On Mon, Jan 06, 2014 at 12:31:35PM -0800, Gammadyne wrote: > I just tried 1.0.1f and the problem that I reported in May 2012 is still > present. > > If you want to try it for yourself, try sending an email over SSL to > nob...@cetest.nl > > To summarize, after the AUTH LOGIN command is sent, OpenSSL will produce > this error: > > error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
See recent thread on this list with: Subject: Verisign Problem with smtp tls > > 220 mail.gammadyne.com Microsoft ESMTP MAIL Service, Version: > > 6.0.3790.4675 ready at Wed, 16 May 2012 23:59:12 -0500 Microsoft Exchange 2003 server. > > 220 2.0.0 SMTP server ready > >>SSL negotiated, cipher=DES-CBC3-SHA, bits=168, version=TLSv1/SSLv3 Broken DES-CBC3-SHA cipher suite. > >>AUTH LOGIN > >>SSL read error 1: SSL module internal error > > error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Mangled SSL record apparently in response to first encrypted command after EHLO. As expected. Work-arounds provided in that thread. You must ensure that RC4-SHA and/or RC4-MD4 occur among the first 64 cipher suites in the client SSL HELLO message. By default, with OpenSSL 1.0.1 there are more than 64 ciphers suites that are stronger than RC4-SHA. Perhaps this is becoming an FAQ item. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org