Error using Eudora, Sendmail and SSL

[Ed Kasky]

I have been attacking this issue in comp.mail.sendmail and it was suggested I post this on this list.

We can't seem to get Eudora 5.2 to talk nicely with sendmail-8.12.5, openssl-0.9.6d (and cyrus-sasl-1.5.27 for SMTP_AUTH) Mail sent from a local host through sendmail is encrypted and authorized. Using Eudora, it complains that it can't negotiate SSL.

From the maillog:

Nov 17 20:52:14 yoda2 sendmail[27781]: gAI4qE9C027781: --- 250 HELP
Nov 17 20:52:14 yoda2 sendmail[27781]: gAI4qE9C027781: <-- STARTTLS
Nov 17 20:52:14 yoda2 sendmail[27781]: gAI4qE9C027781: --- 220 2.0.0 Ready
to start TLS
Nov 17 20:52:15 yoda2 sendmail[27781]: STARTTLS=server, error: accept
failed=-1, SSL_error=1, timedout=0
Nov 17 20:52:15 yoda2 sendmail[27781]: STARTTLS=server:
27781:error:140890E9:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:tls peer did
not respond with certificate list:s3_srvr.c:1638:

From ssldump:

New TCP connection #15: eds.wrenkasky.com(1842) <-> yoda2.wrenkasky.com(25)
15 1 0.0347 (0.0347) C>S Handshake
ClientHello
Version 3.1
cipher suites
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Unknown value 0x50
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Unknown value 0x4e
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_DHE_DSS_WITH_RC4_128_SHA
TLS_DH_anon_WITH_RC4_128_MD5
TLS_ECDH_ECDSA_WITH_DES_CBC_SHA
Unknown value 0x4f
TLS_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_DH_anon_WITH_DES_CBC_SHA
TLS_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_RC2_56_CBC_SHA
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
TLS_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
TLS_RSA_WITH_NULL_SHA
TLS_RSA_WITH_NULL_MD5
Unknown value 0x47
Unknown value 0x4d
compression methods
NULL
15 2 0.0379 (0.0032) S>C Handshake
ServerHello
Version 3.1
session_id[32]=
00 a7 6c 3c 59 9e 5f 34 38 9e 13 d0 7b 92 c2 5c
f5 8a 4e 37 4d 82 9f 68 57 3c 50 02 93 12 a1 ba
cipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA
compressionMethod NULL
15 3 0.0379 (0.0000) S>C Handshake
Certificate
15 4 0.0452 (0.0072) S>C Handshake
CertificateRequest
certificate_types rsa_sign
certificate_types dss_sign
certificate_authority
30 81 8c 31 0b 30 09 06 03 55 04 06 13 02 55 53
31 0d 30 0b 06 03 55 04 08 13 04 55 74 61 68 31
17 30 15 06 03 55 04 07 13 0e 53 61 6c 74 20 4c
61 6b 65 20 43 69 74 79 31 18 30 16 06 03 55 04
0a 13 0f 58 63 65 72 74 20 45 5a 20 62 79 20 44
53 54 31 18 30 16 06 03 55 04 03 13 0f 58 63 65
72 74 20 45 5a 20 62 79 20 44 53 54 31 21 30 1f
06 09 2a 86 48 86 f7 0d 01 09 01 16 12 63 61 40
64 69 67 73 69 67 74 72 75 73 74 2e 63 6f 6d

(...and then 60 or so more certificate_authority's until)

ServerHelloDone
15 5 0.0605 (0.0152) C>S Alert
level warning
value unknown value
15 6 0.0605 (0.0000) C>S Handshake
ClientKeyExchange
15 7 0.0605 (0.0000) C>S ChangeCipherSpec
15 8 0.0605 (0.0000) C>S Handshake
15 9 0.0667 (0.0062) S>C Alert
level fatal
value unexpected_message
15 0.0680 (0.0012) S>C TCP RST

If I turn off the SSL request in Eudora, the AUTH will work but without
encryption.

So, what the [expletive deleted] am I doing wrong???

Any help is greatly appreciated.

Ed Kasky
Los Angeles, CA
. . . . . . . .
All those who believe in psychokinesis raise my hand.

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]