Mailinglist Archive: opensuse-bugs (2150 mails)

< Previous Next >
[Bug 875639] New: OpenSSL 1.0.1g TLSEXT_TYPE_padding causes Ironport SMTP appliances interop issue
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Tue, 29 Apr 2014 11:44:13 +0000
  • Message-id: <>

Summary: OpenSSL 1.0.1g TLSEXT_TYPE_padding causes Ironport
SMTP appliances interop issue
Classification: openSUSE
Product: openSUSE 13.1
Version: Final
Platform: x86-64
OS/Version: openSUSE 13.1
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
AssignedTo: security-team@xxxxxxx
ReportedBy: walter.haidinger@xxxxxx
QAContact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:29.0) Gecko/20100101

Last upgrade to openssl-1.0.1g-11.36.1.x86_64 broke SSL connections to some
services, e.g. Cisco Ironport SMTP appliances.

1.0.1g not only fixes the Heartbleed bug but also adds another change by
#define TLSEXT_TYPE_padding 21

This in turn breaks SSL connections to e.g. Ironports, probably others:
SSL23_GET_SERVER_HELLO:tlsv1 alert decode error

Workaround: Force protocol to SSLv3 or recompile without the define above.

For details, please refer to:

Reproducible: Always

Steps to Reproduce:
1. openssl s_client -connect -starttls smtp

Note: Send me an email for a hostname of an Ironport SMTP appliance to test
with. I don't want to disclose it here.
Actual Results:
139718758192784:error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert
decode error:s23_clnt.c:762:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 129 bytes and written 552 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE

Expected Results:
Certificate chain
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
Protocol : TLSv1

Configure bugmail:
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >