On Fri, Dec 03, 2010 at 07:09:05PM +0100, Ralf Hildebrandt wrote:
> * Victor Duchovni <victor.ducho...@morganstanley.com>:
>
> > The remote SSL client sends "alert 0" which according to
> >
> > http://tools.ietf.org/html/rfc2246#section-7.2
> >
> > is a "close_notify" alert. So the remote client called the equivalent of
> > SSL_shutdown() in the middle of the SSL handshake. Perhaps the client was
> > "unimpressed" by your server's X509 certficate, or it is just buggy.
>
> This happens if the client doesn't like the certificate, because it is
> not signed by a trusted CA.
This is a reasonably plausible conjecture, but not yet a fact.
> Which machine is it, so we can have a look with s_client?
More importantly, the OP has said nothing useful about the nature of
relationship between the sending and receiving systems.
- Are they an MUA and an MSA, with the client (MUA) configured
to combine STARTTLS and AUTH (ideally on port 587)? What host
is the client expecting to connect to and does the server certificate
match (trusted chain and matching CN) this hostname to the client's
satisfaction?
- Are they a pair of MTAs, with a bilateral mandatory TLS policy?
Details of the expected security level and certificate policy?
- Other? Please explain...
--
Viktor.
