[Pkg-openssl-devel] Bug#706423: Bug#706423: openssl: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:337:

Gedalya gedalya at gedalya.net
Wed Jun 12 17:49:58 UTC 2013 

On 06/12/2013 12:35 PM, Kurt Roeckx wrote:
> On Tue, Jun 11, 2013 at 10:05:30PM -0400, Gedalya wrote:
>> The discussion here[1] seems to be misguided. Of course it's nice
>> for every app to expose openssl options in its config, but openssl
>> is what is broken here.
> I'm pretty sure that the other side is broken, it's just that
> openssl is exposing the problems on the other side.  Maybe
> we can work around it, but in that case I need more info.
>
>> As for blaming the remote side - GnuTLS apps in wheezy are able to
>> talk to MS Exchange (same exact servers having this error with
>> postfix) with no specific configuration changes, having TLSv1.2
>> still enabled (e.g. exim).
> This is new for me.  In all recent cases I've seen gnutls had
> the same problem talking to servers as openssl has.  So if this
> is a server I can access over the internet, can you give more
> details?
>
>
> Kurt
>
Jun  9 07:03:27 mailout1 postfix/smtp[4748]: Untrusted TLS connection 
established to mail.megacontractinginc.com[64.61.170.194]:25: TLSv1 with 
cipher DES-CBC3-SHA (168/168 bits)
Jun  9 07:03:27 mailout1 postfix/smtp[4748]: warning: TLS library 
problem: 4748:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version 
number:s3_pkt.c:337:
Jun  9 07:03:27 mailout1 postfix/smtp[4748]: 727D91FED2: lost connection 
with mail.megacontractinginc.com[64.61.170.194] while sending MAIL FROM
Jun  9 07:03:27 mailout1 postfix/smtp[4748]: Untrusted TLS connection 
established to mail.megacontractinginc.com[50.74.229.90]:25: TLSv1 with 
cipher DES-CBC3-SHA (168/168 bits)
Jun  9 07:03:27 mailout1 postfix/smtp[4748]: warning: TLS library 
problem: 4748:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version 
number:s3_pkt.c:337:

You can try to send to aaaaaaaaaaaaaa at megacontractinginc.com, 
reproducing the problem would mean you get cut off after MAIL FROM, a 
550 user unknown is success.
in my trials, postfix+openssl has the problem, exim+GnuTLS does not.
But I believe this should be the same with IIS6, etc, I don't think it 
has anything to do with Exchange, or with any particular server. I'll 
try to dig around more and bring more examples.

Thanks

More information about the Pkg-openssl-devel mailing list