[openssl.org #980] "-starttls smtp" not standard compliant and leads to misleading "unknown protocol" error
Fixed some time ago. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #980] "-starttls smtp" not standard compliant and leads to misleading "unknown protocol" error
another patch in http://www.mail-archive.com/openssl-dev@openssl.org/msg20600.html __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #980] "-starttls smtp" not standard compliant and leads to misleading "unknown protocol" error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kurt Roeckx wrote: > On Sat, Dec 16, 2006 at 08:03:43PM +0100, Goetz Babin-Ebell wrote: >> -BEGIN PGP SIGNED MESSAGE- >> via RT wrote: >>> [EMAIL PROTECTED] ~]$ openssl s_client -connect mail.buu.ch:25 >>> -starttls smtp -debug >> [...] >> >> I have a patch for s_client which allows arbitrary (textual) handshake >> before the TLS handshake starts... > > The SMTP protocol requies you to send the EHLO command before you > send STARTTLS. I'm aware of that. My patch was originally to do some tests on an IMAP server. But it is an generalized approach allowing you to do any textual handshake before you setup TLS. > See http://www.mail-archive.com/openssl-dev@openssl.org/msg20600.html > for a patch that adds an -ehlo option. > > (It also has some discussion of you about a more generalized way of > doing it.) Oups... Yes it has. Time flies like an arrow... My idea from last year still is good, but my patch is a first step do it... > Anyway, s_client's -starttls currently takes 2 protocols as argument, > smpt or pop3. I think it should just properly implement those > protocols. For SMTP that would mean sending the EHLO before STARTTLS. Fixing the SMTP case would be good, but allowing arbitrary textual handshake before TLS starts wides the area of possible uses... Bye Goetz -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFFhaWF2iGqZUF3qPYRAkDIAJ0YwH65A2oDzVE/Y5rKeqfDVvYgKwCfS2c3 rw4FQTcc2+9aCP59fZIFeRY= =ewY4 -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #980] "-starttls smtp" not standard compliant and leads to misleading "unknown protocol" error
On Sat, Dec 16, 2006 at 08:03:43PM +0100, Goetz Babin-Ebell wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hello Ralf, > > via RT wrote: > > [EMAIL PROTECTED] ~]$ openssl s_client -connect mail.buu.ch:25 > > -starttls smtp -debug > [...] > > I have a patch for s_client which allows arbitrary (textual) handshake > before the TLS handshake starts... The SMTP protocol requies you to send the EHLO command before you send STARTTLS. See http://www.mail-archive.com/openssl-dev@openssl.org/msg20600.html for a patch that adds an -ehlo option. (It also has some discussion of you about a more generalised way of doing it.) Anyway, s_client's -starttls currently takes 2 protocols as argument, smpt or pop3. I think it should just properly implement those protocols. For SMTP that would mean sending the EHLO before STARTTLS. Kurt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #980] "-starttls smtp" not standard compliant and leads to misleading "unknown protocol" error
__ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #980] "-starttls smtp" not standard compliant and leads to misleading "unknown protocol" error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Ralf, via RT wrote: > [EMAIL PROTECTED] ~]$ openssl s_client -connect mail.buu.ch:25 > -starttls smtp -debug [...] I have a patch for s_client which allows arbitrary (textual) handshake before the TLS handshake starts... If somebody is interested in it... Bye Goetz -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFFhEMP2iGqZUF3qPYRAvYlAJ9yKvdEJBr52Y11s3ZG/7rxzDL1wwCfX36A 97TZoL/cD29X2If9MaANZjg= =Z9F1 -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[openssl.org #980] "-starttls smtp" not standard compliant and leads to misleading "unknown protocol" error
same with an exchange server. Does anybody have a suggestion how to get the TLS certificate from an exchange mail server with openssl? [EMAIL PROTECTED] ~]$ openssl s_client -connect mail.buu.ch:25 -starttls smtp -debug CONNECTED(0003) read from 09AC93A8 [09AC4130] (8192 bytes => 120 (0x78)) - 32 32 30 20 6d 61 69 6c-32 1e 62 75 6f 62 73 72 220 mail2.bu 0010 - 61 45 62 2e 63 68 20 4d-69 63 72 6f 73 6f 66 74 uub.ch Microsoft 0020 - 20 45 53 4d 54 50 20 4d-41 49 4c 20 53 65 72 76ESMTP MAIL Serv 0030 - 69 63 65 2c 20 56 65 72-73 69 6f 6e 3a 20 36 2e ice, Version: 6. 