On Tue, Jun 26, 2012 at 11:04:16AM -0700, Daniel L. Miller wrote:
> After a recent Ubuntu server upgrade, the packaged versions of
> Postfix - using Ubuntu's "Precise" version, as well as the
> "security", "updates", and "backports" repositories - Postfix's TLS
> is broken with the known SSL version issue:
>
> warning: TLS library problem: 4425:error:1408F10B:SSL
> routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:340:
The issue is possibly related to session resumption, in which case
it may not be surprising if Sendmail does not run into it, since
Sendmail does not have a TLS session cache.
If anyone is able to reproduce the issue with TLSv1.2 enabled,
please send me logging for one failed connection with "smtpd_tls_loglevel
= 4" gathered after a "postfix stop; postfix start", so that the
TLS session cache is initially empty, and (if perhaps the failure
*is* related to session resumption and requires a non-empty cache)
also similar logging for a connection with a resumed TLS session.
Is the error in question observed primarily on clients, servers or
both?
--
Viktor.
