Running openssl s_server and s_client from FreeBSD 10.1 ports
successfully negotiates a sesion with zlib compression.
As with the OP, Postfix when built with MySQL client has zlib
explicitly linked in (my earlier test was done on a system where
MySQL by mistake wasn't included in the build).
Next step is to reproduce the smtpd crash.
Wietse
Server window:
% /usr/local/bin/openssl s_server -nocert -cipher aNULL -accept 12345
WARNING: can't open config file: /usr/local/openssl/openssl.cnf
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MFoCAQECAgMDBALAGQQABDBA2re92hB1Hp0pEhWew1J+zv0NILubwhO0arnN4ayY
eYm8zAuF7czi5lmCR+VwuE+hBgIEVQ3zK6IEAgIBLKQGBAQBAAAAqwMEAQE=
-----END SSL SESSION PARAMETERS-----
Shared
ciphers:AECDH-AES256-SHA:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ADH-AES256-SHA:ADH-CAMELLIA256-SHA:AECDH-AES128-SHA:ADH-AES128-GCM-SHA256:ADH-AES128-SHA256:ADH-AES128-SHA:ADH-SEED-SHA:ADH-CAMELLIA128-SHA:AECDH-RC4-SHA:ADH-RC4-MD5:AECDH-DES-CBC3-SHA:ADH-DES-CBC3-SHA:ADH-DES-CBC-SHA:EXP-ADH-DES-CBC-SHA:EXP-ADH-RC4-MD5:AECDH-NULL-SHA
CIPHER is AECDH-AES256-SHA
Secure Renegotiation IS supported
Client window:
% /usr/local/bin/openssl s_client -cipher aNULL -connect localhost:12345
WARNING: can't open config file: /usr/local/openssl/openssl.cnf
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 408 bytes and written 350 bytes
---
New, TLSv1/SSLv3, Cipher is AECDH-AES256-SHA
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : TLSv1.2
Cipher : AECDH-AES256-SHA
Session-ID: 4677C118B1DF56DA4C2771E2C80E6518240DE7757A3EBBE3EF43BA2613CAA714
Session-ID-ctx:
Master-Key:
40DAB7BDDA10751E9D2912159EC3527ECEFD0D20BB9BC213B46AB9CDE1AC987989BCCC0B85EDCCE2E6598247E570B84F
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 33 04 80 3c 3d 83 2d 79-49 36 17 e6 13 82 3f 1e 3..<=.-yI6....?.
0010 - 02 2d 60 8d 2c 93 01 8f-40 31 65 bd 17 bd f6 aa .-`.,...@1e.....
0020 - 80 5a ad 34 4f e6 f5 94-84 fa 81 ed 39 a1 26 2d .Z.4O.......9.&-
0030 - 98 86 f1 f1 06 ec bb c8-5e e0 a8 15 16 82 0a cb ........^.......
0040 - a2 09 b7 05 cc 79 16 5f-57 04 7f 1c a4 26 33 fc .....y._W....&3.
0050 - 81 8a b8 c8 c9 b1 15 49-6a b2 e6 ab f8 dd 8c 1e .......Ij.......
0060 - 4a 04 5b 55 ec ed 0e 8e-ec a5 b4 6a ed ea 14 ec J.[U.......j....
0070 - 00 56 8d 62 5e 52 5e 6d-d8 c7 55 c3 1b e9 6e fb .V.b^R^m..U...n.
0080 - 6b 07 0a 4d 9c 2a 82 26-d3 25 49 28 fc 70 df 30 k..M.*.&.%I(.p.0
0090 - c5 85 6f eb a3 01 04 6b-57 53 aa 22 a8 97 d0 28 ..o....kWS."...(
Compression: 1 (zlib compression)
Start Time: 1426977579
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
Postfix SMTP server external dynamic dependencies:
% ldd libexec/smtpd
libexec/smtpd:
...
libssl.so.8 => /usr/local/lib/libssl.so.8 (0x80084c000)
libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x800ab4000)
libsasl2.so.3 => /usr/local/lib/libsasl2.so.3 (0x800eb8000)
libcdb.so.1 => /usr/local/lib/libcdb.so.1 (0x8010d3000)
libldap-2.4.so.2 => /usr/local/lib/libldap-2.4.so.2 (0x8012d6000)
liblber-2.4.so.2 => /usr/local/lib/liblber-2.4.so.2 (0x80151c000)
liblmdb.so => /usr/local/lib/liblmdb.so (0x80172a000)
libmysqlclient.so.18 => /usr/local/lib/mysql/libmysqlclient.so.18
(0x80193d000)
libz.so.6 => /lib/libz.so.6 (0x801f1a000)
libm.so.5 => /lib/libm.so.5 (0x802130000)
libpq.so.5 => /usr/local/lib/libpq.so.5 (0x802358000)
libsqlite3.so.0 => /usr/local/lib/libsqlite3.so.0 (0x802586000)
libicuuc.so.53 => /usr/local/lib/libicuuc.so.53 (0x802886000)
libc.so.7 => /lib/libc.so.7 (0x802c14000)
libthr.so.3 => /lib/libthr.so.3 (0x802fbd000)
libssl.so.7 => /usr/lib/libssl.so.7 (0x8031e2000)
libcrypto.so.7 => /lib/libcrypto.so.7 (0x80344d000)
libc++.so.1 => /usr/lib/libc++.so.1 (0x803840000)
libcxxrt.so.1 => /lib/libcxxrt.so.1 (0x803b00000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x803d1c000)
libintl.so.9 => /usr/local/lib/libintl.so.9 (0x803f2a000)
libicudata.so.53 => /usr/local/lib/libicudata.so.53 (0x804134000)
