On Thu, Nov 22, 2012 at 2:21 AM, Steve Freegard <[email protected]> wrote:
> Hi all,
>
> I'm using Haraka with STARTTLS enabled - I'm getting some strange behaviour
> which only seems to happen when dealing with Microsoft clients and I wonder
> if anyone might have any pointers as to how I can fix or workaround the
> issue.
>
> I've done some Wireshark traces and it shows the socket being successfully
> upgraded after the client sends STARTTLS and I correct see all the relevant
> SMTP commands up to DATA and then the message data comes in followed by the
> ending dot, then boom!
>
> client ch1ehsobe001.messaging.microsoft.com [216.32.181.181] connection
> error: Error: 3074803408:error:06065064:digital envelope
> routines:EVP_DecryptFinal_ex:bad
> decrypt:../deps/openssl/openssl/crypto/evp/evp_enc.c:467:#0123074803408:error:06065064:digital
> envelope routines:EVP_DecryptFinal_ex:bad
> decrypt:../deps/openssl/openssl/crypto/evp/evp_enc.c:467:
>
> The Wireshark trace shows that we get the data and acknowledge it - I then
> see a TLSv1 packet being sent by us containing two application data records
> followed by an Encrypted Alert record followed by a FIN, ACK.
>
> It works without issue with other clients - I've only seen this problem when
> the connecting client is running Microsoft Exchange.
>
> Anyone have any ideas?
You may need to turn on SSL bug workarounds. Look up the setOptions()
function in the crypto module documentation.
require('constants').SSL_OP_ALL enables all workarounds but I
speculate that SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS in particular is
needed here.
Please read up on the SSL_OP_* constants here[1]. Blindly enabling
things will weaken security.
[1] http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html
--
Job Board: http://jobs.nodejs.org/
Posting guidelines:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
