Hello,
I added a cipher in OpenSSL and NSS. I would like to send an email with
SMTPs from a modified Thunderbird (because of NSS) to a postfix.
The TLS negociation is between NSS and OpenSSL.
However, I get the following error:
Mar 18 19:40:15 pico postfix/smtpd[3842]: SSL3 alert write:fatal:bad
record mac
Mar 18 19:40:15 pico postfix/smtpd[3842]: SSL_accept:error in SSLv3 read
certificate verify A
Mar 18 19:40:15 pico postfix/smtpd[3842]: SSL_accept error from
unknown[10.0.0.69]: -1
Mar 18 19:40:15 pico postfix/smtpd[3842]: warning: TLS library problem:
3842:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or
bad record mac:s3_pkt.c:422:
Mar 18 19:40:15 tcc postfix/smtpd[3842]: lost connection after STARTTLS
from unknown[10.0.0.69]
Google haven't been helpful.
I manage to have a working TLS when I use openssl s_server, s_client.
I believe part of the negociation works, I mean they do recognize the
OID. In Thunderbird, I put a printf at the entrance of the cbc
encryption and it gets printed, meaning it enters in the right cipher.
I don't think it's a decryption failure because of the working tunnel
and above all, the first line I copied here : bad record mac. What does
it mean exactly?
Do you have any hint in what could be wrong?
Thanks in advance for your help,
Gregory.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
