On Mon, May 11, 2020 at 11:43:41AM -0700, Alexander Vasarab wrote:
> I recently upgraded postfix and OpenSSL to 3.4.10 and 1.1.1d,
> respectively. These versions align with Debian GNU/Linux 10 (buster).
> Since the upgrade I've begun receiving regular log entries that look
> like this:
>
> May 11 11:23:54 vasaconsulting postfix/smtpd[21870]: warning: TLS library
> problem: error:140E0197:SSL routines:SSL_shutdown:shutdown while in
> init:../ssl/ssl_lib.c:2086:
Just in case this is an OpenSSL glitch, you should at this point be
using OpenSSL 1.1.1g.
That said, it perhaps possible that Postfix is calling SSL_shutdown() on
a connection that never progressed enough to complete the handshake.
I'll check what preconditions are needed for OpenSSL to allow the
SSL_shutdown() call. We may need some logic to avoid calling it
too early.
That said, this is not the cause of any problems, rather a symptom.
> When it occurs when receiving, the sending mailserver retries sometime
> later and seems to get through (though I haven't sought to verify
> repeated failures).
Perhaps some network-layer issues.
--
Viktor.
