On 1/2/2025 9:48 AM, Paul McKinley via Cygwin wrote:
Hi, René, thanks so much for your help!
The command reports version 1.3, nothing else. Would it have listed
additional versions, possibly in different paragraphs if supported?
Openssl? It reports the higher version accepted. The openssl command
also allows you to limit the version, so you could check if 1.2 is
accepted (or like in MS Windows is deprecated.)
I use current version of Mozilla Thunderbird for an email client, no
issues with smtp sending there and connecting to the same email server
so I know that side's working, but it's using the Thunderbird ssl stack,
not openssl from cygwin.
Is TLS 1.3 not supported in cygwin email yet?
I don't know, I don't have it in my mail server, so haven't tested.
The error I get is the timeout while trying to read from SMTP server so
it seems something's going wrong in the handshake sequence.
Yes, it looks like it.
Greeting the SMTP server...
email: FATAL: Smtp error: Timeout(10) while trying to read from SMTP server
<snip>
---
SSL handshake has read 3669 bytes and written 455 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
On port 465 it connects but doesn't do STARTTLS.
CONNECTED(00000005)
Didn't find STARTTLS in server response, trying anyway...
100000000A000000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof
while reading:ssl/record/rec_layer_s3.c:322:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 382 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
After I enabled the option on the server I did get one successful test,
then a failure. Don't know what went wrong. But if openssl doesn't
work, anything that uses it, like eMail, won't work.
With eMail it just doesn't work.
BTW I didn't mention that in order to get out of openssl you can use
Ctrl-d (the connection is live, you could send and receive anything
after the "250 DSN"... we usually simulated the mail protocol by hand).
--
R.B.
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
