Bug#338006: [Pkg-openssl-devel] Bug#338006: libssl 0.9.8c-4
Kirsten Petersen
kirsten.petersen at oregonstate.edu
Fri Mar 30 22:02:17 UTC 2007
We're using TLS with postfix 2.3.6-1. One of our servers reported the
following errors a few times:
Mar 9 06:25:30 smtp3 postfix/smtpd[1747]: warning: TLS library problem:
1747:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or
bad record mac:s3_pkt.c:426:
Mar 9 06:27:09 smtp3 postfix/smtpd[1765]: warning: TLS library problem:
1765:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or
bad record mac:s3_pkt.c:426:
I tried this command you suggested several times and wasn't able to
reproduce the error:
openssl s_client -starttls smtp -crlf -connect localhost:25 -bugs -no_ssl2
Actually, this happened a few times and hasn't happened since, so I'm
inclined not to worry too much about it.
Thanks for your help.
________________
Kirsten Petersen
Network Services * Oregon State University
http://oregonstate.edu/net * irc.oregonstate.edu #osu-is
"If you're not learning, you're not living."
On Fri, 30 Mar 2007, Kurt Roeckx wrote:
> On Fri, Mar 30, 2007 at 11:31:57AM -0700, Kirsten Petersen wrote:
>> We are seeing this issue with libssl 0.9.8c-4 on a debian etch box.
>> Will there be a fix for this version available in etch?
>
> This really should have been fixed in 0.9.8c-4. This has also been
> fixed upstream in the 0.9.8c version. No version in etch should be
> affected by this bug.
>
> You're also like the only one complaining, so I have the feeling
> something else is wrong.
>
> Can you tell me a little more about the problem you're seeing? Is it
> easy to reproduce? Can you reproduce it using openssl?
>
> Is it a self written application, or something else that's available
> in Debian?
>
> Do you know what the other side of the connection is using?
>
> There are some other "bad record MAC" bugs open. I think most of them
> are related to multithreaded applications that don't use the
> CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() functions.
>
>
> Kurt
>
>
>
>
More information about the Pkg-openssl-devel
mailing list