  A non-empty value is a list of protocol
+names separated by whitespace, commas or colons.  The supported
+protocol names are "SSLv2", "SSLv3" and "TLSv1", and are not case
+sensitive. 

 
 
 Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
-and "TLSv1.2". If an older Postfix version is linked against OpenSSL
-1.0.1 or later, these, or any other new protocol versions, are
-unconditionally enabled. 

+and "TLSv1.2". The latest patch levels of Postfix ≥ 2.6, and all
+versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or
+"TLSv1.2". 

 
 
 To include a protocol list its name, to exclude it, prefix the name
 with a "!" character. To exclude SSLv2 even for opportunistic TLS set
 "smtpd_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
 "smtpd_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
 include, rather than protocols to exclude, is supported, but not
-recommended.  The exclusion form more closely matches the behavior
-when the OpenSSL library is newer than Postfix.  

+recommended.  The exclusion form more closely matches the underlying
+OpenSSL interface semantics. 

 
 
 Example: 

 
@@ -16215,8 +16253,8 @@ is not recommended.  

 
 From each group of well-formed TLSA RRs a non-zero digest
 matching type with the same certificate usage and selector, DANE
 verification examines only those records whose matching type has
-the highest precedence (appear earliest in $tls_dane_digests) are
-considered.  

+the highest precedence (appear earliest in $tls_dane_digests).
+
 
 
maybe

 
 For compatibility with digest algorithm agility, each certificate
diff --git a/postfix/man/man5/lmdb_table.5 b/postfix/man/man5/lmdb_table.5
index d6315bd71..45b9a4441 100644
--- a/postfix/man/man5/lmdb_table.5
+++ b/postfix/man/man5/lmdb_table.5
@@ -38,8 +38,8 @@ can be stored under a fixed lookup key.
 When a transaction fails due to a full database, Postfix
 resizes the database and retries the transaction.
 
-Postfix access, address mapping and routing tables will
-generate partial search keys such as domain names without
+Postfix access, address mapping and routing table lookups
+may generate partial search keys such as domain names without
 one or more subdomains, network addresses without one or
 more least-significant octets, or email addresses without
 the localpart, address extension or domain portion.
@@ -47,7 +47,7 @@ This behavior is also found with btree:, hash:, or ldap:
 tables.
 
