[Pkg-openssl-devel] Bug#706423: openssl: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:337:
Gedalya
gedalya at gedalya.net
Wed Jun 12 02:05:30 UTC 2013
Hi,
I think this problem is a little more serious. It basically means that:
1. We have to disable TLSv1.1/1.2 if we want to be interoperable with
certain systems that are (sadly) still widely used. TLSv1.2 is a major
new feature, disabling it is not what we want.
2. Since you can't always disable TLSv1.1/1.2 in every application, it
means we sometimes have to disable TLS altogether, or where TLS is
required, you just won't be able to connect. This means openssl in
wheezy is sometimes unusable.
The discussion here[1] seems to be misguided. Of course it's nice for
every app to expose openssl options in its config, but openssl is what
is broken here.
As for blaming the remote side - GnuTLS apps in wheezy are able to talk
to MS Exchange (same exact servers having this error with postfix) with
no specific configuration changes, having TLSv1.2 still enabled (e.g. exim).
[1] http://web.archiveorange.com/archive/v/ATzXXOjuq9y3yWEltUyY
Thanks,
Gedalya
More information about the Pkg-openssl-devel
mailing list