Goetz Babin-Ebell wrote:
> Hello Richard,
>
> Richard Levitte - VMS Whacker wrote:
> > In message <[EMAIL PROTECTED]> on Thu, 15 Feb 2007
> 10:34:23 -0800,
> > Kees Cook <[EMAIL PROTECTED]> said:
>
> > kees> 3 years ago, I wrote a patch[1] (and did the TSU[2]) for adding
> > kees> these features to s_client. Can this please be applied to CVS?
>
> > Yes. Done. Thank you, and sorry you had to wait 3 years for this to
> > happen.
>
> The problem (not only I have) with the patch is
> that at least in SMTP and IMAP it is illegal
> to start TLS before an initial protocol handshake is done:
>
> * in SMTP doing a STARTTLS without previous EHLO
> will return a
> 503 STARTTLS command used when not advertised
> * in IMAP doing a STARTLS requires a
> . CAPABILITY
> first.
>
> In both cases the server response should be parsed for
> the string "STARTTLS"...
>
This statement is technically correct. As the s_client tool is however
intended for testing purposes only (you remember that a capital
"R" at the beginning of the line will start a renegotiation instead
of being transferred to the server :-) adding the EHLO and .CAPABILITY
should be sufficient and the more complex parsing of the response
might be omitted...
Best regards,
Lutz
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
