Hello OpenSSL Developers, I have an issue related to OpenSSL & Sendmail, in which sendmail is not working with OpenSSL 0.9.8m onwards and so, I want to report this bug.
Though, it works fine with OpenSSL 0.9.8k & OpenSSL 0.9.8l but fails with OpenSSL 0.9.8m ,0.9.8n etc ( till the latest 0.9.8x ) . Please note that nothing has been changed from the configuration point of view ( for both OpenSSL as well as Sendmail ) while updating from OpenSSL 0.9.8k to a version >= 0.9.8m . *I am using TLS version of sendmail compiled with STARTTLS & the Operating System being used is AIX*. *The Sendmail version is - 8.14.4 .* The steps to reproduce the issue are as below - 1. *stopsrc -s sendmail* 2.* ln -sf /usr/sbin/sendmail_ssl /usr/lib/sendmail * ( to make sure the sendmail binary compiled with STARTTLS i.e /usr/sbin/sendmail_ssl will be used ) 3. *startsrc -s sendmail -a "-bd -q30" * 4.Now execute the below command on the same machine - # *openssl s_client -starttls smtp -connect localhost:25 -CApath /etc/mail/certs* CONNECTED(00000004) 5243082:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:182: <== Error message. Also , the following error is beoing logged in the syslog file - *Oct 11 02:07:12 vayu10 mail:warn|warning sendmail[5767316]: STARTTLS=server, error: accept failed=0, SSL_error=1, errno=0, retry=-1, relay=localhost [127.0.0.1] Oct 11 02:07:12 vayu10 mail:warn|warning sendmail[5767316]: STARTTLS=server: 5767316:error:140B6044:SSL routines:SSL_GET_SERVER_SEND_CERT:internal error:ssl_lib.c:1991: Oct 11 02:07:12 vayu10 mail:warn|warning sendmail[5767316]: STARTTLS=server: 5767316:error:1409A044:SSL routines:SSL3_SEND_SERVER_CERTIFICATE:internal error:s3_srvr.c:2657: Oct 11 02:07:12 vayu10 mail:info sendmail[5767316]: q9B77C475767316: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA * The same setup is working with older OpenSSL versions 0.9.8k & 0.9.8l .I noticed some major changes in OpenSSL 0.9.8.m from renegotiation point of view due to *CVE-2009-3555* . I debugged this quite a few times & found that *value of* *s->s3->tmp.new_cipher is NULL* which should contain a selected Cipher value. Any help is much appreciated. ========================= Thanks Vikas K VickyHello OpenSSL Developers,
I have an issue related to OpenSSL & Sendmail, in which sendmail is not working? with? OpenSSL 0.9.8m onwards and so, I want to report this bug.
Though, it works fine with OpenSSL 0.9.8k &? OpenSSL 0.9.8l but fails with OpenSSL 0.9.8m ,0.9.8n etc ( till the latest 0.9.8x ) .
Please note that nothing has been changed from the configuration point of view ( for both OpenSSL as well as Sendmail ) while updating from
OpenSSL 0.9.8k to? a version >= 0.9.8m .
I am using TLS version of sendmail compiled with STARTTLS & the Operating System being used is AIX.
The Sendmail version is - 8.14.4 .
The steps to reproduce the issue are as below -
1. stopsrc -s sendmail
2. ln -sf /usr/sbin/sendmail_ssl /usr/lib/sendmail????????? ( to make sure the sendmail binary compiled with STARTTLS? i.e /usr/sbin/sendmail_ssl will be used )
3. startsrc -s sendmail -a "-bd -q30"
4.Now execute the below command on the same machine -
# openssl s_client -starttls smtp -connect localhost:25 -CApath /etc/mail/certs
CONNECTED(00000004)
5243082:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:182:?????? <== Error message.
Also , the following error is beoing logged in the syslog file -
Oct 11 02:07:12 vayu10 mail:warn|warning sendmail[5767316]: STARTTLS=server, error: accept failed=0, SSL_error=1, errno=0, retry=-1, relay=localhost [127.0.0.1]
Oct 11 02:07:12 vayu10 mail:warn|warning sendmail[5767316]: STARTTLS=server: 5767316:error:140B6044:SSL routines:SSL_GET_SERVER_SEND_CERT:internal error:ssl_lib.c:1991:
Oct 11 02:07:12 vayu10 mail:warn|warning sendmail[5767316]: STARTTLS=server: 5767316:error:1409A044:SSL routines:SSL3_SEND_SERVER_CERTIFICATE:internal error:s3_srvr.c:2657:
Oct 11 02:07:12 vayu10 mail:info sendmail[5767316]: q9B77C475767316: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
The same setup is working with older OpenSSL versions 0.9.8k & 0.9.8l .I noticed? some major changes in OpenSSL 0.9.8.m from renegotiation point of view due to CVE-2009-3555 .
I debugged this quite a few times & found that? value of s->s3->tmp.new_cipher is NULL which should contain a selected Cipher value.
Any help is much appreciated.
=========================
Thanks
Vikas K Vicky