 Unlike other flat-file based Postfix databases, changes to
-an LMDB database do not require automatic daemon program
+an LMDB database do not trigger automatic daemon program
 restart.
 .SH "RELIABILITY"
 .na
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index c68d90bc2..b989d556a 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -7220,18 +7220,50 @@ whitespace, commas or colons. In the policy table "protocols" attribute
 empty value means allow all protocols. The valid protocol names, (see
 \\fBfBSSL_get_version\fR(3)\fR), are "SSLv2", "SSLv3" and "TLSv1".
 .PP
-Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
-and "TLSv1.2". If an older Postfix version is linked against OpenSSL
-1.0.1 or later, these, or any other new protocol versions, are
-unconditionally enabled.
-.PP
-With Postfix >= 2.5 the parameter syntax is expanded to support
-protocol exclusions. One can now explicitly exclude SSLv2 by setting
-"smtp_tls_mandatory_protocols = !SSLv2". To exclude both SSLv2 and
-SSLv3 set "smtp_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing
+With Postfix >= 2.5 the parameter syntax was expanded to support
+protocol exclusions. One can explicitly exclude "SSLv2" by setting
+"smtp_tls_mandatory_protocols = !SSLv2". To exclude both "SSLv2" and
+"SSLv3" set "smtp_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing
 the protocols to include, rather than protocols to exclude, is
 supported, but not recommended. The exclusion form more closely
-matches the behavior when the OpenSSL library is newer than Postfix.
+matches the underlying OpenSSL interface semantics.
+.PP
+The range of protocols advertised by an SSL/TLS client must be
+contiguous.  When a protocol version is enabled, disabling any
+higher version implicitly disables all versions above that higher
+version.  Thus, for example:
+.sp
+.in +4
+.nf
+.na
+.ft C
+smtp_tls_mandatory_protocols = !SSLv2, !TLSv1
+.fi
+.ad
+.ft R
+.in -4
+also disables any protocols version higher than TLSv1 leaving
+only "SSLv3" enabled.
+.PP
+Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
+and "TLSv1.2". When Postfix <= 2.5 is linked against OpenSSL 1.0.1
+or later, these, or any other new protocol versions, cannot be
+disabled except by also disabling "TLSv1" (typically leaving just
+"SSLv3").  The latest patch levels of Postfix >= 2.6, and all
+versions of Postfix >= 2.10 can explicitly disable support for
+"TLSv1.1" or "TLSv1.2".
+.PP
+At the dane and
+dane-only security
+levels, when usable TLSA records are obtained for the remote SMTP
+server, the Postfix SMTP client is obligated to include the SNI TLS
+extension in its SSL client hello message.  This may help the remote
+SMTP server live up to its promise to provide a certificate that
+matches its TLSA records.  Since TLS extensions require TLS 1.0 or
+later, the Postfix SMTP client must disable "SSLv2" and "SSLv3" when
+SNI is required.  If you use "dane" or "dane-only" do not disable
+TLSv1, except perhaps via the policy table for destinations which
+you are sure will support "TLSv1.1" or "TLSv1.2".
 .PP
 Since SSL version 2 has known protocol weaknesses and is now
 deprecated, the default setting excludes "SSLv2".  This means that by
@@ -7246,9 +7278,9 @@ Example:
 .nf
 .na
 .ft C
-# Preferred form with Postfix >= 2.5:
+# Preferred syntax with Postfix >= 2.5:
 smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
-# Legacy form with Postfix < 2.5:
+# Legacy syntax:
 smtp_tls_mandatory_protocols = TLSv1
 .fi
 .ad
@@ -7514,18 +7546,35 @@ separator is colon. An empty value means allow all protocols. The valid
 protocol names, (see \\fBfBSSL_get_version\fR(3)\fR), are "SSLv2", "SSLv3"
 and "TLSv1".
 .PP
+The range of protocols advertised by an SSL/TLS client must be
+contiguous.  When a protocol version is enabled, disabling any
+higher version implicitly disables all versions above that higher
+version.  Thus, for example:
+.sp
+.in +4
+.nf
+.na
+.ft C
+smtp_tls_mandatory_protocols = !SSLv2, !TLSv1
+.fi
+.ad
+.ft R
+.in -4
+also disables any protocols version higher than TLSv1 leaving
+only "SSLv3" enabled.
+.PP
 Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
-and "TLSv1.2". If an older Postfix version is linked against OpenSSL
-1.0.1 or later, these, or any other new protocol versions, are
-unconditionally enabled.
+and "TLSv1.2". The latest patch levels of Postfix >= 2.6, and all
+versions of Postfix >= 2.10 can explicitly disable support for
+"TLSv1.1" or "TLSv1.2"
 .PP
 To include a protocol list its name, to exclude it, prefix the name
 with a "!" character. To exclude SSLv2 even for opportunistic TLS set
 "smtp_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
 "smtp_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
 include, rather than protocols to exclude, is supported, but not
