Register / Login
Win a copy of
this week in the
JDBC and Relational Databases
A Day in Code
A Day in Code
this forum made possible by our volunteer staff, including ...
Stephan van Hulst
openssl and TLS handshake issue
posted 1 year ago
When we are running the below command from server 10.XXX.XX.21. We have postfix server installed in 10.XXX.XXX.17 smtpd_tls_cert_file = none in the main.cf file and below are the settings we have done
smtpd_tls_security_level = encrypt smtpd_tls_loglevel = 1 smtpd_tls_cert_file = none smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3 smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,TLSv1.1 smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,TLSv1.1 smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,TLSv1.1 smtp_tls_security_level = encrypt #smtpd_tls_exclude_ciphers = RC4
openssl s_client -starttls smtp -connect 10.XXX.XXX.17:25 we are getting the below error
CONNECTED(00000003) 139970595088200:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 217 bytes and written 282 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE ---
However when we run the same command with a cipher options , We are getting it connection.
openssl s_client -starttls smtp -connect 10.XXX.XXX.17:25 -cipher aNULL
CONNECTED(00000003) --- no peer certificate available --- No client certificate CA names sent Server Temp Key: DH, 1024 bits --- SSL handshake has read 787 bytes and written 374 bytes --- New, TLSv1/SSLv3, Cipher is ADH-AES256-GCM-SHA384 Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : ADH-AES256-GCM-SHA384 Start Time: 1530802986 Timeout : 300 (sec) Verify return code: 0 (ok) --- 250 DSN
We run the EHLO command and found the 250-STARTTLS listed down.
So not sure what could be the reason
Drove my Chevy to the levee but the levee was dry. A wrung this tiny ad and it was still dry.
Devious Experiments for a Truly Passive Greenhouse!
Boost this thread!
Received fatal alert: handshake_failure
Apache Http Server : SSL Library Error: 336027803 error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO
How to create web service client to remote SSL service (HTTPS)?
SSL enable web service proxy