[Pkg-openssl-devel] libssl1.0.0 changelog and StartTLS borken...

Woody woody at suwalski.net
Wed Jul 1 18:22:44 UTC 2015 

The changelog for openssl, libssl and related is missing. See:

http://ftp-master.metadata.debian.org/changelogs//main/o/openssl/openssl_1.0.1k-3+deb8u1_changelog

I have a problem with the StartTLS after upgrading to the 1.0.0k version.
The phones (Android, Blackberry) trying to send SMTP email using 
StartTLS authentication fail:

2015-07-01 06:56:15 TLS error on connection from dankaq5.suwalski.net 
([127.0.0.1]) [120.7.1.74] (via inetd) (recv): A TLS packet with 
unexpected length was received.
2015-07-01 06:56:15 TLS error on connection from dankaq5.suwalski.net 
([127.0.0.1]) [120.7.1.74] (via inetd) (send): The specified session has 
been invalidated for some reason.

After restoring the backup from May, it is working for me again with old 
versions of SSL:
suwnet:/home/woody> dpkg -l | grep ssl
ii  libcrypt-openssl-bignum-perl 0.04-3                         
i386         Access OpenSSL multiprecision integer arithmetic libraries
ii  libcrypt-openssl-rsa-perl 0.28-1                         
i386         module for RSA encryption using OpenSSL
ii  libcrypt-ssleay-perl 0.58-1                         i386         
OpenSSL support for LWP
ii  libgnutls-openssl27:i386 2.12.20-8+deb7u3               i386         
GNU TLS library - OpenSSL wrapper
ii  libio-socket-ssl-perl 1.76-2                         all          
Perl module implementing object oriented interface to SSL sockets
ii  libnet-ssleay-perl 1.48-1+b1                      i386         Perl 
module for Secure Sockets Layer (SSL)
ii  libssl-dev 1.0.1e-2+deb7u16               i386         SSL 
development libraries, header files and documentation
ii  libssl0.9.8 0.9.8o-4squeeze14              i386         SSL shared 
libraries
ii  libssl1.0.0:i386 1.0.1e-2+deb7u16               i386         SSL 
shared libraries
ii  openssl 1.0.1e-2+deb7u16               i386         Secure Socket 
Layer (SSL) binary and related cryptographic tools
ii  ssl-cert 1.0.32                         all          simple debconf 
wrapper for OpenSSL

Will there be a fixup patch released sometime for this issue?

I have found somewhere else references for an LDAP showing similar 
symptoms - it was established that the issue was the incompatibility 
between openssl and gnutls.

Are you aware of similar problems with exim4?

Or is it some other package breaking things and I am blaming openssl by 
mistake :-(

Thanks, Woody

More information about the Pkg-openssl-devel mailing list