Debian Bug report logs - #816145
php-pear: authentication failure for auth smtp using pear TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits) instead of AES256 256bits

version graph

Package: php-pear; Maintainer for php-pear is Debian PHP Maintainers <team+pkg-php@tracker.debian.org>; Source for php-pear is src:php-pear (PTS, buildd, popcon).

Reported by: Eliott <eliott.trotebas@servergamers.net>

Date: Sun, 28 Feb 2016 01:33:07 UTC

Severity: important

Tags: moreinfo

Found in version php5/5.6.17+dfsg-0+deb8u1

Done: Mathieu Parent <math.parent@gmail.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#816145; Package php-pear. (Sun, 28 Feb 2016 01:33:10 GMT) (full text, mbox, link).

Acknowledgement sent to Eliott <eliott.trotebas@servergamers.net>:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Sun, 28 Feb 2016 01:33:10 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Eliott <eliott.trotebas@servergamers.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: php-pear: authentication failure for auth smtp using pear TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits) instead of AES256 256bits
Date: Sun, 28 Feb 2016 02:30:57 +0100
Package: php-pear
Version: 5.6.17+dfsg-0+deb8u1
Severity: important

Dear Maintainer,

On debian 7.5 installation I can send mail with smpt authentication using PEAR package.

If I update (or fresh install) to debian 8 the smtp authentication has an error: authentication failure [SMTP: STARTTLS failed (code: 220, response: 2.0.0 Ready to start TLS)

On the server side we can see the difference on the log:

*** debian 7.5 ***

Feb 28 02:21:47 mail postfix/smtpd[15152]: Anonymous TLS connection established from web.servergamers.net[91.121.144.19]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Feb 28 02:21:47 mail postfix/smtpd[15152]: 6EDBB4C0823: client=web.servergamers.net[91.121.144.19], sasl_method=CRAM-MD5, sasl_username=webmaster@servergamers.net

*** debian 8 ***

Feb 28 02:09:17 mail postfix/smtpd[15135]: Anonymous TLS connection established from web2.servergamers.net[91.121.81.76]: TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)
Feb 28 02:09:17 mail postfix/smtpd[15135]: lost connection after STARTTLS from web2.servergamers.net[91.121.81.76]
Feb 28 02:09:17 mail postfix/smtpd[15135]: disconnect from web2.servergamers.net[91.121.81.76]

As you can see the cipher change from DHE-RSA-AES256-SH to DHE-RSA-AES128-SH and authentification fail.

You can found below all package I have installed:

*********************

apt-get update -y
apt-get upgrade -y
apt-get install -y libapache2-mod-php5 
apt-get install -y php5-mysql
apt-get install -y php5-curl
apt-get install -y pure-ftp-mysql
apt-get install -y htop
apt-get install php5-mcrypt
apt-get install php-pear

a2enmod ssl
php5enmod mcrypt
pear install mail
pear install Net_SMTP
pear install Auth_SASL

********************

Best Regards,

Eliott.

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages php-pear depends on:
ii  php5-cli     5.6.17+dfsg-0+deb8u1
ii  php5-common  5.6.17+dfsg-0+deb8u1

Versions of packages php-pear recommends:
ii  gnupg  1.4.20-4

Versions of packages php-pear suggests:
pn  php5-dev  <none>

-- no debconf information

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#816145; Package php-pear. (Sun, 28 Feb 2016 18:09:13 GMT) (full text, mbox, link).

Acknowledgement sent to Ondřej Surý <ondrej@sury.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Sun, 28 Feb 2016 18:09:13 GMT) (full text, mbox, link).

Message #10 received at 816145@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@sury.org>
To: Eliott <eliott.trotebas@servergamers.net>, Debian Bug Tracking System <816145@bugs.debian.org>
Subject: Re: [php-maint] Bug#816145: php-pear: authentication failure for auth smtp using pear TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits) instead of AES256 256bits
Date: Sun, 28 Feb 2016 19:06:25 +0100
Control: tags -1 +moreinfo

Hi Eliott,

my guess would be that there's something not entirely correct with your
certs as there were some changes in PHP 5.6 OpenSSL, please check here
that your setup is in fact correct:

http://php.net/manual/en/migration56.openssl.php

especially: Stream wrappers now verify peer certificates and host names
by default when using SSL/TLS ¶

