Randomly SSL Errors since upgrade to 2.2.23-1 (Enterprise Edition)

Urban Loesch bind at enas.net
Fri Apr 15 13:14:21 UTC 2016 

Hi,

first of all, many thanks for a great piece of software.

Today I updated one of our 2 IMAP/POP3 proxies from version 2.2.15.17-1 to 2.2.23.1-1 (both are enterprise editions).
After the update I now see randomly the following errors in the log file on my first proxy:

...
Apr 15 10:28:54 imap1 dovecot: pop3-login: Error: SSL: Stacked error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
Apr 15 10:34:24 imap1 dovecot: pop3-login: Error: SSL: Stacked error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
Apr 15 10:37:11 imap1 dovecot: imap-login: Error: SSL: Stacked error: error:140D00CF:SSL routines:SSL_write:protocol is shutdown
Apr 15 10:39:04 imap1 dovecot: imap-login: Error: SSL: Stacked error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
Apr 15 10:43:02 imap1 dovecot: imap-login: Error: SSL: Stacked error: error:140D00CF:SSL routines:SSL_write:protocol is shutdown
Apr 15 10:45:14 imap1 dovecot: pop3-login: Error: SSL: Stacked error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
Apr 15 10:50:31 imap1 dovecot: imap-login: Error: SSL: Stacked error: error:140D00CF:SSL routines:SSL_write:protocol is shutdown
Apr 15 10:54:56 imap1 dovecot: imap-login: Error: SSL: Stacked error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
Apr 15 10:57:44 imap1 dovecot: imap-login: Error: SSL: Stacked error: error:140D00CF:SSL routines:SSL_write:protocol is shutdown
Apr 15 10:59:49 imap1 dovecot: pop3-login: Error: SSL: Stacked error: error:140D00CF:SSL routines:SSL_write:protocol is shutdown
Apr 15 11:00:59 imap1 dovecot: imap-login: Error: SSL: Stacked error: error:140D00CF:SSL routines:SSL_write:protocol is shutdown
Apr 15 11:13:43 imap1 dovecot: pop3-login: Error: SSL: Stacked error: error:14094438:SSL routines:SSL3_READ_BYTES:tlsv1 alert internal error: SSL 
alert number 80
Apr 15 11:15:21 imap1 dovecot: imap-login: Error: SSL: Stacked error: error:140D00CF:SSL routines:SSL_write:protocol is shutdown
Apr 15 11:18:33 imap1 dovecot: pop3-login: Error: SSL: Stacked error: error:140D00CF:SSL routines:SSL_write:protocol is shutdown
Apr 15 11:20:12 imap1 dovecot: pop3-login: Error: SSL: Stacked error: error:140D00CF:SSL routines:SSL_write:protocol is shutdown
Apr 15 11:20:40 imap1 dovecot: pop3-login: Error: SSL: Stacked error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
...

Some more details:
OS: Debian wheezy (latest patchlevel)

Dovecot:
ii  dovecot-ee-core                 2:2.2.23.1-1
ii  dovecot-ee-imapd                2:2.2.23.1-1
ii  dovecot-ee-managesieved         2:2.2.23.1-1
ii  dovecot-ee-mysql                2:2.2.23.1-1
ii  dovecot-ee-pop3d                2:2.2.23.1-1
ii  dovecot-ee-sieve                2:2.2.23.1-1

Libssl:
ii  libssl1.0.0:amd64               1.0.1e-2+deb7u20


One my second proxy there is running also Debian Wheezy with the latest patchlevel but dovecot version 2.2.15.17-1 (not yet updated):
ii  dovecot-ee-core                 1:2.2.15.17-1
ii  dovecot-ee-imapd                1:2.2.15.17-1
ii  dovecot-ee-managesieved         0.4.6-4
ii  dovecot-ee-mysql                1:2.2.15.17-1
ii  dovecot-ee-pop3d                1:2.2.15.17-1
ii  dovecot-ee-sieve                0.4.6-4

On this box I can't see this strange errors.

Until now there was no user that complaints that he can't read his mails.

Do you know what could cause this errors (for example: very old clients and so on)?
Or are the logging of this errors new in dovecot 2.2.23?

Many thanks
Urban Loesch

More information about the dovecot mailing list