touch-packages team mailing list archive

Thread
Date

[Bug 1356843] Re: ccs received early

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>
Date: Fri, 15 Aug 2014 18:56:16 -0000
Reply-to: Bug 1356843 <1356843@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

OK, it turns out there is an incompatibility between the postfix package
in precise and the version of openssl in precise.

This was fixed in postfix 2.10.2 by the following change:

20130616

	TLS Performance: the Postfix SMTP server TLS session cache
	was ineffective because recent OpenSSL versions enable
	session tickets by default, resulting in a different ticket
	encryption key for each smtpd(8) process.  The workaround
	turns off session tickets. In 2.11 we'll enable session
	tickets properly.  Viktor Dukhovni. File: tls/tls_server.c.

This was causing the postfix server to respond in an invalid way,
resulting in the openssl security fix to trigger the error.

** Package changed: openssl (Ubuntu) => postfix (Ubuntu)

** Also affects: postfix (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Changed in: postfix (Ubuntu)
       Status: New => Fix Released

** Changed in: postfix (Ubuntu Precise)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1356843

Title:
  ccs received early

Status in “postfix” package in Ubuntu:
  Fix Released
Status in “postfix” source package in Precise:
  Confirmed

Bug description:
  Postfix is causing a TLS error, when relaying mails with TLS encryption:
  warning: TLS library problem: 31807:error:14094085:SSL routines:SSL3_READ_BYTES:ccs received early:s3_pkt.c:1146:

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1356843/+subscriptions

References

[Bug 1356843] [NEW] ccs received early
From: Tim Ritberg, 2014-08-14