[openssl-users] SSL_read() failed: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init

Matt Caswell matt at openssl.org
Thu Oct 26 12:33:40 UTC 2017

On 26/10/17 13:28, Kadlecsik József wrote:
> Hi,
> On Thu, 26 Oct 2017, Matt Caswell wrote:
>>> Oct 20 18:50:05 mail2 dovecot: imap-login: Debug: SSL error: SSL_read() 
>>> failed: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
>>> The openssl package is 1.1.0f-3.
>>> The error messsage is total cryptic to me: how could three states be 
>>> intermixed?
>>> I think it's a dovecot issue about how the openssl library is used but I'm 
>>> unfamiliar with the details of the openssl library: what function, macro 
>>> is used incorrectly then, at which state?
>> SSL_shutdown() is used to shut down an SSL/TLS connection that has 
>> already been established (meaning that the SSL/TLS handshake has 
>> completed and we are ready to send/receive application data). If you 
>> call SSL_shutdown() while the handshake is still in progress then you 
>> get the "shutdown while in init" error message.
> But why SSL_read() failed with this error message?

That I can't explain since SSL_read() does not call SSL_shutdown().
Plausibly if SSL_read() fails (e.g. because the underlying TCP
connection died) then dovecot could call SSL_shutdown() immediately even
if it's still not completed the handshake. Then dovecot reports the
SSL_read() failure along with the error message from the subsequent
attempt to shutdown the connection. Just a theory.


More information about the openssl-users mailing list