-recommended.  The exclusion form more closely matches the behavior
-when the OpenSSL library is newer than Postfix.
+recommended.  The exclusion form more closely matches the underlying
+OpenSSL interface semantics.
 .PP
 Example:
 .nf
@@ -10583,18 +10632,20 @@ list of protocol names separated by whitespace, commas or colons.
 The supported protocol names are "SSLv2", "SSLv3" and "TLSv1", and
 are not case sensitive.
 .PP
-Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
-and "TLSv1.2". If an older Postfix version is linked against OpenSSL
-1.0.1 or later, these, or any other new protocol versions, are
-unconditionally enabled.
-.PP
-With Postfix >= 2.5 the parameter syntax is expanded to support
-protocol exclusions. One can now explicitly exclude SSLv2 by setting
-"smtpd_tls_mandatory_protocols = !SSLv2". To exclude both SSLv2 and
-SSLv3 set "smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing
+With Postfix >= 2.5 the parameter syntax was expanded to support
+protocol exclusions. One can explicitly exclude "SSLv2" by setting
+"smtpd_tls_mandatory_protocols = !SSLv2". To exclude both "SSLv2" and
+"SSLv3" set "smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing
 the protocols to include, rather than protocols to exclude, is
 supported, but not recommended. The exclusion form more closely
-matches the behavior when the OpenSSL library is newer than Postfix.
+matches the underlying OpenSSL interface semantics.
+.PP
+Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
+and "TLSv1.2". When Postfix <= 2.5 is linked against OpenSSL 1.0.1
+or later, these, or any other new protocol versions, cannot be
+disabled.  The latest patch levels of Postfix >= 2.6, and all
+versions of Postfix >= 2.10 can disable support for "TLSv1.1" or
+"TLSv1.2".
 .PP
 Since SSL version 2 has known protocol weaknesses and is now
 deprecated, the default setting excludes "SSLv2".  This means that
@@ -10606,8 +10657,9 @@ Example:
 .nf
 .na
 .ft C
+# Preferred syntax with Postfix >= 2.5:
 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
-# Legacy form with Postfix < 2.5:
+# Legacy syntax:
 smtpd_tls_mandatory_protocols = TLSv1
 .fi
 .ad
@@ -10616,28 +10668,25 @@ smtpd_tls_mandatory_protocols = TLSv1
 This feature is available in Postfix 2.3 and later.
 .SH smtpd_tls_protocols (default: empty)
 List of TLS protocols that the Postfix SMTP server will exclude
-or include with opportunistic TLS encryption. This parameter SHOULD be
-left at its default empty value, allowing all protocols to be used with
-opportunistic TLS.
-.PP
-In main.cf the values are separated by whitespace, commas or
-colons. An empty value means allow all protocols. The valid protocol
-names, (see \\fBfBSSL_get_version\fR(3)\fR), are "SSLv2", "SSLv3" and
-"TLSv1". In smtp_tls_policy_maps table entries, "protocols" attribute
-values are separated by a colon.
+or include with opportunistic TLS encryption. This parameter SHOULD
+be left at its default empty value, allowing all protocols to be
+used with opportunistic TLS.  A non-empty value is a list of protocol
+names separated by whitespace, commas or colons.  The supported
+protocol names are "SSLv2", "SSLv3" and "TLSv1", and are not case
+sensitive.
 .PP
 Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
-and "TLSv1.2". If an older Postfix version is linked against OpenSSL
-1.0.1 or later, these, or any other new protocol versions, are
-unconditionally enabled.
+and "TLSv1.2". The latest patch levels of Postfix >= 2.6, and all
+versions of Postfix >= 2.10 can disable support for "TLSv1.1" or
+"TLSv1.2".
 .PP
 To include a protocol list its name, to exclude it, prefix the name
 with a "!" character. To exclude SSLv2 even for opportunistic TLS set
 "smtpd_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
 "smtpd_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
 include, rather than protocols to exclude, is supported, but not
-recommended.  The exclusion form more closely matches the behavior
-when the OpenSSL library is newer than Postfix.
+recommended.  The exclusion form more closely matches the underlying
+OpenSSL interface semantics.
 .PP
 Example:
 .nf
@@ -11002,8 +11051,7 @@ is not recommended.
 From each group of well-formed TLSA RRs a non-zero digest
 matching type with the same certificate usage and selector, DANE
 verification examines only those records whose matching type has
-the highest precedence (appear earliest in $tls_dane_digests) are
-considered.
+the highest precedence (appear earliest in $tls_dane_digests).
 .br
 .IP "\fBmaybe\fR"
 For compatibility with digest algorithm agility, each certificate
diff --git a/postfix/proto/TLS_README.html b/postfix/proto/TLS_README.html
index 10527fc93..0e538d47b 100644
--- a/postfix/proto/TLS_README.html
+++ b/postfix/proto/TLS_README.html
@@ -607,7 +607,7 @@ from scratch.  