0040 - 30 2e 33 37 39 30 2e 31-38 33 30 20 72 65 61 64 0.3790.1830 read 0050 - 79 20 61 74 20 20 53 61-74 2c 20 31 36 20 44 65 y at Sat, 16 De 0060 - 63 20 32 30 30 36 20 31-33 3a 34 35 3a 30 38 20 c 2006 13:45:08 0070 - 2b 30 31 30 30 20 0d 0a- +0100 .. write to 09AC93A8 [BFF21D30] (10 bytes => 10 (0xA)) - 53 54 41 52 54 54 4c 53-0d 0a STARTTLS.. read from 09AC93A8 [09AC2128] (8192 bytes => 28 (0x1C)) - 35 30 33 20 35 2e 35 2e-32 20 53 65 6e 64 20 68 503 5.5.2 Send h 0010 - 65 6c 6c 6f 20 66 69 72-73 74 0d 0a ello first.. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[openssl.org #980] "-starttls smtp" not standard compliant and leads to misleading "unknown protocol" error
see http://www.mail-archive.com/openssl-users@openssl.org/msg32453.html or with exim: openssl s_client -state -starttls smtp -debug -connect smtp.privasphere.com:25 CONNECTED(0003) read from 080B1378 [080ABFA8] (8192 bytes => 75 (0x4B)) - 32 32 30 20 70 72 69 73-63 69 6c 6c 61 2e 69 6e 220 priscilla.in 0010 - 74 65 72 77 61 79 2e 63-68 20 45 53 4d 54 50 20 terway.ch ESMTP 0020 - 45 78 69 6d 20 34 2e 34-33 20 57 65 64 2c 20 32 Exim 4.43 Wed, 2 0030 - 34 20 4e 6f 76 20 32 30-30 34 20 31 30 3a 35 38 4 Nov 2004 10:58 0040 - 3a 31 32 20 2b 30 31 30-30 0d 0a :12 +0100.. write to 080B1378 [BFFFEC50] (10 bytes => 10 (0xA)) - 53 54 41 52 54 54 4c 53-0d 0a STARTTLS.. read from 080B1378 [080A9FA0] (8192 bytes => 47 (0x2F)) - 35 30 33 20 53 54 41 52-54 54 4c 53 20 63 6f 6d 503 STARTTLS com 0010 - 6d 61 6e 64 20 75 73 65-64 20 77 68 65 6e 20 6e mand used when n 0020 - 6f 74 20 61 64 76 65 72-74 69 73 65 64 0d 0a ot advertised.. SSL_connect:before/connect initialization write to 080B1378 [080B13C0] (142 bytes => 142 (0x8E)) - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ..c... ..9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00 ..3..2../.f. 0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00 .c.. 0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40 b..a...@ 0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00 ..e..d..`... 0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 bc a3 0070 - d3 6f 0c 48 41 97 89 64-32 67 83 af 77 1c 07 ee .o.HA..d2g..w... 0080 - a2 f5 9f fd e2 e3 57 af-64 8d 15 57 16 38 ..W.d..W.8 SSL_connect:SSLv2/v3 write client hello A read from 080B1378 [080B6920] (7 bytes => 7 (0x7)) - 35 30 31 20 4e 55 4c 501 NUL SSL_connect:error in SSLv2/v3 read server hello A 27159:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:475: or also openssl s_client -state -starttls smtp -debug -connect mail.swissmail.org:25 CONNECTED(0003) read from 080B1378 [080ABFA8] (8192 bytes => 82 (0x52)) - 32 32 30 20 6d 61 69 6c-2e 67 65 6e 65 72 61 6c 220 mail.general 0010 - 6d 61 69 6c 2e 63 6f 6d-20 53 4d 54 50 20 45 6d mail.com SMTP Em 0020 - 46 6f 53 20 31 2e 30 2c-20 28 43 29 20 31 39 39 FoS 1.0, (C) 199 0030 - 37 20 46 50 57 2f 68 70-77 20 28 68 74 74 70 3a 7 FPW/hpw (http: 0040 - 5c 77 77 77 2e 66 70 77-2e 63 68 29 20 72 65 61 \www.fpw.ch) rea 0050 - 64 79 dy write to 080B1378 [BFFFEC50] (10 bytes => 10 (0xA)) - 53 54 41 52 54 54 4c 53-0d 0a STARTTLS.. read from 080B1378 [080A9FA0] (8192 bytes => 2 (0x2)) - 0d 0a .. SSL_connect:before/connect initialization write to 080B1378 [080B13C0] (142 bytes => 142 (0x8E)) - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ..c... ..9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00 ..3..2../.f. 0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00 .c.. 0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40 b..a...@ 0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00 ..e..d..`... 0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 3a 43 ..:C 0070 - 98 59 4a 53 dc d0 f0 6f-a3 95 f6 ec 54 23 a1 de .YJS...oT#.. 0080 - 63 b3 80 e9 b2 15 6e c9-bd 70 7d 27 d6 f2 c.n..p}'.. SSL_connect:SSLv2/v3 write client hello A read from 080B1378 [080B6920] (7 bytes => 7 (0x7)) - 35 35 30 20 49 6c 6c 550 Ill __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]