>From an irc contact using LibreSSL 2.6.3 on FreeBSD:
11:14 < matt> Nov 10 11:06:06 tao postfix/smtpd[77685]: Anonymous TLS
connection established from email.morrisons.com[192.86.55.223]: TLSv1 with
cipher DHE-RSA-AES256-SHA (256/256 bits)
11:14 < matt> had to switch postfix to openssl temporarily to get that
...
11:26 < matt> using libressl 2.6.x I get this from morrisons:
11:27 < matt> Nov 10 10:55:57 tao postfix/smtpd[5996]: SSL_accept error from
email.morrisons.com[192.86.55.223]: -1
11:27 < matt> Nov 10 10:55:57 tao postfix/smtpd[5996]: warning: TLS library
problem: error:1403710B:SSL routines:ACCEPT_SR_KEY_EXCH:wrong version
number:ssl_pkt.c:376:
11:27 < matt> Nov 10 10:55:57 tao postfix/smtpd[5996]: lost connection after
STARTTLS from email.morrisons.com[192.86.55.223]
11:27 < matt> worked fine on 2.5.x
...
11:55 < matt> odd then. but yeah. works fine in 2.5.x, breaks in 2.6.x
11:56 < matt> it was actually broken on 2.6.0
And Bernard mentioned similar yesterday.
18:55 < Barnerd> Trusted TLS connection established from
russian-caravan.cloud9.net[2604:8d00:0:1::4]: TLSv1 with cipher
DHE-RSA-AES256-SHA (256/256 bits) is all I really know
18:58 < Barnerd> Cipher works OK with OpenSMTPd :D
matt has the mail accepted now and they're not triggerable remotely
(most of their mails are sent via messagelabs, only certain marketing
mails are sent this way) so I can't get a pcap or test on-demand.
Code generating the error message here:
374 /* Lets check version */
375 if (!s->internal->first_packet && ssl_version !=
s->version) {
376 SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
377 if ((s->version & 0xFF00) == (ssl_version &
0xFF00) &&
378 !s->internal->enc_write_ctx &&
!s->internal->write_hash)
379 /* Send back error using their minor
version number :-) */
380 s->version = ssl_version;
381 al = SSL_AD_PROTOCOL_VERSION;
382 goto f_err;
383 }
It hasn't really changed recently, the SSLerror line was touched due to
refactoring but no real changes there.
Any ideas?
