error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

Thu, 17 May 2012 16:47:32 -0700 

Hello all, hope someone can help.

I upgraded from 1.0.0d to 1.0.1c and immediately started getting this error:

error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

It occurs during SMTP after successful negotiation.  Oddly, the first command 
after negotiation works, but not the second.  Here is the complete conversation:

220 mail.gammadyne.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 
ready at  Wed, 16 May 2012 23:59:12 -0500
>EHLO gammadyne.com
250-mail.gammadyne.com Hello [64.126.68.153]
250-AUTH=LOGIN
250-AUTH LOGIN
250-TURN
250-SIZE 30720000
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-TLS
250-STARTTLS
250 OK
>STARTTLS
220 2.0.0 SMTP server ready
>SSL negotiated, cipher=DES-CBC3-SHA, bits=168, version=TLSv1/SSLv3
>EHLO gammadyne.com
250-mail.gammadyne.com Hello [64.126.68.153]
250-AUTH=LOGIN
250-AUTH LOGIN
250-TURN
250-SIZE 30720000
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250 OK
>AUTH LOGIN
>SSL read error 1: SSL module internal error
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number


My configuration is as follows:

ctx = SSL_CTX_new(SSLv23_client_method());
SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | 
SSL_MODE_AUTO_RETRY);
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);


I've tried the following solutions to no avail:
* Upgrading NASM to latest version
* Upgrading Perl to latest version
* Installing all updates on the mail server (Windows 2003/IIS6)
* SSL_OP_ALL, SSL_OP_CIPHER_SERVER_PREFERENCE, 
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION

Using SSL_OP_NO_TLSv1 does fix the problem, but I don't really want to disable 
TLS1.

Could it be the cipher?  On 1.0.0d, the negotiated cipher was RC4-MD5

It's a rather odd problem.  Anyone have any ideas?

TIA, Greg Wittmeyer, Gammadyne Corp.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to