SMG Update 23.4 rpm:1.0.1-493.1 - StartTLS errors

Hello,

 I try to implement update version "23.4 rpm:1.0.1-493.1" yesterday. And run in StartTLS errors, seen in smg-smtp log-file. A lot of smtp connection are stopped and so I rollback.

Error message:

 (SMTP)<2> TLS negotiation failed: SSL: (-1) accept fail protocol error : error:00000001:lib(0):func(0):reason(1) : undefined reason)
​

Had someone seen these error too or is this a local configuration problem?

Kind regards,

Michael

Tags:

  • 0  

    Thank you for your warning, Michael!

    This time I am not the first - and I will wait  for more feedback. Innocent


    Use "Verified Answers" if your problem/issue has been solved!

  • 0   in reply to   
    This time I am not the first - and I will wait  for more feedback.

    ROTFL

    __________
    Kevin Boyle, 
    Knowledge Partner

    Calgary, Alberta, Canada

  • 0

    also version "23.4 rpm:1.0.1-493.1" here

    Since the update to this version there has been a single entry in the log regarding "TLS negotiation failed"

    TLS negotiation failed: SSL: (-1) accept fail I/O error : error:00000005:lib(0):func(0):DH lib : DH lib
    [c->g] Receive Error: SOCKET: Peer disconnected during data receive
    Processing complete for connection from 104.152.52.126

    reverse 104.152.52.126 finds "internettl.org"
    => blacklisted on UCEPROTECTL3

    see UCEPROTECT
    => http://www.uceprotect.net/de/

    I don't think this could be a malfunction of 23.4

    Thomas

  • 0  

    Done. I updated just some minutes ago - and I still receive mails. And I can send mails.

    I will watch further behavior with an eagle eye ... but so far it seems to be okay! Sunglasses


    Use "Verified Answers" if your problem/issue has been solved!

  • 0   in reply to   

    I updated a lot of customers this weekend. No urgent calls so far ...


    Use "Verified Answers" if your problem/issue has been solved!

  • 0 in reply to   

    I see the update to 23.4 is not available anymore?

  • 0   in reply to 

    I am not really sure what's going on. Please open a case! I attended a web meeting with the head dev this week - he did not know that 23.4 has been published. Someone accidently pressed a release button. Therefore I do not know the current state.

    Nevertheless I can confirm that 23.4 is stable and I did not get any bad feedback so far.


    Use "Verified Answers" if your problem/issue has been solved!

  • 0   in reply to   

    The 23.4 version was released accidently and I do apologize for the confusion that this has caused.  It is not ready for prime time yet and I am trying to get an ETA for when it will be released again back into the wild.  Once I have something I will let everyone know.

    Pam

  • 0  

    I was able to at least duplicate this issue in my lab-environment on the 'current latest version'. 23.3.3 rpm:1.0.1-464.1.

    In my environment a recieval from senders such as gmail.com or senders who tend to use TLS when available failed .

    The Error-Messages/ lines in the smtp-log:

    [c->g] STARTTLS
    [g->c] 220 Ready to start TLS
    TLS negotiation failed: SSL: (-1) accept fail protocol error : error:00000001:lib(0):func(0):reason(1) : undefined reason
    [c->g] Receive Error: SOCKET: Peer disconnected during data receive

    And seems to be happening on recievals of e-mail from some senders.

    Interesting note is, that the last command is from the Gateway to the connecting Client, which is the sending 3rd party server.

    And the error-message does not points to a 'local' problem while negotiating, but it seems like that the 'recipient hung up', which is misleading.

    [c->g] Receive Error: SOCKET: Peer disconnected during data receive

    I only use TLS and no SSL is configured, so this would be a basic set-up where ssl has never been adjusted/implemented.

    Here are my settings below 'Module Management > Interface > SMTP Interface > SSL'.

    Once i put in a path in the SSL certificate file and SSL key file field and save the changes, the TLS negotiation is working for the sending servers.

    Possible Workaround:

    Entering a 'path' into 'ssl certificate file' and 'ssl key file' when only using TLS is helping in that case.

    This is a bug, which has been sent over to development so we can get a fix for this behavior.

    However this might be a intermediate fix, if somebody has the same problem with their installation after an update or running the version: 23.3.3 rpm:1.0.1-464.1.

  • 0 in reply to   

    Just to be curious. Is there a valid reason to 'not' configure SSL? Considering everything on the internet depends on trust or to be trustworthy.