Cheers,
-- 
Ondřej Surý <ondrej@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server

On Sun, Feb 28, 2016, at 02:30, Eliott wrote:
> Package: php-pear
> Version: 5.6.17+dfsg-0+deb8u1
> Severity: important
> 
> Dear Maintainer,
> 
> On debian 7.5 installation I can send mail with smpt authentication using
> PEAR package.
> 
> If I update (or fresh install) to debian 8 the smtp authentication has an
> error: authentication failure [SMTP: STARTTLS failed (code: 220,
> response: 2.0.0 Ready to start TLS)
> 
> On the server side we can see the difference on the log:
> 
> *** debian 7.5 ***
> 
> Feb 28 02:21:47 mail postfix/smtpd[15152]: Anonymous TLS connection
> established from web.servergamers.net[91.121.144.19]: TLSv1 with cipher
> DHE-RSA-AES256-SHA (256/256 bits)
> Feb 28 02:21:47 mail postfix/smtpd[15152]: 6EDBB4C0823:
> client=web.servergamers.net[91.121.144.19], sasl_method=CRAM-MD5,
> sasl_username=webmaster@servergamers.net
> 
> *** debian 8 ***
> 
> Feb 28 02:09:17 mail postfix/smtpd[15135]: Anonymous TLS connection
> established from web2.servergamers.net[91.121.81.76]: TLSv1 with cipher
> DHE-RSA-AES128-SHA (128/128 bits)
> Feb 28 02:09:17 mail postfix/smtpd[15135]: lost connection after STARTTLS
> from web2.servergamers.net[91.121.81.76]
> Feb 28 02:09:17 mail postfix/smtpd[15135]: disconnect from
> web2.servergamers.net[91.121.81.76]
> 
> As you can see the cipher change from DHE-RSA-AES256-SH to
> DHE-RSA-AES128-SH and authentification fail.
> 
> You can found below all package I have installed:
> 
> *********************
> 
> apt-get update -y
> apt-get upgrade -y
> apt-get install -y libapache2-mod-php5 
> apt-get install -y php5-mysql
> apt-get install -y php5-curl
> apt-get install -y pure-ftp-mysql
> apt-get install -y htop
> apt-get install php5-mcrypt
> apt-get install php-pear
> 
> a2enmod ssl
> php5enmod mcrypt
> pear install mail
> pear install Net_SMTP
> pear install Auth_SASL
> 
> ********************
> 
> Best Regards,
> 
> Eliott.
> 
> -- System Information:
> Debian Release: stretch/sid
>   APT prefers testing
>   APT policy: (500, 'testing')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
> Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: unable to detect
> 
> Versions of packages php-pear depends on:
> ii  php5-cli     5.6.17+dfsg-0+deb8u1
> ii  php5-common  5.6.17+dfsg-0+deb8u1
> 
> Versions of packages php-pear recommends:
> ii  gnupg  1.4.20-4
> 
> Versions of packages php-pear suggests:
> pn  php5-dev  <none>
> 
> -- no debconf information
> 
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint

Added tag(s) moreinfo. Request was from Ondřej Surý <ondrej@sury.org> to 816145-submit@bugs.debian.org. (Sun, 28 Feb 2016 18:09:13 GMT) (full text, mbox, link).

Reply sent to Mathieu Parent <math.parent@gmail.com>:
You have taken responsibility. (Thu, 01 Aug 2019 19:30:29 GMT) (full text, mbox, link).

Notification sent to Eliott <eliott.trotebas@servergamers.net>:
Bug acknowledged by developer. (Thu, 01 Aug 2019 19:30:29 GMT) (full text, mbox, link).

Message #17 received at 816145-done@bugs.debian.org (full text, mbox, reply):

From: Mathieu Parent <math.parent@gmail.com>
To: 816145-done@bugs.debian.org
Cc: Eliott <eliott.trotebas@servergamers.net>
Subject: Closing
Date: Thu, 1 Aug 2019 21:29:47 +0200
Hello,

I'm closing this bug. Having no response since 2016 (and this looks
like a config issue.

Regards
-- 
Mathieu Parent

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 30 Aug 2019 07:30:50 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Jul 2 01:20:59 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.