unknown protocol, wrong version number, handshake failure

Losonczi János Wed, 29 Sep 2004 00:36:21 -0700

Hi,
I'd like to connect an openssl smtp client to a sendmail server (OSF1, sendmail 
8.12.10, openssl 0.9.7c)
Could anybody help me?


When I start sendmail it's all right, sendmail is able to STARTTLS.
I checked it with command telnet 25 too.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# /sbin/init.d/sendmail start
/etc/mail/aliases: 26 aliases, longest 25 bytes, 308 bytes total
Mmrelay: Warning: first argument in [IPC] mailer must be TCP or FILE
/etc/mail/aliases: 26 aliases, longest 25 bytes, 308 bytes total
SMTP Mail Service started.
# Sep 27 14:05:31 mercur sendmail[350961]: alias database /etc/mail/aliases rebuilt by 
janos
Sep 27 14:05:31 mercur sendmail[350961]: /etc/mail/aliases: 26 aliases, longest 25 
bytes, 308 bytes total
Sep 27 14:05:31 mercur sendmail[350973]: alias database /etc/mail/aliases rebuilt by 
janos
Sep 27 14:05:31 mercur sendmail[350973]: /etc/mail/aliases: 26 aliases, longest 25 
bytes, 308 bytes total
Sep 27 14:05:31 mercur sendmail[350983]: starting daemon (8.12.10): [EMAIL 
PROTECTED]:15:00
Sep 27 14:05:31 mercur sendmail[350983]: STARTTLS=server, Diffie-Hellman init, key=512 
bit (1)
Sep 27 14:05:31 mercur sendmail[350983]: STARTTLS=server, init=1
Sep 27 14:05:31 mercur sendmail[350983]: started as: /usr/local/sbin/sendmail -bd 
-q15m -om
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# openssl s_client -connect localhost:smtp -msg -debug -CAfile cacert.pem -cert 
public_mercur.pem -key private_mercur.pem
CONNECTED(00000003)
write to 4005D100 [140062000] (148 bytes => 148 (0x94))
0000 - 80 92 01 03 01 00 69 00-00 00 20 00 00 39 00 00   ......i... ...9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0   8..5............
0020 - 00 00 33 00 00 32 00 00-2f 00 00 07 05 00 80 03   ...3..2../.......
0030 - 00 80 00 00 66 00 00 05-00 00 04 01 00 80 08 00   .....f...........
0040 - 80 00 00 63 00 00 62 00-00 61 00 00 15 00 00 12   ....c..b..a......
0050 - 00 00 09 06 00 40 00 00-65 00 00 64 00 00 60 00   [EMAIL PROTECTED]
0060 - 00 14 00 00 11 00 00 08-00 00 06 04 00 80 00 00   .................
0070 - 03 02 00 80 cb d1 0a 29-7f ff d7 35 e3 2a 68 4f   ........)...5.*hO
0080 - 73 0c 7a d9 39 ef 17 88-11 e8 44 30 9d d5 8e ca   s.z.9.....D0....
0090 - 22 d0 f0 1e                                       "...
>>> SSL 2.0 [length 0092], CLIENT-HELLO
    01 03 01 00 69 00 00 00 20 00 00 39 00 00 38 00
    00 35 00 00 16 00 00 13 00 00 0a 07 00 c0 00 00
    33 00 00 32 00 00 2f 00 00 07 05 00 80 03 00 80
    00 00 66 00 00 05 00 00 04 01 00 80 08 00 80 00
    00 63 00 00 62 00 00 61 00 00 15 00 00 12 00 00
    09 06 00 40 00 00 65 00 00 64 00 00 60 00 00 14
    00 00 11 00 00 08 00 00 06 04 00 80 00 00 03 02
    00 80 cb d1 0a 29 7f ff d7 35 e3 2a 68 4f 73 0c
    7a d9 39 ef 17 88 11 e8 44 30 9d d5 8e ca 22 d0
    f0 1e
read from 4005D100 [140067560] (7 bytes => 7 (0x7))
0000 - 32 32 30 20 6d 65 72                              220 mer
351056:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown 
protocol:s23_clnt.c:475:
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# openssl s_client -connect localhost:smtp -msg -debug -CAfile cacert.pem -cert 
public_mercur.pem -key private_mercur.pem -tls1
CONNECTED(00000003)
write to 4005D100 [14006BD80] (102 bytes => 102 (0x66))
0000 - 16 03 01 00 61 01 00 00-5d 03 01 41 58 05 a7 40   .....a...]..AX..@
0010 - 21 25 f2 b3 20 35 0b e4-c9 18 d5 4b b3 fe 3d 8b   !%.. 5.....K..=.
0020 - 3f af 35 0d 0a 51 36 00-00 00 00 00 00 36 00 39   ?.5..Q6......6.9
0030 - 00 38 00 35 00 16 00 13-00 0a 00 33 00 32 00 2f   ..8.5.......3.2./
0040 - 00 07 00 66 00 05 00 04-00 63 00 62 00 61 00 15   ....f.....c.b.a..
0050 - 00 12 00 09 00 65 00 64-00 60 00 14 00 11 00 08   ......e.d.`......
0060 - 00 06 00 03 01                                    .....
0066 - <SPACES/NULS>
>>> TLS 1.0 Handshake [length 0061], ClientHello
    01 00 00 5d 03 01 41 58 05 a7 40 21 25 f2 b3 20
    35 0b e4 c9 18 d5 4b b3 fe 3d 8b 3f af 35 0d 0a
    51 36 00 00 00 00 00 00 36 00 39 00 38 00 35 00
    16 00 13 00 0a 00 33 00 32 00 2f 00 07 00 66 00
    05 00 04 00 63 00 62 00 61 00 15 00 12 00 09 00
    65 00 64 00 60 00 14 00 11 00 08 00 06 00 03 01
    00
read from 4005D100 [140067560] (5 bytes => 5 (0x5))
0000 - 32 32 30 20 6d                                    220 m
write to 4005D100 [140060C00] (7 bytes => 7 (0x7))
0000 - 15 32 30 00 02 02 46                              .20...F
>>> ??? [length 0002]
    02 46
351072:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:286:

