Viktor Dukhovni:
> On Thu, Apr 12, 2012 at 02:59:05PM +0200, Ralf Hildebrandt wrote:
>
> > * Wietse Venema <wie...@porcupine.org>:
> > > "openssl s_client" sessions fail identically with 77.43.17.211
> > > and 81.252.237.162.
> > >
> > > % openssl s_client -starttls smtp -connect 77.43.17.211:25
> > > ...
> > > 250 OK
> > > ehlo spike.porcupine.org
> > >
>
> My results are different, perhaps they've already fixed something ...
>
> $ /usr/sbin/sendmail -f post...@dukhovni.org -bv postmaster@[82.135.27.153]
...
> Note that the cipher is RC4-MD5 (more typical of Windows), not 3DES
> (which had a history of issues on older Windows systems, perhaps
> never addressed). I don't know why the system in question would have
> in Ralf's case agreed to 3DES, rather than RC4-MD5.
openssl s_client uses RC4-MD5 here, and still hangs after ehlo.
This is "OpenSSL 0.9.8q 2 Dec 2010" on FreeBSD. I don't use SSL
on this machine so I don't care if the implementation is old.
Wietse
% openssl s_client -starttls smtp -connect 77.43.17.211:25
depth=1 /C=US/O=GeoTrust, Inc./CN=RapidSSL CA
verify error:num=20:unable to get local issuer certificate
verify return:0
CONNECTED(00000003)
---
Certificate chain
0
s:/serialNumber=XGTbH8gT6gIJRZsE/Y/zjnPUd1lsJgqj/C=IT/O=*.seronosymposia.org/OU=GT20020846/OU=See
www.rapidssl.com/resources/cps (c)11/OU=Domain Control Validated -
RapidSSL(R)/CN=*.seronosymposia.org
i:/C=US/O=GeoTrust, Inc./CN=RapidSSL CA
1 s:/C=US/O=GeoTrust, Inc./CN=RapidSSL CA
i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEbTCCA1WgAwIBAgIDAa7oMA0GCSqGSIb3DQEBBQUAMDwxCzAJBgNVBAYTAlVT
MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEUMBIGA1UEAxMLUmFwaWRTU0wgQ0Ew
HhcNMTEwNTExMDk1MzI5WhcNMTIwODEyMDM1NjQ4WjCB7zEpMCcGA1UEBRMgWEdU
Ykg4Z1Q2Z0lKUlpzRS9ZL3pqblBVZDFsc0pncWoxCzAJBgNVBAYTAklUMR0wGwYD
VQQKDBQqLnNlcm9ub3N5bXBvc2lhLm9yZzETMBEGA1UECxMKR1QyMDAyMDg0NjEx
MC8GA1UECxMoU2VlIHd3dy5yYXBpZHNzbC5jb20vcmVzb3VyY2VzL2NwcyAoYykx
MTEvMC0GA1UECxMmRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkIC0gUmFwaWRTU0wo
UikxHTAbBgNVBAMMFCouc2Vyb25vc3ltcG9zaWEub3JnMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQCvGPCsC4IzFhrXK63hXLN1SdbjaAckbpMpSotMt2jUrbWB
P60ePYk7C4Y9pM9kLpg55oS1Ka32gn1Uk/fPSTFxGcbyO+Wlev9py/mq+98aihlf
7ibv22R1NYVhut//NNJPFxKdYM1U4jQuTMP2w+Gdnaupw54VxumoCPGaTp7dewID
AQABo4IBRjCCAUIwHwYDVR0jBBgwFoAUa2k9ahhCSt2PAmU5/TUkhniRFjAwDgYD
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAzBgNV
HREELDAqghQqLnNlcm9ub3N5bXBvc2lhLm9yZ4ISc2Vyb25vc3ltcG9zaWEub3Jn
MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9yYXBpZHNzbC1jcmwuZ2VvdHJ1c3Qu
Y29tL2NybHMvcmFwaWRzc2wuY3JsMB0GA1UdDgQWBBSnC7Dsz/C5kOUKrlgr1Uxa
OQbVTDAMBgNVHRMBAf8EAjAAMEkGCCsGAQUFBwEBBD0wOzA5BggrBgEFBQcwAoYt
aHR0cDovL3JhcGlkc3NsLWFpYS5nZW90cnVzdC5jb20vcmFwaWRzc2wuY3J0MA0G
CSqGSIb3DQEBBQUAA4IBAQCopW1tFMdiahh5nO3jkcW57RjFEf+PKjwsCrza+IrJ
H3Ahn9ZzZhDPph7tFm2UnnpLDtR05nlLfSocgAnhqp2PwCR8BVs3ixGC4YkOC9Ep
Rm51YtNIWuH8VIfUr2b5g7l+saqtx36B5ttIQtxd7zxAy07U2lQ/8Utll73Hads8
E0OiSOuxo14uU54I1Dc4DV7NZqg+c64YeP6Z4634BH4hIKhDIaUqmBRmr5X5qzFM
hZhBlYLyb5zL6EX36BO6OXAuYIS+gcbBGVr7251Tw+3NWzuBzDLBNcaCBofQhJF9
U+dS31gos2orKYzaI6+2oqnMsVxhmNdIAI9Vt75OE6Qw
-----END CERTIFICATE-----
subject=/serialNumber=XGTbH8gT6gIJRZsE/Y/zjnPUd1lsJgqj/C=IT/O=*.seronosymposia.org/OU=GT20020846/OU=See
www.rapidssl.com/resources/cps (c)11/OU=Domain Control Validated -
RapidSSL(R)/CN=*.seronosymposia.org
issuer=/C=US/O=GeoTrust, Inc./CN=RapidSSL CA
---
No client certificate CA names sent
---
SSL handshake has read 2771 bytes and written 356 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID: 571600004D20C6C28B990D92E265F59B76E98A94AF02C2D248946415E753DB63
Session-ID-ctx:
Master-Key:
1B0438D59E05BA2DEDB7C5070856FC879204207121FE346D2FD6B38A6436294889392F90E63D70AD7F8E981783F7CD70
Key-Arg : None
Start Time: 1334239673
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
250 OK
EHLO spike.porcupine.org
