On Mon, Jan 06, 2014 at 12:31:35PM -0800, Gammadyne wrote:
> I just tried 1.0.1f and the problem that I reported in May 2012 is still
> present.
>
> If you want to try it for yourself, try sending an email over SSL to
> nob...@cetest.nl
>
> To summarize, after the AUTH LOGIN command is sent, OpenSSL will produce
> this error:
>
> error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
See recent thread on this list with:
Subject: Verisign Problem with smtp tls
> > 220 mail.gammadyne.com Microsoft ESMTP MAIL Service, Version:
> > 6.0.3790.4675 ready at Wed, 16 May 2012 23:59:12 -0500
Microsoft Exchange 2003 server.
> > 220 2.0.0 SMTP server ready
> >>SSL negotiated, cipher=DES-CBC3-SHA, bits=168, version=TLSv1/SSLv3
Broken DES-CBC3-SHA cipher suite.
> >>AUTH LOGIN
> >>SSL read error 1: SSL module internal error
> > error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Mangled SSL record apparently in response to first encrypted command
after EHLO. As expected. Work-arounds provided in that thread.
You must ensure that RC4-SHA and/or RC4-MD4 occur among the first
64 cipher suites in the client SSL HELLO message. By default, with
OpenSSL 1.0.1 there are more than 64 ciphers suites that are stronger
than RC4-SHA.
Perhaps this is becoming an FAQ item.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
