Since migrating to OpenSSL 3.0 we are experiencing intermittent issues in TLS handshakes.
Old env: Ubuntu 21.10 / Postfix 3.5.6 / OpenSSL 1.1.1l New env: Ubuntu 22.04 / Postfix 3.6.4 / OpenSSL 3.0.2 (daily updated to latest available patches) Narrowed this down to Java / JavaMail clients connecting to the Postfix service. Network trace shows that any time Postfix responds to a ClientHello containing a SessionId with a ServerHello with session_id_length = 0, the client returns a a Fatal alert, unexpected_message. See also * https://github.com/openssl/openssl/issues/18690 * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012799 Will also (try to) report this to the Ubuntu folks With kind regards, Bernard Spil [email protected]
