Skip to content

TLS Connection Failure with Go 1.22+ Due to Disabled RSA Cipher Suites (Version 0.7.1 is good, but problems occur in later versions ) #789

New issue
New issue
Open
Open
TLS Connection Failure with Go 1.22+ Due to Disabled RSA Cipher Suites (Version 0.7.1 is good, but problems occur in later versions )#789
Labels
bugSomething isn't working.
@Erratic-Finance

Description

@Erratic-Finance
Erratic-Finance
opened on Jun 18, 2025

Problem Description
After upgrading maddy to compile with Go 1.23 (or Go 1.22+), sending emails to certain mail servers fails due to TLS handshake errors. This occurs because Go 1.22+ removed support for the insecure RSA key exchange cipher suites by default. Remote servers that only support these legacy cipher suites (e.g., TLS_RSA_WITH_*) reject the connection, preventing email delivery.

Root Cause
As documented in Go's release notes (Go 1.22 and Go 1.23):

Go 1.22 removed RSA key exchange-based cipher suites from the default TLS configuration.

Go 1.23 further removed 3DES-based suites.
This causes compatibility issues with older mail servers still relying on RSA key exchange.

Proposed Solutions

Compile-Time Workaround
Re-enable RSA support via the GODEBUG flag during compilation:

bash
GODEBUG=tlsrsakex=1 go build ./cmd/maddy
Configuration File Workaround
Explicitly specify legacy-compatible cipher suites in maddy.conf:

go
tls {
ciphers "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA"

Add other required suites (prioritize ECDHE where possible)

}
Note: Include TLS_RSA_WITH_* suites only if strictly necessary, as they are less secure.

Recommendations

Documentation: Update build/configuration docs to warn users about Go 1.22+ compatibility issues and provide the above workarounds.

Fallback Logic: Consider adding runtime warnings when TLS handshakes fail due to cipher mismatches, suggesting recompilation with tlsrsakex=1 or config adjustments.

Reproduction Steps

Compile maddy with Go 1.23 (no custom GODEBUG).

Attempt delivery to a server enforcing RSA key exchange (e.g., older Exchange/SMTP services).

Observe TLS handshake failure in logs:

text
tls: no cipher suite supported by both client and server
References

Go TLS defaults: crypto/tls/common.go

Go 1.22 release notes: tlsrsakex=1

Thank you for maintaining maddy! Let me know if further details are needed.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions