Messaging Gateway

 View Only

  • 1.  Huh? smtp: ssl bad peer certificate

    Posted Jun 25, 2009 08:14 PM
    Another company sends us mail using mandatory TLS.

    We always accept TLS offers.

    Up until Sunday we have been able to receive mail from them just fine, then it stopped coming.

    They see something like this in their mail server logs (they have Lotus Notes)

    06/24/2009 08:43:29 AM [1164:0006-1188] SMTPClient: SSL handshake error: 1C7Bh
    06/24/2009 08:43:29 AM Router: No messages transferred to XXXXXXX.COM (host mail2a.XXXXXXX.COM) via SMTP: SSL bad peer certificate. Connection refused.
    06/24/2009 08:43:30 AM [1164:000B-11A4] SMTPClient: SSL handshake error: 1C7Bh
    06/24/2009 08:43:30 AM Router: No messages transferred to XXXXXX.COM (host mail4a.XXXXXXX.COM) via SMTP: SSL bad peer certificate. Connection refused.

    They think that the problem is on our side. But we haven't changed anything except we upgraded our BMGs from v7 to v8 on Saturday.

    I think this is something on their side, but I am not able to prove anything.

    Has anyone seen anything like this before?



  • 2.  RE: Huh? smtp: ssl bad peer certificate

    Posted Jun 26, 2009 08:18 AM

    I think you probably want to capture debugged MTA logs on the Brightmail Gateway to correspond with the customers logs.

    One change that I think took place in version 8 is that I believe we now only allow SSLv3 level (high and medium) ciphers.
     
    I wonder if your partner is using SSLv2, weak or anonymous cyphers...  If that's the case it could be the issue here.  SSLv2 is over 10 years old, has been cracked, and is unreliable.

    Kevin