 
 
 Since Postfix uses multiple smtpd(8) service processes, an
 in-memory cache is not sufficient for session re-use.  Clients store
-at most one cached session per server and are very unlikey to
+at most one cached session per server and are very unlikely to
 repeatedly connect to the same server process.  Thus session caching
 in the Postfix SMTP server generally requires a shared cache (an
 alternative available with Postfix ≥ 2.11 is described below).
@@ -865,9 +865,9 @@ with high grade ciphers: 

     smtpd_tls_mandatory_ciphers = high
     smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
     smtpd_tls_security_level = encrypt
-    # Postfix ≥ 2.5:
+    # Preferred syntax with Postfix ≥ 2.5:
     smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
-    # Legacy form with Postfix prior to 2.5:
+    # Legacy syntax:
     smtpd_tls_mandatory_protocols = TLSv1
@@ -1266,7 +1266,7 @@ with MX hosts whose "A" or "AAAA" records lie in an "insecure" DNS zone. Such lookups have been observed to cause interoperability issues with poorly implemented DNS servers, and are in any case not expected to ever yield "secure" results, since that would require -a very unlikey DLV DNS trust anchor configured between the host +a very unlikely DLV DNS trust anchor configured between the host record and the associated "_25._tcp" child TLSA record.

The "dane-only" level is a form of SSL_get_version(3)), are "SSLv2", "SSLv3" and "TLSv1".

-

Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" -and "TLSv1.2". If an older Postfix version is linked against OpenSSL -1.0.1 or later, these, or any other new protocol versions, are -unconditionally enabled.

- -

With Postfix ≥ 2.5 the parameter syntax is expanded to support -protocol exclusions. One can now explicitly exclude SSLv2 by setting -"smtp_tls_mandatory_protocols = !SSLv2". To exclude both SSLv2 and -SSLv3 set "smtp_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing +

With Postfix ≥ 2.5 the parameter syntax was expanded to support +protocol exclusions. One can explicitly exclude "SSLv2" by setting +"smtp_tls_mandatory_protocols = !SSLv2". To exclude both "SSLv2" and +"SSLv3" set "smtp_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing the protocols to include, rather than protocols to exclude, is supported, but not recommended. The exclusion form more closely -matches the behavior when the OpenSSL library is newer than Postfix. +matches the underlying OpenSSL interface semantics.

+

The range of protocols advertised by an SSL/TLS client must be +contiguous. When a protocol version is enabled, disabling any +higher version implicitly disables all versions above that higher +version. Thus, for example:

+
+
+smtp_tls_mandatory_protocols = !SSLv2, !TLSv1
+
+
+

also disables any protocols version higher than TLSv1 leaving +only "SSLv3" enabled.

+ +

Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" +and "TLSv1.2". When Postfix ≤ 2.5 is linked against OpenSSL 1.0.1 +or later, these, or any other new protocol versions, cannot be +disabled except by also disabling "TLSv1" (typically leaving just +"SSLv3"). The latest patch levels of Postfix ≥ 2.6, and all +versions of Postfix ≥ 2.10 can explicitly disable support for +"TLSv1.1" or "TLSv1.2".

+ +

At the dane and +dane-only security +levels, when usable TLSA records are obtained for the remote SMTP +server, the Postfix SMTP client is obligated to include the SNI TLS +extension in its SSL client hello message. This may help the remote +SMTP server live up to its promise to provide a certificate that +matches its TLSA records. Since TLS extensions require TLS 1.0 or +later, the Postfix SMTP client must disable "SSLv2" and "SSLv3" when +SNI is required. If you use "dane" or "dane-only" do not disable +TLSv1, except perhaps via the policy table for destinations which +you are sure will support "TLSv1.1" or "TLSv1.2".

+

Since SSL version 2 has known protocol weaknesses and is now deprecated, the default setting excludes "SSLv2". This means that by default, SSL version 2 will not be used at the "encrypt" security level @@ -10796,9 +10823,9 @@ TLS_README for more information about security levels.

Example: 

-# Preferred form with Postfix ≥ 2.5:
+# Preferred syntax with Postfix ≥ 2.5:
 smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
-# Legacy form with Postfix < 2.5:
+# Legacy syntax:
 smtp_tls_mandatory_protocols = TLSv1
@@ -10958,19 +10985,20 @@ list of protocol names separated by whitespace, commas or colons. The supported protocol names are "SSLv2", "SSLv3" and "TLSv1", and are not case sensitive.

-

Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" -and "TLSv1.2". If an older Postfix version is linked against OpenSSL -1.0.1 or later, these, or any other new protocol versions, are -unconditionally enabled.

