Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 659224

Summary: mail-mta/postfix with libressl: Missing patch to support auto selection of EC curves
Product: Gentoo Linux Reporter: Dirk Best <mail>
Component: Current packagesAssignee: Net-Mail Packages <net-mail+disabled>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 561854    

Description Dirk Best 2018-06-26 10:22:57 UTC 
The following patch from OpenBSD is missing from Gentoo, causing auto selection of EC curves to not work:

http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/mail/postfix/snapshot/patches/Attic/patch-src_tls_tls_dh_c?rev=1.2&content-type=text/x-cvsweb-markup

This affects the setting "smtpd_tls_eecdh_grade", which by default is set to "auto". This causes postfix to lose eecdh support when the patch is not applied. It still works when it's set to another setting like "strong" or "ultra".

More information is also available in this FreeBSD bug report: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216790

I've applied the patch locally and postfix then works as expected, i.e. it auto-selects prime256v1, secp521r1, secp384r1 or X25519 depending on the client. This can be tested with the ImmuniWeb® SSLScan tool at https://www.htbridge.com/ssl/.
Comment 1 Larry the Git Cow gentoo-dev 2018-06-27 06:07:54 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=07c745adf5d94a8696c7830763e3714c467f95e6

commit 07c745adf5d94a8696c7830763e3714c467f95e6
Author:     Eray Aslan <eras@gentoo.org>
AuthorDate: 2018-06-27 06:07:30 +0000
Commit:     Eray Aslan <eras@gentoo.org>
CommitDate: 2018-06-27 06:07:30 +0000

    mail-mta/postfix: fix eccurve selection for libressl
    
    Closes: https://bugs.gentoo.org/659224
    Package-Manager: Portage-2.3.40, Repoman-2.3.9

 .../postfix/files/postfix-libressl-eccurve.patch   |  16 ++
 mail-mta/postfix/postfix-3.3.1-r1.ebuild           | 302 +++++++++++++++++++++
 2 files changed, 318 insertions(+)