With -ssl3 the result is the same.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# openssl s_client -connect localhost:smtp -msg -debug -starttls smtp -CAfile 
cacert.pem -cert public_mercur.pem -key private_mercur.pem -tls1
CONNECTED(00000003)
read from 4005D100 [140052800] (8192 bytes => 113 (0x71))
0000 - 32 32 30 20 6d 65 72 63-75 72 2e 77 65 73 74 65   220 mercur.weste
0010 - 6c 39 30 30 2e 68 75 20-45 53 4d 54 50 20 53 65   l900.hu ESMTP Se
0020 - 6e 64 6d 61 69 6c 20 38-2e 31 32 2e 31 30 2f 38   ndmail 8.12.10/8
0030 - 2e 31 32 2e 31 30 2f 54-2d 4d 6f 62 69 6c 65 20   .12.10/T-Mobile
0040 - 48 75 6e 67 61 72 79 3b-20 54 75 65 2c 20 32 38   Hungary; Tue, 28
0050 - 20 53 65 70 20 32 30 30-34 20 31 31 3a 30 31 3a    Sep 2004 11:01:
0060 - 35 34 20 2b 30 32 30 30-20 28 43 45 53 54 29 0d   54 +0200 (CEST).
0070 - 0a                                                .
write to 4005D100 [11FFFAD68] (10 bytes => 10 (0xA))
0000 - 53 54 41 52 54 54 4c 53-0d 0a                     STARTTLS..
read from 4005D100 [140050000] (8192 bytes => 30 (0x1E))
0000 - 32 32 30 20 32 2e 30 2e-30 20 52 65 61 64 79 20   220 2.0.0 Ready
0010 - 74 6f 20 73 74 61 72 74-20 54 4c 53 0d 0a         to start TLS..
write to 4005D100 [14006BD80] (102 bytes => 102 (0x66))
0000 - 16 03 01 00 61 01 00 00-5d 03 01 41 59 28 82 ab   .....a...]..AY(..
0010 - 8b 84 5a d9 1e 90 6f 03-c4 37 9e 67 70 ed 0b 58   ...Z...o..7.gp..X
0020 - ff af 74 95 d2 8f eb 00-00 00 00 00 00 36 00 39   ...t..........6.9
0030 - 00 38 00 35 00 16 00 13-00 0a 00 33 00 32 00 2f   ..8.5.......3.2./
0040 - 00 07 00 66 00 05 00 04-00 63 00 62 00 61 00 15   ....f.....c.b.a..
0050 - 00 12 00 09 00 65 00 64-00 60 00 14 00 11 00 08   ......e.d.`......
0060 - 00 06 00 03 01                                    .....
0066 - <SPACES/NULS>
>>> TLS 1.0 Handshake [length 0061], ClientHello
    01 00 00 5d 03 01 41 59 28 82 ab 8b 84 5a d9 1e
    90 6f 03 c4 37 9e 67 70 ed 0b 58 ff af 74 95 d2
    8f eb 00 00 00 00 00 00 36 00 39 00 38 00 35 00
    16 00 13 00 0a 00 33 00 32 00 2f 00 07 00 66 00
    05 00 04 00 63 00 62 00 61 00 15 00 12 00 09 00
    65 00 64 00 60 00 14 00 11 00 08 00 06 00 03 01
    00
read from 4005D100 [140067560] (5 bytes => 0 (0x0))
356446:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:529:
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I think my certification files are right, because when I connect to an opennsl smtp 
server instead of sendmail, everything is fine.

Thanks in advance:
Janos Losonczi
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

unknown protocol, wrong version number, handshake failure

Reply via email to