Fetcmail error

S

sprock

Hello,

I have previously used fetchmail to download mail form a server. Recently this stopped working with the following error:
Code: 
Apr 17 06:37:05 fetchmail: OpenSSL reported: error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small

This is my .fetchmailrc:

Code: 
set postmaster "fred"
set bouncemail
set no spambounce
set softbounce
set properties ""
# set daemon 300

# Server options:
poll  mail.sum.wear protocol IMAP username "fred" password "slillyme"
      ssl;
#      keep;
options ssl sslcertck sslcertfile /usr/local/share/certs/ca-root-nss.crt

I'm on 13.4-RELEASE-p5.

Thanks fo any help.
sprock
 
sprock said:
dh key too small
Click to expand...
DH stands for Diffie–Hellman so it is related to the DH keys used by OpenSSL. It would be interesting to know which server and if the error gets reported when fetching mail from other servers as well. Either way, I guess the solution to the problem should be searched for in the OpenSSL configuration, e.g. disable older DH keys and enable newer versions.
 
I did a quick Google search but I assume you also already found this Stack Overflow page. Weirdly enough, it directly contradicts my previous post. Where I guessed you had to enable newer versions, this post states you have to enable the older version of TLS – or fix the server, which I guess is not an option for you.
 
Thanks for your reply.

Yes, I had seen the page you linked. You are correct in that I have no control over the server. Unfortunately, reading through that page does not help much in getting fetchmail to use an older version of TLS.

Thanjs again.
 
I'm not very fluent with fetchmail(1) myself but... have you tried to increase logging verbosity?

Also... tried manually specifying a protocol (referring to --sslproto)? Do you even know what protocols this mailserver supports these days, that's where I'd start...

Lessee IMAPs... something like: nmap -Pn --script ssl-cert,ssl-enum-ciphers -p 993 mail.sum.wear.

That should tell you a bit more about all this.
 
Hello,

Thanks for your reply.

Here is the output of that command:
Code: 
Starting Nmap 7.94 ( https://nmap.org ) at 2025-05-12 15:32 NDT
Nmap scan report for server.poop.sw (123.456.789.10)
Host is up (0.0053s latency).
rDNS record for 123.456.789.10: otherserver.poop.sw

PORT    STATE SERVICE
993/tcp open  imaps
| ssl-enum-ciphers:
|   SSLv3:
|     ciphers:
|       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) - D
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 1024) - A
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_IDEA_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
|       TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
|       TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: client
|     warnings:
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|       64-bit block cipher IDEA vulnerable to SWEET32 attack
|       Broken cipher RC4 is deprecated by RFC 7465
|       CBC-mode cipher in SSLv3 (CVE-2014-3566)
|       Ciphersuite uses MD5 for message integrity
|       Key exchange (dh 1024) of lower strength than certificate key
|   TLSv1.0:
|     ciphers:
|       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) - D
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 1024) - A
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_IDEA_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
|       TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
|       TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: client
|     warnings:
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|       64-bit block cipher IDEA vulnerable to SWEET32 attack
|       Broken cipher RC4 is deprecated by RFC 7465
|       Ciphersuite uses MD5 for message integrity
|       Key exchange (dh 1024) of lower strength than certificate key
|   TLSv1.1:
|     ciphers:
|       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) - D
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 1024) - A
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_IDEA_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
|       TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
|       TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: client
|     warnings:
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|       64-bit block cipher IDEA vulnerable to SWEET32 attack
|       Broken cipher RC4 is deprecated by RFC 7465
|       Ciphersuite uses MD5 for message integrity
|       Key exchange (dh 1024) of lower strength than certificate key
|   TLSv1.2:
|     ciphers:
|       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) - D
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 1024) - A
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 1024) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 1024) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 1024) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 1024) - A
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_IDEA_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
|       TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
|       TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: client
|     warnings:
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|       64-bit block cipher IDEA vulnerable to SWEET32 attack
|       Broken cipher RC4 is deprecated by RFC 7465
|       Ciphersuite uses MD5 for message integrity
|       Key exchange (dh 1024) of lower strength than certificate key
|_  least strength: D
| ssl-cert: Subject: commonName=server.poop.sw
| Subject Alternative Name: DNS:server.poop.sw, DNS:otherserver.poop.sw
| Issuer: commonName=Sectigo RSA Domain Validation Secure Server CA/organizationName=Sectigo Limited/stateOrProvinceName=Greater Manchester/countryName=GB
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2024-08-02T00:00:00
| Not valid after:  2025-08-18T23:59:59
| MD5:   73a6:7d15:6315:a5fb:79cd:13d3:24af:6d34
|_SHA-1: 5be0:eebb:5f8a:b477:8fc4:b5ae:9563:ae02:a159:b255

Nmap done: 1 IP address (1 host up) scanned in 1.32 seconds
 nmap -Pn --script ssl-cert,ssl-enum-ciphers -p 993 server.poop.sw
Search: nmap ciphers

So, I presume I should tell fetchmail to use one of the A-rated ciphers. But how do I do that? The docs don't provide much information.

Thanks,
sprock
 
Yeah, this looks rough. You'll probably have to set the partially documented FETCHMAIL_SSL_CIPHERS environment variable:
gitlab.com

NEWS · 0fe93226d145a41d3a782f98d3797f521fc63ea4 · fetchmail / fetchmail · GitLab

TLS-enabled mail retrieval (POP3/IMAP/ETRN/ODMR) and forwarding (SMTP/LMTP/MDA) agent. Note the Git branches: legacy_6x (6.5.x release maintenance) and next (mid-term future 7.x.x development)
gitlab.com gitlab.com

Maybe to AES128-GCM-SHA256 or AES256-SHA256.

Edit: Alternatively, you could upgrade to 14.x which uses Openssl 3.x. Not that that's without problems too:
www.haproxy.com

The State of SSL Stacks

The SSL landscape has shifted dramatically. In this paper, we examine OpenSSL 3.x, BoringSSL, LibreSSL, WolfSSL, and AWS-LC with HAProxy.
www.haproxy.com www.haproxy.com

Unfortunately the future is not bright for OpenSSL users. After one of the most massive performance regressions in history, measurements show absolutely no more progress to overcome this issue over the last two years, suggesting that the ability for the team to fix this important problem has reached a plateau.
Click to expand...
 
Finally got this working by using the FETCHMAIL_SSL_CIPHERS envar.

Many thanks to all who responded. I learned a lot.

sprock
 
You must log in or register to reply here.
Back
Top