Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1339
Views
5
Helpful
4
Replies

SSL errors after upgrading to 10.0.1-083 - MD

Go to solution
Marijo Bartakovic
Level 1
Level 1

‎01-06-2017 08:00 AM

Hello,

I've upgraded from 10.0.0-203 to the latest MD release 10.0.1-083 and immediately received these errors when trying to test the SSL outbound connection.

tlsverify
Checking TLS connection.
Application fault occured: ('egg/coro_ssl.py create|147', "<type 'exceptions.AttributeError'>", "'NoneType' object has no attribute 'ssl'", '[egg/omh.py remote_cmd_tls_verify|10602] [egg/omh.py try_connect_verify|10418]
[egg/tls_verify.py connect_verify|95] [egg/coro_ssl.py create|147]').

The workraound was to change the ssl configuration from TLS 1.0,1.1,1.2 to, for example, only use TLS 1.2. and afterwards back to something else.

We left it to only use TLS v1.2.

We have a C100v and a C170, and had to do this on both appliances.

Are you guys having the same problems after upgrading? (It's out since yesterday 5th of January)...

Regards,

Marijo

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
dmccabej
Cisco Employee
Cisco Employee

‎01-12-2017 08:45 PM

Hello,

Just an FYI 10.0.1-087 has now been released which resolves this issue.

Thanks!

-Dennis M.

View solution in original post

4 Replies 4

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎01-06-2017 08:23 AM

Hi Marijo,

I do see a couple of recent sightings of this error after the upgrade and is currently being investigated to determine if a new defect would need to be filed.

I would recommend opening a TAC case (if not already) to assist with logs needed for investigation.

Regards,

Libin Varghese

0 Helpful

Go to solution
Jim Ganong
Level 1
Level 1
In response to Libin Varghese

‎01-11-2017 04:25 AM

Just updating this as more information has come out - I opened a case and the current workaround is as follows: (of course, bug fix s/b coming soon from Cisco)

To apply workaround, we changed a configuration setting under:

 sslconfig -> outbound -> "outbound SMTP ssl cipher.”

 

Change the ciphers config and added ":-EXPORT” twice commit After suspend / resume the delivery is working.

 

You may change the setting back to it's original configuration and the workaround will persist ( just remove the last :-EXPORT part). However, after any reboot, the appliance may once again encounter the error.

0 Helpful

Go to solution
dmccabej
Cisco Employee
Cisco Employee

‎01-06-2017 05:35 PM

Hello,

A defect was created today for the application fault you experienced after upgrading to 10.0.1-083 (MD).

TLS delivery breaks if first connection after boot is CPQ

Please note it may take 2-3 business days for the bug to become publicly visible. At this point in time, we do not recommend upgrading to 10.0.1-083 (MD) until this has been resolved. 

As a temporary workaround, you can change one of the settings under Mail Policies --> Destination Controls --> TLS (IE: Preferred) to something else (IE: Preferred to Preferred-Verify) --> Submit --> Commit --> Change back (IE: Preferred-Verify back to Preferred) --> Submit --> Commit.

Thanks!

-Dennis M.

0 Helpful

Go to solution
dmccabej
Cisco Employee
Cisco Employee

‎01-12-2017 08:45 PM

Hello,

Just an FYI 10.0.1-087 has now been released which resolves this issue.

Thanks!

-Dennis M.

Customers Also Viewed These Support Documents