I just tried 1.0.1f and the problem that I reported in May 2012 is still present.
If you want to try it for yourself, try sending an email over SSL to nob...@cetest.nl To summarize, after the AUTH LOGIN command is sent, OpenSSL will produce this error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Gammadyne wrote > Hello all, hope someone can help. > > I upgraded from 1.0.0d to 1.0.1c and immediately started getting this > error: > > error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number > > It occurs during SMTP after successful negotiation. Oddly, the first > command after negotiation works, but not the second. Here is the complete > conversation: > > 220 mail.gammadyne.com Microsoft ESMTP MAIL Service, Version: > 6.0.3790.4675 ready at Wed, 16 May 2012 23:59:12 -0500 >>EHLO gammadyne.com > 250-mail.gammadyne.com Hello [64.126.68.153] > 250-AUTH=LOGIN > 250-AUTH LOGIN > 250-TURN > 250-SIZE 30720000 > 250-ETRN > 250-PIPELINING > 250-DSN > 250-ENHANCEDSTATUSCODES > 250-8bitmime > 250-BINARYMIME > 250-CHUNKING > 250-VRFY > 250-TLS > 250-STARTTLS > 250 OK >>STARTTLS > 220 2.0.0 SMTP server ready >>SSL negotiated, cipher=DES-CBC3-SHA, bits=168, version=TLSv1/SSLv3 >>EHLO gammadyne.com > 250-mail.gammadyne.com Hello [64.126.68.153] > 250-AUTH=LOGIN > 250-AUTH LOGIN > 250-TURN > 250-SIZE 30720000 > 250-ETRN > 250-PIPELINING > 250-DSN > 250-ENHANCEDSTATUSCODES > 250-8bitmime > 250-BINARYMIME > 250-CHUNKING > 250-VRFY > 250 OK >>AUTH LOGIN >>SSL read error 1: SSL module internal error > error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number > > > My configuration is as follows: > > ctx = SSL_CTX_new(SSLv23_client_method()); > SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | > SSL_MODE_AUTO_RETRY); > SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); > > > I've tried the following solutions to no avail: > * Upgrading NASM to latest version > * Upgrading Perl to latest version > * Installing all updates on the mail server (Windows 2003/IIS6) > * SSL_OP_ALL, SSL_OP_CIPHER_SERVER_PREFERENCE, > SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION > > Using SSL_OP_NO_TLSv1 does fix the problem, but I don't really want to > disable TLS1. > > Could it be the cipher? On 1.0.0d, the negotiated cipher was RC4-MD5 > > It's a rather odd problem. Anyone have any ideas? > > TIA, Greg Wittmeyer, Gammadyne Corp. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List > openssl-users@ > Automated List Manager > majordomo@ -- View this message in context: http://openssl.6102.n7.nabble.com/error-1408F10B-SSL-routines-SSL3-GET-RECORD-wrong-version-number-tp22477p47946.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
