To Whom It May Concern:
Per the September. 30th security advisory, I just tried upgrading my
0.9.7b installation to 0.9.7c. While SMTP w/StartTLS and HTTP+SSL seem
to function just fine with the new version, the new version seems to
break IMAP. I was running Washington University's IMAP 2002d software.
Because of the errors I encountered, I tried upgrading it to IMAP 2002e
(latest release). This did not fix the problems. So, I tried the Cyrus
Project's IMAP daemon. Same problems validating certificates.
My `make report` outlook is as follows:
OpenSSL self-test report:
OpenSSL version: 0.9.7c
Last change: Fix various bugs revealed by running the NISCC
test sui...
Options: no-threads shared zlib-dynamic
--prefix=/usr/local --openssldir=/usr/local/openssl no-krb5
OS (uname): SunOS typhoon 5.9 Generic_112233-08 sun4u sparc
SUNW,Ultra-5_10
OS (config): sun4u-whatever-solaris2
Target (default): solaris-sparcv9-gcc
Target: solaris-sparcv9-gcc
Compiler: Configured with: ../configure --disable-nls
--with-as=/usr/ccs/bin/as --with-ld=/usr/ccs/bin/ld
Thread model: posix
gcc version 3.2.3
Test skipped.
The errors I am seeing in my syslogs are:
Oct 3 16:12:08 typhoon imapd[2306]: [ID 149382 mail.info] Unable
to accept SSL connection, host=home-lfw1.xanthia.com [66.92.150.14]
Oct 3 16:12:08 typhoon imapd[2306]: [ID 853321 mail.error] SSL
error status: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption
failed or bad record mac
When I ran the Cyrus test tools, I get a general failure (since I am new
to Cyrus, as of today, I can't provide anything more helpful).
Reverting back to 0.9.7b fixed the problems.
It should also be noted that NONE of my certificate files were changed
and continued to pass the `openssl verify` tests (even the certs that
the IMAP processes were barfing on).
Sincerely,
Thomas H Jones II
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
