I am getting the same problem (various SSL errors after a successful negotiation) with an SMTP server I've written in Ruby, and I'm stuck with it
I've resorted to tracing through the Postfix SSL/TLS code to see how they handle it, and it looks like they just keep retrying the operation until its successful (tls_bio_ops.c or something similar) Good luck, I would love to know if you find a solution Thanks, Luke ==== Sent via Nyx On 18 May 2012, at 00:48, Greg Wittmeyer <gr...@gammadyne.com> wrote: > Hello all, hope someone can help. > > I upgraded from 1.0.0d to 1.0.1c and immediately started getting this error: > > error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number > > It occurs during SMTP after successful negotiation. Oddly, the first command > after negotiation works, but not the second. Here is the complete > conversation: > > 220 mail.gammadyne.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 > ready at Wed, 16 May 2012 23:59:12 -0500 >> EHLO gammadyne.com > 250-mail.gammadyne.com Hello [64.126.68.153] > 250-AUTH=LOGIN > 250-AUTH LOGIN > 250-TURN > 250-SIZE 30720000 > 250-ETRN > 250-PIPELINING > 250-DSN > 250-ENHANCEDSTATUSCODES > 250-8bitmime > 250-BINARYMIME > 250-CHUNKING > 250-VRFY > 250-TLS > 250-STARTTLS > 250 OK >> STARTTLS > 220 2.0.0 SMTP server ready >> SSL negotiated, cipher=DES-CBC3-SHA, bits=168, version=TLSv1/SSLv3 >> EHLO gammadyne.com > 250-mail.gammadyne.com Hello [64.126.68.153] > 250-AUTH=LOGIN > 250-AUTH LOGIN > 250-TURN > 250-SIZE 30720000 > 250-ETRN > 250-PIPELINING > 250-DSN > 250-ENHANCEDSTATUSCODES > 250-8bitmime > 250-BINARYMIME > 250-CHUNKING > 250-VRFY > 250 OK >> AUTH LOGIN >> SSL read error 1: SSL module internal error > error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number > > > My configuration is as follows: > > ctx = SSL_CTX_new(SSLv23_client_method()); > SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | > SSL_MODE_AUTO_RETRY); > SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); > > > I've tried the following solutions to no avail: > * Upgrading NASM to latest version > * Upgrading Perl to latest version > * Installing all updates on the mail server (Windows 2003/IIS6) > * SSL_OP_ALL, SSL_OP_CIPHER_SERVER_PREFERENCE, > SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION > > Using SSL_OP_NO_TLSv1 does fix the problem, but I don't really want to > disable TLS1. > > Could it be the cipher? On 1.0.0d, the negotiated cipher was RC4-MD5 > > It's a rather odd problem. Anyone have any ideas? > > TIA, Greg Wittmeyer, Gammadyne Corp. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org