invalid SSL_version specified at /usr/share/perl5/IO/Socket/SSL.pm line 332
Solution 1
There is a bug report on Debian's bug tracker website: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679911
It also states a workaround:
specify -o tls=no
as an option on the command line.
Thanks @Manolo Díaz on debian.org.
Solution 2
Actually, just take the default (remove the second parameter). See https://metacpan.org/pod/IO::Socket::SSL (search for SSL_version). The default is SSLv23:!SSLv3:!SSLv2.
I modified line 1906 in v1.56 to read
# if (! IO::Socket::SSL->start_SSL($SERVER, SSL_version => 'SSLv3 TLSv1')) {
if (! IO::Socket::SSL->start_SSL($SERVER)) {
(just commenting out the original line)
Solution 3
Easier workaround is:
Replace:
m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1[12]?))$}i
With:
m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1[12]?))}i
Solution 4
If you still get a certificate error after fixing the SSLversion as shown above, you need to disable certificate checking:
if (! IO::Socket::SSL->start_SSL($SERVER, SSL_version => 'SSLv23:!SSLv2', SSL_verify_mode => 0)) {
Solution 5
Also a workaround, do this if it's required to send from smtp.gmail.com
:
/usr/bin/sendemail on line 1907: 'SSLv3 TLSv1' => 'SSLv3'
as temporary solution.
Related videos on Youtube
jippie
I'm into: Linux; Networking; IT Security; Perl; System integration; Arduino; ATtiny & ATmega Microcontrollers (AVR); Analog electronics;
Updated on September 18, 2022Comments
-
jippie over 1 year
Since I upgraded my PC from (k)ubuntu 12.04 to 12.10 I receive this error message when trying to send an email using
sendemail
.Installing an older version of IO::Socket::SSL is not an option. I have the impression that all works as it should and the message is just a warning.
How can I get rid of this message?
SSL.pm
I think the below has to do with the problem (/usr/share/perl5/IO/Socket/SSL.pm).
34 use constant DEFAULT_VERSION => 'SSLv23:!SSLv2';
...
251 my %default_args = ( 252 Proto => 'tcp', 253 SSL_server => $is_server, 254 SSL_use_cert => $is_server, 255 SSL_check_crl => 0, 256 SSL_version => DEFAULT_VERSION, 257 SSL_verify_mode => SSL_VERIFY_NONE, 258 SSL_verify_callback => undef, 259 SSL_verifycn_scheme => undef, # don't verify cn 260 SSL_verifycn_name => undef, # use from PeerAddr/PeerHost 261 SSL_npn_protocols => undef, # meaning depends whether on server or client side 262 SSL_honor_cipher_order => 0, # client order gets preference 263 );
...
332 ${*$self}{'_SSL_ctx'} = IO::Socket::SSL::SSL_Context->new($arg_hash) || return;
sendemail
And at sendemail end I think it is about here in the code:
1903 ## Start TLS if possible 1904 if ($conf{'tls_server'} == 1 and $conf{'tls_client'} == 1 and $opt{'tls'} =~ /^(yes|auto)$/) { 1905 printmsg("DEBUG => Starting TLS", 2); 1906 if (SMTPchat('STARTTLS')) { quit($conf{'error'}, 1); } 1907 if (! IO::Socket::SSL->start_SSL($SERVER, SSL_version => 'SSLv3 TLSv1')) { 1908 quit("ERROR => TLS setup failed: " . IO::Socket::SSL::errstr(), 1); 1909 } 1910 printmsg("DEBUG => TLS: Using cipher: ". $SERVER->get_cipher(), 3); 1911 printmsg("DEBUG => TLS session initialized :)", 1); 1912 1913 ## Restart our SMTP session 1914 if (SMTPchat('EHLO ' . $opt{'fqdn'})) { quit($conf{'error'}, 1); } 1915 } 1916 elsif ($opt{'tls'} eq 'yes' and $conf{'tls_server'} == 0) { 1917 quit("ERROR => TLS not possible! Remote SMTP server, $conf{'server'}, does not support it.", 1); 1918 }
-
Dave Jacoby over 9 yearsMy problem is that this fix breaks Net::Twitter
-
Rahul Patil over 9 years1690 line /usr/share/perl5/IO/Socket/SSL.pm in Ubuntu 14.04
-
Steffen Ullrich over 8 yearsSince some people still consider the workaround in this answer as the fix and complain about the bug in IO::Socket::SSL: The problem is not in IO::Socket::SSL but is a bug in sendEmail, which is unmaintained since 2009. In detail: the syntax for SSL_version is wrong and was not even valid at the time code was written, only IO::Socket::SSL did not complain then. The fix is just to remove the setting of SSL_version from sendemail. See also rt.cpan.org/Public/Bug/Display.html?id=77401.
-
jippie over 8 yearsHaven't seen the issue myself for ages and the ubuntu package has been fixed in the mean while. First attempt into fixing this issue should be to patch the system / use most current versions of the software. The alternative solution is interesting from an other point of view though, thnx.
-
Znik about 7 yearsas workaround it is fine, but fix is needed.