Recently, I've started seeing weird issues on my local dovecot + mutt setup, when trying to open some folders in mutt, I'd get disconnected from dovecot and I wouldn't be able to see the folder content, while on other folders all is good. After noticing this seems correlated to these logs: mars 06 14:38:08 teriyaki dovecot[24182]: imap-login: Warning: SSL alert: where=0x4008, ret=532: fatal bad record mac [::1] mars 06 14:38:08 teriyaki dovecot[24182]: imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [::1] mars 06 14:38:08 teriyaki dovecot[24182]: imap(teuf): Connection closed in=162 out=104973 I tried downgrading openssl to 1:1.0.1c-7.fc18.x86_64, these issues seem to be gone. I'm not exactly sure how to provide more information about this, but I can run more tests if needed.
Do you have aes-ni support in your cpu? grep aes /proc/cpuinfo
This gives me hits on 'aes'. CPU is an Intel(R) Core(TM) i5 CPU M 540 (thinkpad x201)
There is an upstream request tracker entry for this issue, unfortunately no resolution yet: http://rt.openssl.org/Ticket/Display.html?id=3002
Ask for a login :( Regardless, good to know I'm not the only one and that it's a known issue! I can live with the older version for now )
http://rt.openssl.org/Ticket/Display.html?id=3002&user=guest&pass=guest
Ah thanks David, I didn't realize this could be accessed as a guest.
Are you able to reproduce this problem with any other servers? For example openssl s_client -connect mail.uni-paderborn.de:465 Or connecting to IRC servers with SSL, perhaps? (btw, why are you doing this for local IMAP anyway? mutt can quite happily just invoke /usr/libexec/dovecot/imap for you instead of having to log in.)
Christophe, please could you confirm whether the problem goes away when you export OPENSSL_ia32cap=~0x200000200000000
(In reply to comment #7) > Are you able to reproduce this problem with any other servers? For example > openssl s_client -connect mail.uni-paderborn.de:465 I've tried a few servers, but could not hit the issue on the initial connection. Note that my dovecot/mutt issue does not happen upon initial connection, but after getting the list of messages and sorting them. openssl s_client -connect localhost:993 works as well > (btw, why are you doing this for local IMAP anyway? mutt can quite happily > just invoke /usr/libexec/dovecot/imap for you instead of having to log in.) Just my sucky sysadmin skills, when something works, I'm generally too lazy to try to get something better ) (In reply to comment #8) > Christophe, please could you confirm whether the problem goes away when you > export OPENSSL_ia32cap=~0x200000200000000 dovecot spawns several processes and cleans the environment in all of them (I looked in /proc/pid/environment), so I could not test that directly. However, I've tried a patch build replacing the OPENSSL_ia32cap getenv() call with this hardcoded value, and I no longer hit this bug with this patched version.
openssl-1.0.1e-4.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/openssl-1.0.1e-4.fc18
Package openssl-1.0.1e-4.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing openssl-1.0.1e-4.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-4069/openssl-1.0.1e-4.fc18 then log in and leave karma (feedback).
openssl-1.0.1e-4.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.