[php-maint] Bug#816145: php-pear: authentication failure for auth smtp using pear TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits) instead of AES256 256bits

Eliott eliott.trotebas at servergamers.net
Sun Feb 28 01:30:57 UTC 2016 

Package: php-pear
Version: 5.6.17+dfsg-0+deb8u1
Severity: important

Dear Maintainer,

On debian 7.5 installation I can send mail with smpt authentication using PEAR package.

If I update (or fresh install) to debian 8 the smtp authentication has an error: authentication failure [SMTP: STARTTLS failed (code: 220, response: 2.0.0 Ready to start TLS)

On the server side we can see the difference on the log:

*** debian 7.5 ***

Feb 28 02:21:47 mail postfix/smtpd[15152]: Anonymous TLS connection established from web.servergamers.net[91.121.144.19]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Feb 28 02:21:47 mail postfix/smtpd[15152]: 6EDBB4C0823: client=web.servergamers.net[91.121.144.19], sasl_method=CRAM-MD5, sasl_username=webmaster at servergamers.net

*** debian 8 ***

Feb 28 02:09:17 mail postfix/smtpd[15135]: Anonymous TLS connection established from web2.servergamers.net[91.121.81.76]: TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)
Feb 28 02:09:17 mail postfix/smtpd[15135]: lost connection after STARTTLS from web2.servergamers.net[91.121.81.76]
Feb 28 02:09:17 mail postfix/smtpd[15135]: disconnect from web2.servergamers.net[91.121.81.76]

As you can see the cipher change from DHE-RSA-AES256-SH to DHE-RSA-AES128-SH and authentification fail.

You can found below all package I have installed:

*********************

apt-get update -y
apt-get upgrade -y
apt-get install -y libapache2-mod-php5 
apt-get install -y php5-mysql
apt-get install -y php5-curl
apt-get install -y pure-ftp-mysql
apt-get install -y htop
apt-get install php5-mcrypt
apt-get install php-pear

a2enmod ssl
php5enmod mcrypt
pear install mail
pear install Net_SMTP
pear install Auth_SASL

********************

Best Regards,

Eliott.

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages php-pear depends on:
ii  php5-cli     5.6.17+dfsg-0+deb8u1
ii  php5-common  5.6.17+dfsg-0+deb8u1

Versions of packages php-pear recommends:
ii  gnupg  1.4.20-4

Versions of packages php-pear suggests:
pn  php5-dev  <none>

-- no debconf information

More information about the pkg-php-maint mailing list