[Pkg-openssl-devel] OpenSSL bug? (error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number)

W. Martin Borgert debacle at debian.org
Sat Feb 23 01:11:15 UTC 2013


On 2013-02-22 22:05, Kurt Roeckx wrote:
> On Fri, Feb 22, 2013 at 09:39:49PM +0100, W. Martin Borgert wrote:
> > I have a problem with wheezy, but not with squeeze.
> > I assume, it is an OpenSSL issue, but I'm not sure.
> [...]
> > ssl.SSLError: [Errno 1] _ssl.c:1359: error:1408F10B:SSL
> > routines:SSL3_GET_RECORD:wrong version number
>
> Can you reproduce this with "openssl s_client"?
>
> Can you try the "-no_tls1_2" and "-no_tls1_1" options?
>
> This is most likely a bug in the software you're trying to
> talk too, not in openssl.

This is for sure, as it identifies itself as "Microsoft Exchange
Server 2003 IMAP4rev1-Server, Version 6.5.7638.1" :~) Anyway, I
need to retrieve emails from this thing.

On squeeze (openssl 0.9.8o-4squeeze14), the command

openssl s_client -connect 192.168.1.1:993

seems to work, i.e. the IMAP server seems to wait for commands
(EHLO or whatever) after telling me it is MS Exchange.

On wheezy (openssl 1.0.1c-4), the same command terminates with

140159863764648:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:340:

after printing the MS Exchange stuff above.

However, when I add either -no_tls1_1 or -no_tls1_2 or both on
wheezy, it works. I would need the equivalent of these options
inside the Python IMAP4_SSL class, but there is nothing.

I wonder, whether this is related to #680137? I did not yet try
the patch in that bug report, however.

Cheers



More information about the Pkg-openssl-devel mailing list