Bug#338006: [Pkg-openssl-devel] Bug#338006: libssl0.9.8: bad record mac because of wrong SSL_OP_TLS_BLOCK_PADDING_BUG handling - possible workaround

Kurt Roeckx kurt at roeckx.be
Sun Jan 15 21:38:16 UTC 2006


On Sun, Jan 15, 2006 at 05:15:20PM +0100, Kurt Roeckx wrote:
> To quote a part from that email:
> > You were right. If I change:
> > no-idea no-rc5 shared
> > 
> > to:
> > zlib no-idea no-rc5 shared
> > 
> > and rebuild, cyrus-imapd gives me that "bad record mac" error with the
> > resulting openssl. Removing "zlib" makes it go away.
> 
> So it seem we have 2 things that conflict here.  If we have zlib,
> it breaks applications, if we don't, it breaks others.

I should correct myself.  We have 3 options for zlib:
- no-zlib
- zlib
- zlib-dynamic

Package breaks if we use zlib-dynamic and zlib1-dev is not
installed, which is why we used zlib instead.  Build with any of
those options it fails with the "decryption failed or bad record
mac" error.

If either the server or the client do not support zlib, things
work.

And it seems that the 0.9.7 server doesn't use zlib, even though
it was build with zlib support.

I'm still not sure if this is a bug in the server or the client.


Kurt





More information about the Pkg-openssl-devel mailing list