- -

With Postfix ≥ 2.5 the parameter syntax is expanded to support -protocol exclusions. One can now explicitly exclude SSLv2 by setting -"smtpd_tls_mandatory_protocols = !SSLv2". To exclude both SSLv2 and -SSLv3 set "smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing +

With Postfix ≥ 2.5 the parameter syntax was expanded to support +protocol exclusions. One can explicitly exclude "SSLv2" by setting +"smtpd_tls_mandatory_protocols = !SSLv2". To exclude both "SSLv2" and +"SSLv3" set "smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3". Listing the protocols to include, rather than protocols to exclude, is supported, but not recommended. The exclusion form more closely -matches the behavior when the OpenSSL library is newer than Postfix. -

+matches the underlying OpenSSL interface semantics.

+ +

Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" +and "TLSv1.2". When Postfix ≤ 2.5 is linked against OpenSSL 1.0.1 +or later, these, or any other new protocol versions, cannot be +disabled. The latest patch levels of Postfix ≥ 2.6, and all +versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or +"TLSv1.2".

Since SSL version 2 has known protocol weaknesses and is now deprecated, the default setting excludes "SSLv2". This means that @@ -10980,8 +11008,9 @@ level.

Example: 

+# Preferred syntax with Postfix ≥ 2.5:
 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
-# Legacy form with Postfix < 2.5:
+# Legacy syntax:
 smtpd_tls_mandatory_protocols = TLSv1
@@ -12106,18 +12135,30 @@ separator is colon. An empty value means allow all protocols. The valid protocol names, (see SSL_get_version(3)), are "SSLv2", "SSLv3" and "TLSv1".

+

The range of protocols advertised by an SSL/TLS client must be +contiguous. When a protocol version is enabled, disabling any +higher version implicitly disables all versions above that higher +version. Thus, for example:

+
+
+smtp_tls_mandatory_protocols = !SSLv2, !TLSv1
+
+
+

also disables any protocols version higher than TLSv1 leaving +only "SSLv3" enabled.

+

Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" -and "TLSv1.2". If an older Postfix version is linked against OpenSSL -1.0.1 or later, these, or any other new protocol versions, are -unconditionally enabled.

+and "TLSv1.2". The latest patch levels of Postfix ≥ 2.6, and all +versions of Postfix ≥ 2.10 can explicitly disable support for +"TLSv1.1" or "TLSv1.2"

To include a protocol list its name, to exclude it, prefix the name with a "!" character. To exclude SSLv2 even for opportunistic TLS set "smtp_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set "smtp_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to include, rather than protocols to exclude, is supported, but not -recommended. The exclusion form more closely matches the behavior -when the OpenSSL library is newer than Postfix.

+recommended. The exclusion form more closely matches the underlying +OpenSSL interface semantics.

Example: 

@@ -12130,28 +12171,25 @@ smtp_tls_protocols = !SSLv2, !SSLv3
 %PARAM smtpd_tls_protocols
 
 
 List of TLS protocols that the Postfix SMTP server will exclude
-or include with opportunistic TLS encryption. This parameter SHOULD be
-left at its default empty value, allowing all protocols to be used with
-opportunistic TLS. 

-
-
 In main.cf the values are separated by whitespace, commas or
-colons. An empty value means allow all protocols. The valid protocol
-names, (see SSL_get_version(3)), are "SSLv2", "SSLv3" and
-"TLSv1". In smtp_tls_policy_maps table entries, "protocols" attribute
-values are separated by a colon. 

+or include with opportunistic TLS encryption. This parameter SHOULD
+be left at its default empty value, allowing all protocols to be
+used with opportunistic TLS.  A non-empty value is a list of protocol
+names separated by whitespace, commas or colons.  The supported
+protocol names are "SSLv2", "SSLv3" and "TLSv1", and are not case
+sensitive. 

 
 
 Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1"
-and "TLSv1.2". If an older Postfix version is linked against OpenSSL
-1.0.1 or later, these, or any other new protocol versions, are
-unconditionally enabled. 

+and "TLSv1.2". The latest patch levels of Postfix ≥ 2.6, and all
+versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or
+"TLSv1.2". 

 
 
 To include a protocol list its name, to exclude it, prefix the name
 with a "!" character. To exclude SSLv2 even for opportunistic TLS set
 "smtpd_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
 "smtpd_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
 include, rather than protocols to exclude, is supported, but not
-recommended.  The exclusion form more closely matches the behavior
-when the OpenSSL library is newer than Postfix.  

+recommended.  The exclusion form more closely matches the underlying
+OpenSSL interface semantics. 

 
 
 Example: 

 
@@ -15433,8 +15471,8 @@ is not recommended.  
 
 From each group of well-formed TLSA RRs a non-zero digest
 matching type with the same certificate usage and selector, DANE
 verification examines only those records whose matching type has
-the highest precedence (appear earliest in $tls_dane_digests) are
-considered.  

+the highest precedence (appear earliest in $tls_dane_digests).
+
 
 
maybe

 
 For compatibility with digest algorithm agility, each certificate
diff --git a/postfix/src/global/Makefile.in b/postfix/src/global/Makefile.in
index d85eabdce..f008a0d07 100644
--- a/postfix/src/global/Makefile.in
+++ b/postfix/src/global/Makefile.in
@@ -312,6 +312,7 @@ tests: tok822_test mime_tests strip_addr_test tok822_limit_test \
 	xtext_test scache_multi_test ehlo_mask_test \
 	namadr_list_test mail_conf_time_test header_body_checks_tests \
 	mail_version_test server_acl_test resolve_local_test maps_test
+	safe_ultostr_test
 
 mime_tests: mime_test mime_nest mime_8bit mime_dom mime_trunc mime_cvt \
 	mime_cvt2 mime_cvt3 mime_garb1 mime_garb2 mime_garb3 mime_garb4
@@ -516,6 +517,11 @@ mail_conf_time_test: mail_conf_time mail_conf_time.ref
 	diff mail_conf_time.ref mail_conf_time.tmp
 	rm -f mail_conf_time.tmp
 
+safe_ultostr_test: safe_ultostr safe_ultostr.in safe_ultostr.ref
+	./safe_ultostr safe_ultostr.tmp 2>&1
+	diff safe_ultostr.ref safe_ultostr.tmp
+	rm -f safe_ultostr.tmp
+
 header_body_checks_null_test: header_body_checks header_body_checks_null.ref
 	./header_body_checks "" "" "" "" \
 		header_body_checks_null.tmp 2>&1
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index f5154456c..32071c698 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20131208"
+#define MAIL_RELEASE_DATE	"20131210"
 #define MAIL_VERSION_NUMBER	"2.11"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/global/safe_ultostr.c b/postfix/src/global/safe_ultostr.c
index 1457e1fa7..910c2ee68 100644
--- a/postfix/src/global/safe_ultostr.c
+++ b/postfix/src/global/safe_ultostr.c
@@ -97,7 +97,7 @@ static unsigned char safe_chars[] =
 /* safe_ultostr - convert unsigned long to safe alphanumerical string */
 
 char   *safe_ultostr(VSTRING *buf, unsigned long ulval, int base,
-		               int padlen, int padchar)
+		             int padlen, int padchar)
 {
     const char *myname = "safe_ultostr";
     char   *start;
@@ -171,6 +171,8 @@ unsigned long safe_strtoul(const char *start, char **end, int base)
     /*
      * Skip leading whitespace. We don't implement sign/base prefixes.
      */
+    if (end)
+	*end = (char *) start;
     while (ISSPACE(*start))
 	++start;
 
@@ -178,13 +180,7 @@ unsigned long safe_strtoul(const char *start, char **end, int base)
      * Start the conversion.
      */
     errno = 0;
-    for (cp = (unsigned char *) start; *cp; cp++) {
-	/* Return (0, EINVAL) if no conversion was made. */
-	if ((char_val = char_map[*cp]) >= base) {
-	    if (cp == (unsigned char *) start)
-		errno = EINVAL;
-	    break;
-	}
+    for (cp = (unsigned char *) start; (char_val = char_map[*cp]) < base; cp++) {
 	/* Return (ULONG_MAX, ERANGE) if the result is too large. */
 	if (sum > div_limit
 	    || (sum == div_limit && char_val > mod_limit)) {
@@ -197,7 +193,10 @@ unsigned long safe_strtoul(const char *start, char **end, int base)
 	}
 	sum = sum * base + char_val;
     }
-    if (end)
+    /* Return (0, EINVAL) after no conversion. Test moved here 20131209. */
+    if (cp == (unsigned char *) start)
+	errno = EINVAL;
+    else if (end)
 	*end = (char *) cp;
     return (sum);
 }
@@ -225,6 +224,16 @@ int     main(int unused_argc, char **unused_argv)
 #define strtoul strtol
 #endif
 
