We're using TLS with postfix 2.3.6-1. One of our servers reported the
following errors a few times:
Mar 9 06:25:30 smtp3 postfix/smtpd[1747]: warning: TLS library problem:
1747:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or
bad record mac:s3_pkt.c:426:
Mar 9 06:27:09 smtp3 postfix/smtpd[1765]: warning: TLS library problem:
1765:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or
bad record mac:s3_pkt.c:426:
I tried this command you suggested several times and wasn't able to
reproduce the error:
openssl s_client -starttls smtp -crlf -connect localhost:25 -bugs -no_ssl2
Actually, this happened a few times and hasn't happened since, so I'm
inclined not to worry too much about it.
Thanks for your help.
________________
Kirsten Petersen
Network Services * Oregon State University
http://oregonstate.edu/net * irc.oregonstate.edu #osu-is
"If you're not learning, you're not living."
On Fri, 30 Mar 2007, Kurt Roeckx wrote:
On Fri, Mar 30, 2007 at 11:31:57AM -0700, Kirsten Petersen wrote:
We are seeing this issue with libssl 0.9.8c-4 on a debian etch box.
Will there be a fix for this version available in etch?
This really should have been fixed in 0.9.8c-4. This has also been
fixed upstream in the 0.9.8c version. No version in etch should be
affected by this bug.
You're also like the only one complaining, so I have the feeling
something else is wrong.
Can you tell me a little more about the problem you're seeing? Is it
easy to reproduce? Can you reproduce it using openssl?
Is it a self written application, or something else that's available
in Debian?
Do you know what the other side of the connection is using?
There are some other "bad record MAC" bugs open. I think most of them
are related to multithreaded applications that don't use the
CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() functions.
Kurt
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
