On Mon, Mar 03, 2014 at 02:55:24PM +0000, Tony Finch wrote:
> I have receved a number of reports recently of TLS interop probblems
> between Exim+OpenSSL and Exim+GnuTLS. Is anyone else seeing anything
> similar?
>
> My servers are running Exim 4.82 (git revision c0e5623) linked against
> OpenSSL 1.0.1e.
>
> GnuTLS clients connecting to send mail see something like:
>
> 2014-02-27 15:50:14 1WJ2vo-0004Gf-4W
> TLS error on connection to ppsw.cam.ac.uk [131.111.8.137] (recv):
> A TLS fatal alert has been received.: Bad record MAC
>
> There are some suggestions online that this might be related to GnuTLS's
> random record padding, but I thought the problems with that had been
> fixed.
Does this happen during data transmission, or during the handshake?
A PCAP file would be most useful. If the client claims to have
received an alert, then presumably your server sent an alert, in
which case the server should have logged something also. Do you have
any corresponding server logs?
The fact that the server is Exim ought not matter, record layer should
be handled identically by OpenSSL regardless of the application.
--
Viktor.
