Bug#706423: [Pkg-openssl-devel] Bug#706423: openssl: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:337:

Wed, 12 Jun 2013 10:51:57 -0700 

On 06/12/2013 12:35 PM, Kurt Roeckx wrote:

On Tue, Jun 11, 2013 at 10:05:30PM -0400, Gedalya wrote:

The discussion here[1] seems to be misguided. Of course it's nice
for every app to expose openssl options in its config, but openssl
is what is broken here.

I'm pretty sure that the other side is broken, it's just that
openssl is exposing the problems on the other side.  Maybe
we can work around it, but in that case I need more info.


As for blaming the remote side - GnuTLS apps in wheezy are able to
talk to MS Exchange (same exact servers having this error with
postfix) with no specific configuration changes, having TLSv1.2
still enabled (e.g. exim).

This is new for me.  In all recent cases I've seen gnutls had
the same problem talking to servers as openssl has.  So if this
is a server I can access over the internet, can you give more
details?


Kurt
Jun 9 07:03:27 mailout1 postfix/smtp[4748]: Untrusted TLS connection established to mail.megacontractinginc.com[64.61.170.194]:25: TLSv1 with cipher DES-CBC3-SHA (168/168 bits) Jun 9 07:03:27 mailout1 postfix/smtp[4748]: warning: TLS library problem: 4748:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:337: Jun 9 07:03:27 mailout1 postfix/smtp[4748]: 727D91FED2: lost connection with mail.megacontractinginc.com[64.61.170.194] while sending MAIL FROM Jun 9 07:03:27 mailout1 postfix/smtp[4748]: Untrusted TLS connection established to mail.megacontractinginc.com[50.74.229.90]:25: TLSv1 with cipher DES-CBC3-SHA (168/168 bits) Jun 9 07:03:27 mailout1 postfix/smtp[4748]: warning: TLS library problem: 4748:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:337:
You can try to send to aaaaaaaaaaaaaa at megacontractinginc.com, reproducing the problem would mean you get cut off after MAIL FROM, a 550 user unknown is success. 
in my trials, postfix+openssl has the problem, exim+GnuTLS does not.
But I believe this should be the same with IIS6, etc, I don't think it has anything to do with Exchange, or with any particular server. I'll try to dig around more and bring more examples. 

Thanks


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to