On Fri, 06 Oct 2006 17:59:51 -0400, Brian Szymanski wrote: > What client are you trying to use? Straight telnet
> > What's in the error log above and below that line? Have you tried to > bump up the logging level by uncommenting the debug constants after > the use IO::Socket::SSL line? Absolutely nothing. > When I did that I found that the issue I was having (this was with > plain old tcpserver, YMMV) was that client and server couldn't agreee > on a cipher - qpsmtpd is restricted to openssl's "HIGH" quality > ciphers by default. To change this check out the qpsmtpd-0.3x branch > with a revision > 663 and modify config/tls_ciphers. For example, I I de-commented out the debug lines and no other logging took place. One thing to note, the "500 TLS Negotiation Failed" messages pops up immediately, maybe a 1 or 2 second pause. Is there a timeout period on tls negotiation? When I try a telnet against my qmail box it sits there and waits for the client to attempt a tls negotiation before it bombs out. Thanks, Ed > > Good luck & let us know what you find. > Brian > > On Oct 6, 2006, at 3:21 PM, Ed McLain wrote: > >> Ok.. Now that I have everything working with apache and qpsmtpd I'm >> wanting to throw tls into the mix as well. I've got the certs and >> keys >> built, however, when I issue a STARTTLS command I get the following: >> >> 250-PIPELINING >> 250-8BITMIME >> 250 STARTTLS >> STARTTLS >> 220 Go ahead with TLS >> 500 TLS Negotiation Failed >> quit >> >> and I get this in the apache error log: >> TLS failed: Could not create SSL socket: at /home/smtpd/qpsmtpd// >> plugins/tls line 98. >> >> >> Is there an issue with trying to create an SSL socket inside >> apache? Does >> anybody have this working? >> >> Thanks, >> Ed >>
