Thank you so much for the response Jakob. Yes I agree with you about the connection succeeded and later rejected on credentials part. The same worked from all the RHEL Version below 7 so I was thinking it might be a issue at OS level.
Based on your suggestion, I feel that the issue is with the Exchange Server. Please double confirm. Thanks and Regards Chandu On Sat, May 11, 2019, 3:02 PM Jakob Bohm via openssl-users < openssl-users@openssl.org> wrote: > Your transcript below seems to show a successful connection to Microsoft's > cloud mail, then Microsoft rejecting the password and closing the > connection. > > You are not connecting to your own Exchange server, but to a central > Microsoft > service that also handles their consumer mail accounts (hotmail.com, > live.com, > outlook.com etc.). This service load balances connections between many > servers > which cab give different results for each try. > > On 10/05/2019 17:01, Chandu Gangireddy wrote: > > Dear OpenSSL Users, > > > > At my corporate environment, I'm experience a challenge to use openssl > > s_client utility. I really appreciate if someone can help me narrow > > down the issue. > > > > Here the details - > > > > Platform: RHEL 7.x > > *Openssl version:* > > OpenSSL 1.0.2k-fips 26 Jan 2017 > > built on: reproducible build, date unspecified > > platform: linux-x86_64 > > options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) > > idea(int) blowfish(idx) > > compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB > > -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT > > -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 > > -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 > > -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY > > -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 > > -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM > > -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM > > -DGHASH_ASM -DECP_NISTZ256_ASM > > OPENSSLDIR: "/etc/pki/tls" > > engines: rdrand dynamic > > > > Command tried to tes the connectivity between my Linux client server > > to remote office 365 exchange server using POP3 port - > > > > $ openssl s_client -crlf -connect outlook.office365.com:995 > > <http://outlook.office365.com:995> > > ... > > ... > > subject=/C=US/ST=Washington/L=Redmond/O=Microsoft > > Corporation/CN=outlook.com <http://outlook.com> > > issuer=/C=US/O=DigiCert Inc/CN=DigiCert Cloud Services CA-1 > > --- > > No client certificate CA names sent > > Peer signing digest: SHA256 > > Server Temp Key: ECDH, P-256, 256 bits > > --- > > SSL handshake has read 3952 bytes and written 415 bytes > > --- > > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 > > Server public key is 2048 bit > > Secure Renegotiation IS supported > > Compression: NONE > > Expansion: NONE > > No ALPN negotiated > > SSL-Session: > > Protocol : TLSv1.2 > > Cipher : ECDHE-RSA-AES256-GCM-SHA384 > > Session-ID: > > 072F0000FFDC6177DE9CAB2B59EA06E486A25AD8A2882A9B82F16678BAD74E79 > > Session-ID-ctx: > > Master-Key: > > > DD7B59F38867FEAB9656B519FBCD743158E528C63FF9A96CE758120424159F26967F9F6FE57A9B5E7CAD806798322278 > > Key-Arg : None > > Krb5 Principal: None > > PSK identity: None > > PSK identity hint: None > > Start Time: 1557500061 > > Timeout : 300 (sec) > > Verify return code: 0 (ok) > > --- > > +OK The Microsoft Exchange POP3 service is ready. > > > [QgBOADYAUABSADEANABDAEEAMAAwADQAMgAuAG4AYQBtAHAAcgBkADEANAAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A] > > *USER netco...@cox.com <mailto:netco...@cox.com>* > > *+OK* > > *PASS XXXXXXXX* > > *-ERR Logon failure: unknown user name or bad password.* > > *quit* > > *+OK Microsoft Exchange Server POP3 server signing off.* > > *read:errno=0* > > > > Operating System: > > Red Hat Enterprise Linux Server release 7.2 (Maipo) > > > > When I did the same from a different server, it worked as expected. > > Following are the two difference which I noticed between a working > > server and non-working server. > > * > > * > > *Working server details:* > > 1. Red Hat Enterprise Linux Server release 6.9 (Santiago) > > 2. openssl version > > OpenSSL 1.0.1e-fips 11 Feb 2013 > > built on: Mon Jan 30 07:47:24 EST 2017 > > platform: linux-x86_64 > > options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) > > idea(int) blowfish(idx) > > compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS > > -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN > > -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions > > -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic > > -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT > > -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM > > -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM > > -DWHIRLPOOL_ASM -DGHASH_ASM > > OPENSSLDIR: "/etc/pki/tls" > > engines: dynamic > > > > Please let me know if you need any further details from my end. > > > > Thanks, in advance. > > Chandu > > > -- > Jakob Bohm, CIO, partner, WiseMo A/S. https://www.wisemo.com > Transformervej 29, 2860 Soborg, Denmark. direct: +45 31 13 16 10 > <call:+4531131610> > This message is only for its intended recipient, delete if misaddressed. > WiseMo - Remote Service Management for PCs, Phones and Embedded >
