Hi all, I'm working on an e-mail server written in node.js called Haraka. STARTTLS is supported in Haraka by use of the node.js crypto/TLS modules which wrap OpenSSL 1.0.0f + Chromium patches from Android.
Last week I noticed some peculiarities on two clients that were sending e-mail to my server using TLS, both appear to be running recent versions of Microsoft Exchange and both failing with the following error: Error: 3074500304:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../deps/openssl/openssl/crypto/evp/evp_enc.c:467:#0123074500304 I've captured packet traces using Wireshark which show the session is successfully encrypted after STARTTLS is issued and MAIL/RCPT and DATA command are subsequently sent but this error is generated after the client has sent all of the message data and the ending dot. At which point this error is logged and the client is forcefully disconnected. I've tried enabling SSL_OP_ALL to enable all existing workarounds to no avail. STARTTLS works without issue with hundreds of other clients that connect to this system - it only appears to be failing with Microsoft clients. Obviously there could be a bug in the node.js bindings to OpenSSL or in our application code itself - but I'm at a loss as to where to start looking. Here are the details of one of the failing clients and the ciphers/versions in use: [tls] secured: cipher=AES128-SHA version=TLSv1/SSLv3 verified=true cn="mail.global.frontbridge.com" organization="Microsoft Corporation" issuer="undefined" expires="Jun 16 06:39:25 2013 GMT" fingerprint=51:96:58:27:1A:49:FF:A3:E6:19:EE:41:66:20:EF:52:45:52:10:3F Any pointers or hints about this error would be greatly appreciated. Kind regards, Steve. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
