[php-maint] Bug#816145: Bug#816145: php-pear: authentication failure for auth smtp using pear TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits) instead of AES256 256bits

Ondřej Surý ondrej at sury.org
Sun Feb 28 18:06:25 UTC 2016 

Control: tags -1 +moreinfo

Hi Eliott,

my guess would be that there's something not entirely correct with your
certs as there were some changes in PHP 5.6 OpenSSL, please check here
that your setup is in fact correct:

http://php.net/manual/en/migration56.openssl.php

especially: Stream wrappers now verify peer certificates and host names
by default when using SSL/TLS ¶

Cheers,
-- 
Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server

On Sun, Feb 28, 2016, at 02:30, Eliott wrote:
> Package: php-pear
> Version: 5.6.17+dfsg-0+deb8u1
> Severity: important
> 
> Dear Maintainer,
> 
> On debian 7.5 installation I can send mail with smpt authentication using
> PEAR package.
> 
> If I update (or fresh install) to debian 8 the smtp authentication has an
> error: authentication failure [SMTP: STARTTLS failed (code: 220,
> response: 2.0.0 Ready to start TLS)
> 
> On the server side we can see the difference on the log:
> 
> *** debian 7.5 ***
> 
> Feb 28 02:21:47 mail postfix/smtpd[15152]: Anonymous TLS connection
> established from web.servergamers.net[91.121.144.19]: TLSv1 with cipher
> DHE-RSA-AES256-SHA (256/256 bits)
> Feb 28 02:21:47 mail postfix/smtpd[15152]: 6EDBB4C0823:
> client=web.servergamers.net[91.121.144.19], sasl_method=CRAM-MD5,
> sasl_username=webmaster at servergamers.net
> 
> *** debian 8 ***
> 
> Feb 28 02:09:17 mail postfix/smtpd[15135]: Anonymous TLS connection
> established from web2.servergamers.net[91.121.81.76]: TLSv1 with cipher
> DHE-RSA-AES128-SHA (128/128 bits)
> Feb 28 02:09:17 mail postfix/smtpd[15135]: lost connection after STARTTLS
> from web2.servergamers.net[91.121.81.76]
> Feb 28 02:09:17 mail postfix/smtpd[15135]: disconnect from
> web2.servergamers.net[91.121.81.76]
> 
> As you can see the cipher change from DHE-RSA-AES256-SH to
> DHE-RSA-AES128-SH and authentification fail.
> 
> You can found below all package I have installed:
> 
> *********************
> 
> apt-get update -y
> apt-get upgrade -y
> apt-get install -y libapache2-mod-php5 
> apt-get install -y php5-mysql
> apt-get install -y php5-curl
> apt-get install -y pure-ftp-mysql
> apt-get install -y htop
> apt-get install php5-mcrypt
> apt-get install php-pear
> 
> a2enmod ssl
> php5enmod mcrypt
> pear install mail
> pear install Net_SMTP
> pear install Auth_SASL
> 
> ********************
> 
> Best Regards,
> 
> Eliott.
> 
> -- System Information:
> Debian Release: stretch/sid
>   APT prefers testing
>   APT policy: (500, 'testing')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
> Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: unable to detect
> 
> Versions of packages php-pear depends on:
> ii  php5-cli     5.6.17+dfsg-0+deb8u1
> ii  php5-common  5.6.17+dfsg-0+deb8u1
> 
> Versions of packages php-pear recommends:
> ii  gnupg  1.4.20-4
> 
> Versions of packages php-pear suggests:
> pn  php5-dev  <none>
> 
> -- no debconf information
> 
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint

More information about the pkg-php-maint mailing list