I was reading the release notes for the recent 9.0.1 fix pack, and was uncertain of the following fix:
- PPOR92UMM6 - Fixes issue when sending SMTP over SSL with: SSL handshake error: 1C7Bh and SSL bad peer certificate. This error occurs when an SSL implementation does not send the CA DN list during the certificate request phase. This fix allows the process to proceed. To revert to the old behavior, enable Notes.ini SSL_STRICT_V3=1. The default behavior is 0 or off.
Am I correct in understanding that the CA DN list that it mentions is the Issuer information, Ex:
CN = DigiCert High Assurance CA-3
OU = www.digicert.com
O = DigiCert Inc
C = US
If a certificate is missing this information, can the server accurately validate the issuer? If not, it seems like this fix might allow MITM attacks on outgoing email.
Is there someone with more knowledge who can validate or assuage my concern?
Subject: Checking with development <>
security/nk, rp, kl
Subject: Re: No security issue
Thank you for spending the time to correct my misunderstanding.
Subject: this code change impacts more than smtp tls
I’ve seen success with this new fix with other conditions outside of smtp
is relevant essentially anytime Domino is the SSL client
webservice consumers
Directory Assistance to secure ldap (636)
etc
Subject: No security issue
PPOR92UMM6 is not completely fixed in 9.01 FP1. The release notes will be corrected.
The complete fix for PPOR92UMM6 will be addressed in a future fix pack.
To address your question about whether there is a security issue -
There is no security vulnerability.
This SPR deals with an issue where the Domino server is acting as the SSL client. After the SSL server has sent the server certificate and server key exchange messages, the SSL server can optionally request a certificate from the SSL client, specifying a list of distinguished names of acceptable certificate authorities.
In some instances, no DN list of acceptable certificate authorities is specified by the SSL server.
Currently, in this case (where the SSL server is requesting a client certificate from Domino but does not specify the acceptable certificate authorities), the Domino server will respond with a fatal alert and end the SSL handshake. In a future fix, the Domino server will send a non-fatal SSL alert or the cert that it has, depending on the customer’s preference.
There is no security vulnerability. The SSL server has already proven its identity to the SSL client (the Domino server). The SSL server did not specify the acceptable certificate authorities when requesting the certificate from the SSL client, and it is up to the SSL server whether to continue with the handshake after Domino’s response.