Lindsay Haisley writes:
On Sat, 2014-05-03 at 20:30 -0400, Sam Varshavchik wrote: > All that can be elicited from this is that Courier sent a packet to the > other server. That's about the right size for one of several packets that > get exchanged between the client and server, to negotiate the connection.> The response was seven bytes from that mail server; which is consistent with> the server returning an error packet. > > There could be something in that server's logs that might provide a clue. > Can't really tell anything more than that.Yet a client sending mail to mx.nv.net from a system running OpenSSL 0.9.8e-fips-rhel5 has no problem connecting and completing an ESMTP session with STARTTLS. The other client box doesn't have couriertls on it so I can't try to pull the information on the cert from there, unless there's another tool with which to do this.
This is an interoperability issue between OpenSSL and whatever SSL software is running on that server.
OpenSSL's built-in client is barfing. $ openssl s_client -connect mx.nv.net:25 -starttls smtp CONNECTED(00000003)139689135974272:error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message:s23_clnt.c:741:
--- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 338 bytes and written 284 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE ---You can try openssl s_client with your own server, to see how a successful connection looks like.
This may be sufficient information to put pressure on nv.net to take the ball in their court. We're now talking about the current version of the most widely used SSL library failing to talk to their server.
pgp6sk8n6ZG9D.pgp
Description: PGP signature
------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
