Hi Saj,
thanks for following up.
Saj Goonatilleke wrote:
/usr/bin/openssl s_client -host smtp.mail.me.com -port 587 -starttls smtp
Thank you for this. I think it gives useful information.
$ /usr/bin/openssl s_client -host smtp.mail.me.com -port 587 -starttls smtp
CONNECTED(00000003)
844:error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert
protocol
version:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.60.2/src/ssl/s23_clnt.c:593:
while just
openssl s_client -host smtp.mail.me.com -port 587 -starttls smtp
Connecting to 17.42.251.67
CONNECTED(00000004)
<...>
SSL handshake has read 6053 bytes and written 1669 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
so your guess is right, the system openssl has issues, the macports not.
I think the system one doesn't like TLSv1.3 (with which OS version did
Mac get it?) or for some other reason it is not switching by defaulting
to a lower one.
Maybe the system version can be tweaked to work or maybe not.
as you notice I already have a newer version installed which seems to
work. What do you suggest as stunnel? SSH proxying a port or something
more transparent? If you have a pointer somewhere.. maybe somebody
already attempted something similar.
Riccardo
