[Pkg-openssl-devel] Bug#706423: Bug#706423: openssl: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:337:

Kurt Roeckx kurt at roeckx.be
Wed Jun 12 18:35:25 UTC 2013 

On Wed, Jun 12, 2013 at 01:49:58PM -0400, Gedalya wrote:
> On 06/12/2013 12:35 PM, Kurt Roeckx wrote:
> >On Tue, Jun 11, 2013 at 10:05:30PM -0400, Gedalya wrote:
> >>The discussion here[1] seems to be misguided. Of course it's nice
> >>for every app to expose openssl options in its config, but openssl
> >>is what is broken here.
> >I'm pretty sure that the other side is broken, it's just that
> >openssl is exposing the problems on the other side.  Maybe
> >we can work around it, but in that case I need more info.
> >
> >>As for blaming the remote side - GnuTLS apps in wheezy are able to
> >>talk to MS Exchange (same exact servers having this error with
> >>postfix) with no specific configuration changes, having TLSv1.2
> >>still enabled (e.g. exim).
> >This is new for me.  In all recent cases I've seen gnutls had
> >the same problem talking to servers as openssl has.  So if this
> >is a server I can access over the internet, can you give more
> >details?
> >
> >
> >Kurt
> >
> Jun  9 07:03:27 mailout1 postfix/smtp[4748]: Untrusted TLS
> connection established to
> mail.megacontractinginc.com[64.61.170.194]:25: TLSv1 with cipher
> DES-CBC3-SHA (168/168 bits)
> Jun  9 07:03:27 mailout1 postfix/smtp[4748]: warning: TLS library
> problem: 4748:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
> version number:s3_pkt.c:337:
> Jun  9 07:03:27 mailout1 postfix/smtp[4748]: 727D91FED2: lost
> connection with mail.megacontractinginc.com[64.61.170.194] while
> sending MAIL FROM
> Jun  9 07:03:27 mailout1 postfix/smtp[4748]: Untrusted TLS
> connection established to
> mail.megacontractinginc.com[50.74.229.90]:25: TLSv1 with cipher
> DES-CBC3-SHA (168/168 bits)
> Jun  9 07:03:27 mailout1 postfix/smtp[4748]: warning: TLS library
> problem: 4748:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
> version number:s3_pkt.c:337:

This start a succesful (TLSv1) connection for me:
openssl s_client -connect mail.megacontractinginc.com:25 -starttls smtp -crlf

But I can reproduce some weird behaviour with it that goes away
when I use -no_tls1_2.


Kurt

More information about the Pkg-openssl-devel mailing list