On Thu, Nov 22, 2012, Steve Freegard wrote: > Hi all, > > I'm working on an e-mail server written in node.js called Haraka. STARTTLS > is supported in Haraka by use of the node.js crypto/TLS modules which wrap > OpenSSL 1.0.0f + Chromium patches from Android. > > Last week I noticed some peculiarities on two clients that were sending > e-mail to my server using TLS, both appear to be running recent versions of > Microsoft Exchange and both failing with the following error: > > Error: 3074500304:error:06065064:digital envelope > routines:EVP_DecryptFinal_ex:bad > decrypt:../deps/openssl/openssl/crypto/evp/evp_enc.c:467:#0123074500304 > > I've captured packet traces using Wireshark which show the session is > successfully encrypted after STARTTLS is issued and MAIL/RCPT and DATA > command are subsequently sent but this error is generated after the client > has sent all of the message data and the ending dot. At which point this > error is logged and the client is forcefully disconnected. > > I've tried enabling SSL_OP_ALL to enable all existing workarounds to no avail. > > STARTTLS works without issue with hundreds of other clients that connect to > this system - it only appears to be failing with Microsoft clients. > > Obviously there could be a bug in the node.js bindings to OpenSSL or in our > application code itself - but I'm at a loss as to where to start looking. > > Here are the details of one of the failing clients and the ciphers/versions > in use: > > [tls] secured: cipher=AES128-SHA version=TLSv1/SSLv3 verified=true > cn="mail.global.frontbridge.com" organization="Microsoft Corporation" > issuer="undefined" expires="Jun 16 06:39:25 2013 GMT" > fingerprint=51:96:58:27:1A:49:FF:A3:E6:19:EE:41:66:20:EF:52:45:52:10:3F > > Any pointers or hints about this error would be greatly appreciated. >
The function EVP_DecryptFinal_ex isn't often used in the TLS code and you normally wouldn't come across this error so it may not be TLS related. You might see it related to session tickets but that shouldn't be a fatal error: try SSL_OP_NO_TICKET anyway though. I'd suggest you print out the whole error queue instead of just the top so it is clearer where the actual error is occurring. Alternatively a stack trace under a debugger would be useful. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
