Results 1 to 2 of 2

Thread: Self-Signed SSL Certificate Causing Crash

Hybrid View

  1. #1
    Join Date
    Jan 2007
    Posts
    3
    Rep Power
    8

    Default Self-Signed SSL Certificate Causing Crash

    At least, I think that's what it is.

    I'm tail -f'ing the zimbra log, and noticing that fairly often (1 out many requests), I get a very big debug string about an SSL error.

    If the hex/string values themselves are needed, please let me know how I can go about providing them in private.

    Dec 6 12:34:51 localhost postfix/smtpd[28014]: connect from unknown[host]
    Dec 6 12:34:51 localhost postfix/anvil[24603]: statistics: max connection rate 1/60s for (smtp:host) at Dec 6 12:24:51
    Dec 6 12:34:51 localhost postfix/anvil[24603]: statistics: max connection count 1 for (smtp:host) at Dec 6 12:24:51
    Dec 6 12:34:51 localhost postfix/anvil[24603]: statistics: max cache size 1 at Dec 6 12:24:51
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: setting up TLS connection from unknown[host]
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: SSL_accept:before/accept initialization
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: read from 00639BF0 [0064AD30] (11 bytes => -1 (0xFFFFFFFFFFFFFFFF))
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: SSL_accept:error in SSLv2/v3 read client hello A
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: read from 00639BF0 [0064AD30] (11 bytes => 11 (0xB))
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: read from 00639BF0 [0064AD3B] (106 bytes => -1 (0xFFFFFFFFFFFFFFFF))
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: SSL_accept:error in SSLv3 read client hello B
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: SSL_accept:error in SSLv3 read client hello B
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: read from 00639BF0 [0064AD3B] (106 bytes => 106 (0x6A))
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: SSL_accept:SSLv3 read client hello B
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: SSL_accept:SSLv3 write server hello A
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: SSL_accept:SSLv3 write certificate A
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: SSL_accept:SSLv3 write server done A
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: write to 00639BF0 [00658F70] (861 bytes => 861 (0x35D))
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: 035a - <SPACES/NULLS>
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: SSL_accept:SSLv3 flush data
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: read from 00639BF0 [0064AD30] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF))
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: SSL_accept:error in SSLv3 read client certificate A
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: read from 00639BF0 [0064AD30] (5 bytes => 5 (0x5))
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: read from 00639BF0 [0064AD35] (134 bytes => -1 (0xFFFFFFFFFFFFFFFF))
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: SSL_accept:error in SSLv3 read client certificate A
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: read from 00639BF0 [0064AD35] (134 bytes => 134 (0x86))
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: SSL_accept:SSLv3 read client key exchange A
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: read from 00639BF0 [0064AD30] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF))
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: SSL_accept:error in SSLv3 read certificate verify A
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: read from 00639BF0 [0064AD30] (5 bytes => 5 (0x5))
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: read from 00639BF0 [0064AD35] (1 bytes => -1 (0xFFFFFFFFFFFFFFFF))
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: SSL_accept:error in SSLv3 read certificate verify A
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: read from 00639BF0 [0064AD35] (1 bytes => 1 (0x1))
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: read from 00639BF0 [0064AD30] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF))
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: SSL_accept:error in SSLv3 read certificate verify A
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: read from 00639BF0 [0064AD30] (5 bytes => 5 (0x5))
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: read from 00639BF0 [0064AD35] (48 bytes => -1 (0xFFFFFFFFFFFFFFFF))
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: SSL_accept:error in SSLv3 read certificate verify A
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: read from 00639BF0 [0064AD35] (48 bytes => 48 (0x30))
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: SSL_accept:SSLv3 read finished A
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: SSL_accept:SSLv3 write change cipher spec A
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: SSL_accept:SSLv3 write finished A
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: write to 00639BF0 [00658F70] (59 bytes => 59 (0x3B))
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: SSL_accept:SSLv3 flush data
    Dec 6 12:34:51 localhost postfix/smtpd[28014]: TLS connection established from unknown[host]: TLSv1 with cipher AES128-SHA (128/128 bits)


    I've seen this happen to internal connections, though I predominately see it occur on external ones.
    The problem itself has happened before, when connecting via my cell phone, I sometimes see it fail with an SSL error.

    However, just today, it's started failing, and crashing Zimbra with it.

    I'm looking to capture the processes that it does and doesn't crash, so I'm waiting for it to occur again.
    Unfortunately, it's decided to not happen very often now, so I'll edit more information in when I get it.

    Zimbra version is; Release 4.5.9_GA_1454.RHEL4_64_20071016194138 RHEL4_64 FOSS edition


    It's kind of a shame that the client name doesn't show up in the debug, that'd be immensely helpful, given that I have a suspicion that this is a Mail.app (Mac/Apple Mail) problem.

    At any rate, would anyone have an idea as to why Zimbra is crashing, given the above?

  2. #2
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Could you upgrade to 4.5.10?
    And if still having issues start with regenerating the certs SSL Certificate Problems - Zimbra :: Wiki

Similar Threads

  1. Install a commercial SSL certificate ??
    By nick20 in forum Installation
    Replies: 6
    Last Post: 06-23-2010, 04:08 AM
  2. Certificate Change Kicks Moto Q off of SSL Synch
    By theasbcguy in forum Zimbra Mobile
    Replies: 3
    Last Post: 04-14-2008, 01:01 PM
  3. SSL certificate per virtual host?
    By Leesbian in forum Installation
    Replies: 4
    Last Post: 03-14-2008, 10:52 AM
  4. Replies: 1
    Last Post: 11-05-2007, 06:55 PM
  5. Replies: 2
    Last Post: 11-01-2006, 03:56 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •