invalid SSL_version specified at /usr/share/perl5/IO/Socket/SSL.pm line 332

perl ssl ubuntu

40,420

Solution 1

There is a bug report on Debian's bug tracker website: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679911

It also states a workaround:

specify -o tls=no as an option on the command line.

Thanks @Manolo Díaz on debian.org.

Solution 2

Actually, just take the default (remove the second parameter). See https://metacpan.org/pod/IO::Socket::SSL (search for SSL_version). The default is SSLv23:!SSLv3:!SSLv2.

I modified line 1906 in v1.56 to read

#        if (! IO::Socket::SSL->start_SSL($SERVER, SSL_version => 'SSLv3 TLSv1')) {
    if (! IO::Socket::SSL->start_SSL($SERVER)) {

(just commenting out the original line)

Solution 3

Easier workaround is:

Replace:

m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1[12]?))$}i

With:

m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1[12]?))}i

Solution 4

If you still get a certificate error after fixing the SSLversion as shown above, you need to disable certificate checking:

if (! IO::Socket::SSL->start_SSL($SERVER, SSL_version => 'SSLv23:!SSLv2', SSL_verify_mode => 0)) {

Solution 5

Also a workaround, do this if it's required to send from smtp.gmail.com:

/usr/bin/sendemail on line 1907: 'SSLv3 TLSv1' => 'SSLv3'

as temporary solution.

View more solutions

40,420

jippie

I'm into: Linux; Networking; IT Security; Perl; System integration; Arduino; ATtiny & ATmega Microcontrollers (AVR); Analog electronics;

Updated on September 18, 2022

Comments

jippie over 1 year

Since I upgraded my PC from (k)ubuntu 12.04 to 12.10 I receive this error message when trying to send an email using sendemail.

Installing an older version of IO::Socket::SSL is not an option. I have the impression that all works as it should and the message is just a warning.

How can I get rid of this message?

SSL.pm

I think the below has to do with the problem (/usr/share/perl5/IO/Socket/SSL.pm).

34  use constant DEFAULT_VERSION     => 'SSLv23:!SSLv2';

...

251         my %default_args = (
252                 Proto => 'tcp',
253                 SSL_server => $is_server,
254                 SSL_use_cert => $is_server,
255                 SSL_check_crl => 0,
256                 SSL_version     => DEFAULT_VERSION,
257                 SSL_verify_mode => SSL_VERIFY_NONE,
258                 SSL_verify_callback => undef,
259                 SSL_verifycn_scheme => undef,  # don't verify cn
260                 SSL_verifycn_name => undef,    # use from PeerAddr/PeerHost
261                 SSL_npn_protocols => undef,    # meaning depends whether on server or client side
262                 SSL_honor_cipher_order => 0,   # client order gets preference
263         );

...

332         ${*$self}{'_SSL_ctx'} = IO::Socket::SSL::SSL_Context->new($arg_hash) || return;

sendemail

And at sendemail end I think it is about here in the code:

1903     ## Start TLS if possible
1904     if ($conf{'tls_server'} == 1 and $conf{'tls_client'} == 1 and $opt{'tls'} =~ /^(yes|auto)$/) {
1905         printmsg("DEBUG => Starting TLS", 2);
1906         if (SMTPchat('STARTTLS')) { quit($conf{'error'}, 1); }
1907         if (! IO::Socket::SSL->start_SSL($SERVER, SSL_version => 'SSLv3 TLSv1')) {
1908             quit("ERROR => TLS setup failed: " . IO::Socket::SSL::errstr(), 1);
1909         }
1910         printmsg("DEBUG => TLS: Using cipher: ". $SERVER->get_cipher(), 3);
1911         printmsg("DEBUG => TLS session initialized :)", 1);
1912 
1913         ## Restart our SMTP session
1914         if (SMTPchat('EHLO ' . $opt{'fqdn'})) { quit($conf{'error'}, 1); }
1915     }
1916     elsif ($opt{'tls'} eq 'yes' and $conf{'tls_server'} == 0) {
1917         quit("ERROR => TLS not possible! Remote SMTP server, $conf{'server'},  does not support it.", 1);
1918     }

Dave Jacoby over 9 years

My problem is that this fix breaks Net::Twitter
Rahul Patil over 9 years

1690 line /usr/share/perl5/IO/Socket/SSL.pm in Ubuntu 14.04
Steffen Ullrich over 8 years

Since some people still consider the workaround in this answer as the fix and complain about the bug in IO::Socket::SSL: The problem is not in IO::Socket::SSL but is a bug in sendEmail, which is unmaintained since 2009. In detail: the syntax for SSL_version is wrong and was not even valid at the time code was written, only IO::Socket::SSL did not complain then. The fix is just to remove the setting of SSL_version from sendemail. See also rt.cpan.org/Public/Bug/Display.html?id=77401.
jippie over 8 years

Haven't seen the issue myself for ages and the ubuntu package has been fixed in the mean while. First attempt into fixing this issue should be to patch the system / use most current versions of the software. The alternative solution is interesting from an other point of view though, thnx.
Znik about 7 years

as workaround it is fine, but fix is needed.