Univention Bugzilla – Bug 51630
40_mail/00check_forward_secrecy fails in UCS 5.0
Last modified: 2021-05-25 16:01:06 CEST
Expecting one of the following ciphers to be used: ('AECDH-AES256-SHA', 'ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-ECDSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES256-SHA384', 'ECDHE-ECDSA-AES256-SHA384', 'ECDHE-RSA-AES256-SHA', 'ECDHE-ECDSA-AES256-SHA', 'AECDH-DES-CBC3-SHA', 'ECDHE-RSA-DES-CBC3-SHA', 'ECDHE-ECDSA-DES-CBC3-SHA', 'AECDH-AES128-SHA', 'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES128-SHA256', 'ECDHE-ECDSA-AES128-SHA256', 'ECDHE-RSA-AES128-SHA', 'ECDHE-ECDSA-AES128-SHA', 'AECDH-RC4-SHA', 'ECDHE-RSA-RC4-SHA', 'ECDHE-ECDSA-RC4-SHA') The following message(s) appeared in STDERR: Can't use SSL_get_servername depth=1 C = DE, ST = DE, L = DE, O = DE, OU = Univention Corporate Server, CN = Univention Corporate Server Root CA (ID=0Ra3V0qp), emailAddress = ssl@ verify return:1 depth=0 C = DE, ST = DE, L = DE, O = DE, OU = Univention Corporate Server, CN = master091.AutoTest091.local, emailAddress = ssl@ verify return:1 250 CHUNKING Can't use SSL_get_servername depth=1 C = DE, ST = DE, L = DE, O = DE, OU = Univention Corporate Server, CN = Univention Corporate Server Root CA (ID=0Ra3V0qp), emailAddress = ssl@ verify return:1 depth=0 C = DE, ST = DE, L = DE, O = DE, OU = Univention Corporate Server, CN = master091.AutoTest091.local, emailAddress = ssl@ verify return:1 250 CHUNKING Can't use SSL_get_servername depth=1 C = DE, ST = DE, L = DE, O = DE, OU = Univention Corporate Server, CN = Univention Corporate Server Root CA (ID=0Ra3V0qp), emailAddress = ssl@ verify return:1 depth=0 C = DE, ST = DE, L = DE, O = DE, OU = Univention Corporate Server, CN = master091.AutoTest091.local, emailAddress = ssl@ verify return:1 250 CHUNKING Can't use SSL_get_servername depth=1 C = DE, ST = DE, L = DE, O = DE, OU = Univention Corporate Server, CN = Univention Corporate Server Root CA (ID=0Ra3V0qp), emailAddress = ssl@ verify return:1 depth=0 C = DE, ST = DE, L = DE, O = DE, OU = Univention Corporate Server, CN = master091.AutoTest091.local, emailAddress = ssl@ verify return:1 250 CHUNKING Can't use SSL_get_servername depth=1 C = DE, ST = DE, L = DE, O = DE, OU = Univention Corporate Server, CN = Univention Corporate Server Root CA (ID=0Ra3V0qp), emailAddress = ssl@ verify return:1 depth=0 C = DE, ST = DE, L = DE, O = DE, OU = Univention Corporate Server, CN = master091.AutoTest091.local, emailAddress = ssl@ verify return:1 250 CHUNKING Can't use SSL_get_servername depth=1 C = DE, ST = DE, L = DE, O = DE, OU = Univention Corporate Server, CN = Univention Corporate Server Root CA (ID=0Ra3V0qp), emailAddress = ssl@ verify return:1 depth=0 C = DE, ST = DE, L = DE, O = DE, OU = Univention Corporate Server, CN = master091.AutoTest091.local, emailAddress = ssl@ verify return:1 250 CHUNKING DONE Openssl client STDOUT: CONNECTED(00000003) --- Certificate chain 0 s:C = DE, ST = DE, L = DE, O = DE, OU = Univention Corporate Server, CN = master091.AutoTest091.local, emailAddress = ssl@ i:C = DE, ST = DE, L = DE, O = DE, OU = Univention Corporate Server, CN = Univention Corporate Server Root CA (ID=0Ra3V0qp), emailAddress = ssl@ --- Server certificate -----BEGIN CERTIFICATE----- MIIFGzCCBAOgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBqzELMAkGA1UEBhMCREUx CzAJBgNVBAgTAkRFMQswCQYDVQQHEwJERTELMAkGA1UEChMCREUxJDAiBgNVBAsT G1VuaXZlbnRpb24gQ29ycG9yYXRlIFNlcnZlcjE6MDgGA1UEAxMxVW5pdmVudGlv biBDb3Jwb3JhdGUgU2VydmVyIFJvb3QgQ0EgKElEPTBSYTNWMHFwKTETMBEGCSqG SIb3DQEJARYEc3NsQDAeFw0yMDA3MDYxNzAxNTNaFw0yNTA3MDUxNzAxNTNaMIGV MQswCQYDVQQGEwJERTELMAkGA1UECBMCREUxCzAJBgNVBAcTAkRFMQswCQYDVQQK EwJERTEkMCIGA1UECxMbVW5pdmVudGlvbiBDb3Jwb3JhdGUgU2VydmVyMSQwIgYD VQQDExttYXN0ZXIwOTEuQXV0b1Rlc3QwOTEubG9jYWwxEzARBgkqhkiG9w0BCQEW BHNzbEAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCviEdeMmDDSRkm DkVU8pvJYAXieW3f1xWoaL5fo6Zuk76/XFBPIlKRjzJxs6ejTPOyqD33TC+q7KQM SFbNgXvvIa9v3ej04rWTbJ0avqtL7ZoQ6Bu8S2RRC1zBDdoBIJEElX3P2i/kwMxR +uhlux5ty5DsEDDS6Za1sT1yHWUm/iZ9WTzMDExTCE9vm8XvlosxKfcONZgLxQxs qFwXTOleMvKDRPBQFkTVL4Fis87uF41woQfH1uSRvrRvzO4uiHrWMHLnAEThzSC6 zBECgOY/RjL/FN3RFeOYwZHMa5FiTC8ERJ0Kv9mxtxAspe6rMKEc1Ocn80ZCFyBw cLPXBec5AgMBAAGjggFcMIIBWDAJBgNVHRMEAjAAMB0GA1UdDgQWBBR6xxN+4B/H gBYFCLPLbv7B09IilTCB6wYDVR0jBIHjMIHggBSb7F5/jLrtbGP0UDDp4KmXF9mb haGBsaSBrjCBqzELMAkGA1UEBhMCREUxCzAJBgNVBAgTAkRFMQswCQYDVQQHEwJE RTELMAkGA1UEChMCREUxJDAiBgNVBAsTG1VuaXZlbnRpb24gQ29ycG9yYXRlIFNl cnZlcjE6MDgGA1UEAxMxVW5pdmVudGlvbiBDb3Jwb3JhdGUgU2VydmVyIFJvb3Qg Q0EgKElEPTBSYTNWMHFwKTETMBEGCSqGSIb3DQEJARYEc3NsQIIUc06Y0lmouaig W8hCTWE2ziFzg0YwCwYDVR0PBAQDAgXgMDEGA1UdEQQqMCiCG21hc3RlcjA5MS5B dXRvVGVzdDA5MS5sb2NhbIIJbWFzdGVyMDkxMA0GCSqGSIb3DQEBCwUAA4IBAQBI F2vXJ66eN+IZXw/PNJ1iEipEAYARndtlrptAUCkveKYnxSBgCBnVF0NXGLQoBDx/ 21I7VRW6MdTvrPqCkXCov95FRygWCdXOt3GFLKuz4GXhKoax9P3LkmKV3vLVLZml 43ad5ucymbYLDMrCqZfp5k2Z6+AP5qQt4vEcF6Z9ogb1BeCfl8FoW5zFkaG3cbRP Ay9sdFU3G88ea6eFwFm6prV0WIs7CSg9cM5fkBRlHgLuSBovJnNQSW9llbl2Cb58 FhGL+trAmIMuR1M68DUJGtE37N2FWNIkZtRF8BMeA397VE7lrMwiLO1nmiJWpedd 4x8vMfPOchoZSrGFZWWp -----END CERTIFICATE----- subject=C = DE, ST = DE, L = DE, O = DE, OU = Univention Corporate Server, CN = master091.AutoTest091.local, emailAddress = ssl@ issuer=C = DE, ST = DE, L = DE, O = DE, OU = Univention Corporate Server, CN = Univention Corporate Server Root CA (ID=0Ra3V0qp), emailAddress = ssl@ --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 2234 bytes and written 712 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- drop connection and then reconnect CONNECTED(00000003) Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- drop connection and then reconnect CONNECTED(00000003) Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- drop connection and then reconnect CONNECTED(00000003) Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- drop connection and then reconnect CONNECTED(00000003) Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- drop connection and then reconnect CONNECTED(00000003) Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- ### FAIL ### None of the possible ciphers were found in the output from TLS client. Probably TLS/PFS does not work. ### ###
commit 699c4c5eef202d056b0652956e1367a283b1e7e2 Author: Florian Best <best@univention.de> Date: Thu Feb 4 15:17:40 2021 +0100 Bug #31771: fix PEP8 styling issues commit 11cf5a57e36d9cdfc82f49fb0908f595a049974b Author: Soenke Schwardt-Krummrich <schwardt@univention.de> Date: Tue Oct 20 16:43:18 2020 +0200 Bug #52241: fix 40_mail.00check_forward_secrecy
https://jenkins.knut.univention.de:8181/job/UCS-5.0/job/UCS-5.0-0/view/Default/job/AutotestJoin/lastCompletedBuild/SambaVersion=no-samba,Systemrolle=master-part-II/testReport/40_mail/00check_forward_secrecy/master090/ [2021-03-08 01:01:21.232009] [2021-03-08 01:01:21.237219] Expecting one of the following ciphers to be used: ('AECDH-AES256-SHA', 'ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-ECDSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES256-SHA384', 'ECDHE-ECDSA-AES256-SHA384', 'ECDHE-RSA-AES256-SHA', 'ECDHE-ECDSA-AES256-SHA', 'AECDH-DES-CBC3-SHA', 'ECDHE-RSA-DES-CBC3-SHA', 'ECDHE-ECDSA-DES-CBC3-SHA', 'AECDH-AES128-SHA', 'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES128-SHA256', 'ECDHE-ECDSA ...[truncated 13949 chars]... 03-08 01:01:21.470199] New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 [2021-03-08 01:01:21.470226] New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 [2021-03-08 01:01:21.470252] New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 [2021-03-08 01:01:21.470277] New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 [2021-03-08 01:01:21.470305] Cipher : TLS_AES_256_GCM_SHA384 [2021-03-08 01:01:21.470332] -----------CUTCUTCUT---------------- [2021-03-08 01:01:21.470358] Cipher 'TLSv1.3, Cipher is' was found. → VERIFIED
UCS 5.0 has been released: https://docs.software-univention.de/release-notes-5.0-0-en.html https://docs.software-univention.de/release-notes-5.0-0-de.html If this error occurs again, please use "Clone This Bug".