From: Thomas E. <Tho...@th...> - 2013-08-07 04:51:54
|
Doug, SSL in Perl uses openssl libraries - so google for 'openssl SSL alert number 20' This may caused by too old or too different openssl versions. You can play around with assp's 'SSL_version' and 'SSL_ciffer_list'. my settings are: SSL_version:=SSLv2/3 SSL_ciffer_list:=RC4-SHA:HIGH:!ADH http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS >Could this be caused by certificates that may have expired? IMHO no. assp has switched off the certificate verification for all cases - and the error indicates, that a packed could not be decrypted. You can use the openssl command line tool to connect to both , Zimbra and assp with higher debug levels for more information. Thomas Von: Doug Lytle <su...@dr...> An: ASSP development mailing list <ass...@li...>, Datum: 06.08.2013 21:13 Betreff: [Assp-test] alert bad record mac Thomas, quick question. We use Zimbra as our mail server, along with ASSP at the perimeter with DoTLS enabled. We also use self-signed certificates that I have placed into the /assp/certs directory. We've used this setup for years. As of this morning, we're getting complaints from users that they can't send mail part of time. Zimbra logs show: Aug 6 12:17:11 wm postfix/smtpd[31623]: warning: TLS library problem: 31623:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1197:SSL alert number 20: Aug 6 12:17:11 wm postfix/smtpd[31623]: warning: TLS library problem: 31623:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 :s3_pkt.c:1197:SSL alert number 20 Google hasn't been much help in the above errors. Could this be caused by certificates that may have expired? The dates on the certificate and key are early 2011. Turning off DoTLS on port 25 has gotten rid of most of the errors in the logs. I've got a ticket open with Zimbra, but haven't gotten a response yet. Just wanted to cover both side before blaming it on Zimbra's SSL implementation. Thanks, Doug -- Ben Franklin quote: "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety." ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Assp-test mailing list Ass...@li... https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* |