On Fri, Dec 27, 2013 at 03:28:46PM -0600, Bobber wrote: > >=== TLS started w/ cipher DES-CBC3-SHA > >=== TLS peer subject DN="/C=US/ST=Missouri/L=Saint Louis/O=The > >Lawrence Group/OU=IT/OU=Terms of use at www.verisign.com/rpa > >(c)05/CN=mail.thelawrencegroup.com"
There's your problem! This server (likely Exchange 2003) has a broken implementation of 3DES CBC padding (search Postfix users archives for my posts on the subject), and your cipher list is either long enough to cause it to not see RC4-SHA and RC4-MD5 or you've disabled RC4 (directly, or by only enabling HIGH grade ciphers). Exchange 2003 servers can't do better than RC4-SHA. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org