Bug#338006: [Pkg-openssl-devel] Bug#338006: libssl 0.9.8c-4

[Kirsten Petersen]

We're using TLS with postfix 2.3.6-1.  One of our servers reported the 
following errors a few times:

Mar  9 06:25:30 smtp3 postfix/smtpd[1747]: warning: TLS library problem:
1747:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or
bad record mac:s3_pkt.c:426:
Mar  9 06:27:09 smtp3 postfix/smtpd[1765]: warning: TLS library problem: 
1765:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or
bad record mac:s3_pkt.c:426:


I tried this command you suggested several times and wasn't able to 
reproduce the error:
openssl s_client -starttls smtp -crlf -connect localhost:25 -bugs -no_ssl2

Actually, this happened a few times and hasn't happened since, so I'm 
inclined not to worry too much about it.

Thanks for your help.

________________
Kirsten Petersen
Network Services * Oregon State University
http://oregonstate.edu/net * irc.oregonstate.edu #osu-is
"If you're not learning, you're not living."

On Fri, 30 Mar 2007, Kurt Roeckx wrote:

> On Fri, Mar 30, 2007 at 11:31:57AM -0700, Kirsten Petersen wrote:
>> We are seeing this issue with libssl 0.9.8c-4 on a debian etch box.
>> Will there be a fix for this version available in etch?
>
> This really should have been fixed in 0.9.8c-4.  This has also been
> fixed upstream in the 0.9.8c version.  No version in etch should be
> affected by this bug.
>
> You're also like the only one complaining, so I have the feeling
> something else is wrong.
>
> Can you tell me a little more about the problem you're seeing?  Is it
> easy to reproduce?  Can you reproduce it using openssl?
>
> Is it a self written application, or something else that's available
> in Debian?
>
> Do you know what the other side of the connection is using?
>
> There are some other "bad record MAC" bugs open.  I think most of them
> are related to multithreaded applications that don't use the
> CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() functions.
>
>
> Kurt
>
>
>
>