# TLS Error (invalid ecpointformat) after openssl update

## hanj

I've been seeing these in the mail logs recently.. pretty sure after the recent openssl update:

```
Nov  3 16:52:50 comp postfix/smtp[20420]: SSL_connect error to comp.com.pri-mx.smtproutes.com[208.70.89.100]:25: -1

Nov  3 16:52:50 comp postfix/smtp[20420]: warning: TLS library problem: 20420:error:1411809D:SSL routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat list:t1_lib.c:1440:

Nov  3 16:52:50 comp postfix/smtp[20420]: warning: TLS library problem: 20420:error:14092113:SSL routines:SSL3_GET_SERVER_HELLO:serverhello tlsext:s3_clnt.c:942:

Nov  3 16:52:50 comp postfix/smtp[20420]: 60E211178BE: Cannot start TLS: handshake failure

Nov  3 16:52:55 comp postfix/smtp[20420]: Host offered STARTTLS: [comp.com.pri-mx.smtproutes.com]
```

I made sure I ran revdep-rebuild on libssl and libcrypt after the update, which rebuilt postfix, etc. I'm curious if this related to something else. Not sure what it means, and Google turned up little. Anyone else experiencing this.. or have a suggestion?

```
[ebuild   R   ] dev-libs/openssl-1.0.0a-r3  USE="zlib -bindist -gmp -kerberos -rfc3779 -sse2 -test" 3,926 kB

[ebuild   R   ] mail-mta/postfix-2.6.6  USE="mysql pam sasl ssl vda -cdb -dovecot-sasl -hardened -ipv6 -ldap -mbox -nis -postgres (-selinux)" 3,262 kB
```

Thanks!

hanji

----------

## hanj

bump

----------

## gem

OpenSSL has known about the bug since April:

http://rt.openssl.org/Ticket/Display.html?id=2240

Various fixes are known, but nothing released.

RGDS

GARY

----------