+    /*
+     * Hard-coded string-to-number test.
+     */
+    ulval2 = safe_strtoul("  ", &junk, 10);
+    if (*junk == 0 || errno != EINVAL)
+	msg_warn("input=' ' result=%lu errno=%m", ulval2);
+
+    /*
+     * Configurable number-to-string-to-number test.
+     */
     while (vstring_get_nonl(buf, VSTREAM_IN) != VSTREAM_EOF) {
 	ch = 0;
 	if (sscanf(STR(buf), "%lu %d%c", &ulval, &base, &ch) != 2 || ch) {
diff --git a/postfix/src/global/safe_ultostr.in b/postfix/src/global/safe_ultostr.in
new file mode 100644
index 000000000..49e274324
--- /dev/null
+++ b/postfix/src/global/safe_ultostr.in
@@ -0,0 +1,4 @@
+4294967295 2
+4294967295 10
+4294967295 16
+4294967295 52
diff --git a/postfix/src/global/safe_ultostr.ref b/postfix/src/global/safe_ultostr.ref
new file mode 100644
index 000000000..829b79e26
--- /dev/null
+++ b/postfix/src/global/safe_ultostr.ref
@@ -0,0 +1,4 @@
+4294967295 = 11111111111111111111111111111111
+4294967295 = 4294967295
+4294967295 = HHHHHHHH
+4294967295 = CHPgSv
diff --git a/postfix/src/postconf/postconf_edit.c b/postfix/src/postconf/postconf_edit.c
index 05fdc1f40..49114b902 100644
--- a/postfix/src/postconf/postconf_edit.c
+++ b/postfix/src/postconf/postconf_edit.c
@@ -341,6 +341,10 @@ void    edit_master(int mode, int argc, char **argv)
 	if (mode & EDIT_CONF) {
 	    if ((err = split_nameval(cp, &pattern, &req->edit_value)) != 0)
 		msg_fatal("%s: \"%s\"", err, req->raw_text);
+	    if ((mode & MASTER_PARAM)
+	     && req->edit_value[strcspn(req->edit_value, PC_MASTER_BLANKS)])
+		msg_fatal("whitespace in parameter value: \"%s\"",
+			  req->raw_text);
 	} else if (mode & (COMMENT_OUT | EDIT_EXCL)) {
 	    if (strchr(cp, '=') != 0)
 		msg_fatal("-X or -# requires names without value");
diff --git a/postfix/src/tls/tls_dane.c b/postfix/src/tls/tls_dane.c
index 3efb2eb6f..b6a78e92f 100644
--- a/postfix/src/tls/tls_dane.c
+++ b/postfix/src/tls/tls_dane.c
@@ -305,7 +305,7 @@ static dane_digest *add_digest(char *mdalg, int pref)
 	/*
 	 * XXX: safe_strtoul() does not flag empty or white-space only input.
 	 * Since we get idbuf by splitting white-space/comma delimited
-	 * tokens, this is not a problem here.
+	 * tokens, this is not a problem here. Fixed as of 210131209.
 	 */
 	l = safe_strtoul(value, &endcp, 10);
 	if ((l == 0 && (errno == EINVAL || endcp == value))
@@ -758,6 +758,10 @@ static DNS_RR *tlsa_apply(DNS_RR *rr, tlsa_filter filter, filter_ctx *ctx)
     DNS_RR *tail = 0;			/* Last retained RR */
     DNS_RR *next;
 
+    /*
+     * XXX Code that modifies or destroys DNS_RR lists or entries belongs in
+     * the DNS library, not here.
+     */
     for ( /* nop */ ; rr; rr = next) {
 	next = rr->next;
 
@@ -1352,6 +1356,8 @@ static int add_ext(X509 *issuer, X509 *subject, int ext_nid, char *ext_val)
     X509V3_set_ctx(&v3ctx, issuer, subject, 0, 0, 0);
     if ((exts = subject->cert_info->extensions) == 0)
 	exts = subject->cert_info->extensions = sk_X509_EXTENSION_new_null();
+    if (!exts)
+	return (0);
 
     if ((ext = X509V3_EXT_conf_nid(0, &v3ctx, ext_nid, ext_val)) != 0
 	&& sk_X509_EXTENSION_push(exts, ext))