Loading ...
Sorry, an error occurred while loading the content.

Re: SSL3_GET_MESSAGE:unexpected message

Expand Messages
  • Viktor Dukhovni
    ... This tells the whole story, the client does not expect to see a session ticket with a resumed session, it expectts finished instead. It is I believe
    Message 1 of 10 , Jul 11, 2013
    • 0 Attachment
      On Thu, Jul 11, 2013 at 04:55:00PM +0200, Stefan Jakobs wrote:

      > > > SSL_connect:error in SSLv3 read server hello A
      > > > 13820:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
      > >
      > > > number:s3_pkt.c:281:
      > >
      > > Unfortunately, the "reconnect" code in s_client (at least with
      > > 0.9.8j) forgets to do SMTP "STARTTLS", so this fails because
      > > "220 hostname" is not an SSL server HELO.
      > >
      > > A better diagnostic utility is available with the latest Postfix
      > > 2.11 snapshot. You don't need to install it (no need to upgrade
      > > to Postfix 2.11), just compile postfix-2.11-20130710 with TLS
      > > support and run:
      > >
      > > ./bin/posttls-finger -p "" -lmay -Lsummary,cache,debug -r 1 \
      > > "[server.example.com]"
      > >
      > > This will report more useful results.
      >
      > $ posttls-finger -p "" -lmay -Lsummary,cache,debug -r 1 "[aa.bb.cc.dd]"
      > posttls-finger: initializing the client-side TLS engine
      > posttls-finger: Connected to aa.bb.cc.dd[aa.bb.cc.dd]:25
      > posttls-finger: < 220 server.example.com ESMTP Postfix (Ubuntu)
      > posttls-finger: > STARTTLS
      > posttls-finger: < 220 2.0.0 Ready to start TLS
      > posttls-finger: setting up TLS connection to aa.bb.cc.dd[aa.bb.cc.dd]:25
      > posttls-finger: aa.bb.cc.dd[aa.bb.cc.dd]:25: TLS cipher list "ALL:!EXPORT:!LOW:+RC4:@STRENGTH:!eNULL"
      > posttls-finger: SSL_connect:before/connect initialization
      > posttls-finger: SSL_connect:SSLv2/v3 write client hello A
      > posttls-finger: SSL_connect:SSLv3 read server hello A
      > posttls-finger: SSL_connect:SSLv3 read server key exchange A
      > posttls-finger: SSL_connect:SSLv3 read server done A
      > posttls-finger: SSL_connect:SSLv3 write client key exchange A
      > posttls-finger: SSL_connect:SSLv3 write change cipher spec A
      > posttls-finger: SSL_connect:SSLv3 write finished A
      > posttls-finger: SSL_connect:SSLv3 flush data
      > posttls-finger: SSL_connect:SSLv3 read finished A
      > posttls-finger: save session [aa.bb.cc.dd]:25&359DC42443D7E32ADDAA2AF86D3F2785D16016CAD85BB6B3103F285512451CF3 to memory cache
      > posttls-finger: Untrusted TLS connection established to
      > aa.bb.cc.dd[aa.bb.cc.dd]:25: TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)
      > posttls-finger: Reconnecting after 1 seconds
      > posttls-finger: < 220 server.example.com ESMTP Postfix (Ubuntu)
      > posttls-finger: looking for session [aa.bb.cc.dd]:25&359DC42443D7E32ADDAA2AF86D3F2785D16016CAD85BB6B3103F285512451CF3 in memory cache
      > posttls-finger: reloaded session [aa.bb.cc.dd]:25&359DC42443D7E32ADDAA2AF86D3F2785D16016CAD85BB6B3103F285512451CF3 from memory cache
      > posttls-finger: SSL_connect:before/connect initialization
      > posttls-finger: SSL_connect:SSLv3 write client hello A
      > posttls-finger: SSL_connect:SSLv3 read server hello A
      > posttls-finger: SSL3 alert write:fatal:unexpected_message
      > posttls-finger: SSL_connect:error in SSLv3 read finished A
      > posttls-finger: SSL_connect error to aa.bb.cc.dd[aa.bb.cc.dd]:25: -1
      > posttls-finger: warning: TLS library problem: 18630:error:1408E0F4:SSL
      > routines:SSL3_GET_MESSAGE:unexpected message:s3_both.c:463:
      > posttls-finger: remove session [aa.bb.cc.dd]:25&359DC42443D7E32ADDAA2AF86D3F2785D16016CAD85BB6B3103F285512451CF3 from client cache

      This tells the whole story, the client does not expect to see a
      session ticket with a resumed session, it expectts "finished"
      instead. It is I believe valid for a server to return a session
      ticket even with a resumed session.

      So 0.9.8j does not implement session tickets correctly. With Postfix
      2.11 you can add:

      tls_ssl_options = NO_TICKET

      to main.cf to work-around this specific problem, without disabling
      TLSv1, but I would upgrade to the latest OpenSSL release instead.
      Install an updated OpenSSL library from SuSE.

      > > The simplest work-around for the problem is to disable TLSv1 on
      > > your 0.9.8j machine, since it seems to not handle the session
      > > ticket extension correctly. This is not a long-term fix, you
      > > really should upgrade to 0.9.8y or later, which likely does not
      > > have this problem.
      > >
      > > main.cf:
      > > # Disable SSLv2 and TLSv1, the latter until session ticket
      > > # support works in the local SSL library.
      > > #
      > > smtp_tls_protocols = !SSLv2, !TLSv1
      > > smtp_tls_mandatory_protocols = !SSLv2, !TLSv1
      >
      > I would assume that I can test it with s_client:

      I will repeat myself (text you quoted in your reply):

      > > Unfortunately, the "reconnect" code in s_client (at least with
      > > 0.9.8j) forgets to do SMTP "STARTTLS", so this fails because
      > > "220 hostname" is not an SSL server HELO.

      Therefore, no, you can't test this with an unpatched s_client(1).

      > drop connection and then reconnect

      Because reconnect is broken with starttls.

      > SSL3 alert write:warning:close notify
      > CONNECTED(00000003)
      > SSL_connect:before/connect initialization
      > SSL_connect:SSLv3 write client hello A
      > SSL3 alert write:fatal:handshake failure
      > SSL_connect:error in SSLv3 read server hello A
      > 21731:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
      > number:s3_pkt.c:281:
      >
      > But, there's still the error.

      As expected.

      --
      Viktor.
    Your message has been successfully submitted and would be delivered to recipients shortly.