Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Postfix Tls Library Problem Sslv3 Alert Certificate Unknown
92 views
Skip to first unread message
Honorato Overmyer
Dec 26, 2023, 3:38:52 PM12/26/23
to
I am trying to understand what this means. It looks like there is a problem with a certificate. I believe I have sslv3 turned off in my configuration as it is referenced as !SSLv3. Could the sending entity be trying to use SSLv3? If so, does this mean that the message is not being sent over TLS? I do end up receiving the message regardless of the above error.
No. The function name ssl3_read_bytes is because the same record format is used for all protocols from SSL3 up including TLS1.0-1.3, and thus the lower-level function first written for SSL3 is reused. (OTOH SSL2 used a different record format that is now completely obsoleted and forgotten.) The error text sslv3 alert certificate unknown is because this alert was first defined in SSL3 and like (nearly all) other alerts carried forward unchanged in higher protocols, whereas some other, newer alerts were added. Neither of these means the SSL3 protocol is being used.
postfix tls library problem sslv3 alert certificate unknown
Download Zip https://t.co/5S3FH2UruT
In my case an existing setup stopped working when I've updated the outgoing and incoming server domain addresses, everything else stayed the same yet I was not connecting and getting ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 in the logs.
There is still that bug in thunderbird (68.10.0, Ubuntu). Suddenly I had this problem connecting dovecot (TLS handshaking: SSL_ac cept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certi ficate: SSL alert number 42).
Did you get it to work
I get the very same warning message in the logfile:
warning: TLS library problem: 32050:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1278:SSL alert number 46:
I would teaar my hair out if i had any.
0aad45d008
No. The function name ssl3_read_bytes is because the same record format is used for all protocols from SSL3 up including TLS1.0-1.3, and thus the lower-level function first written for SSL3 is reused. (OTOH SSL2 used a different record format that is now completely obsoleted and forgotten.) The error text sslv3 alert certificate unknown is because this alert was first defined in SSL3 and like (nearly all) other alerts carried forward unchanged in higher protocols, whereas some other, newer alerts were added. Neither of these means the SSL3 protocol is being used.
postfix tls library problem sslv3 alert certificate unknown
Download Zip https://t.co/5S3FH2UruT
In my case an existing setup stopped working when I've updated the outgoing and incoming server domain addresses, everything else stayed the same yet I was not connecting and getting ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 in the logs.
There is still that bug in thunderbird (68.10.0, Ubuntu). Suddenly I had this problem connecting dovecot (TLS handshaking: SSL_ac cept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certi ficate: SSL alert number 42).
Did you get it to work
I get the very same warning message in the logfile:
warning: TLS library problem: 32050:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1278:SSL alert number 46:
I would teaar my hair out if i had any.
0aad45d008
0 new messages