Re: STARTTLS problems

Thu, 12 Apr 2012 07:43:17 -0700 

Viktor Dukhovni:
> Which is not a hang after EHLO. These systems may not support consecutive
> EHLO commands, or may treat them as evidence of unwanted client behaviour.
> You may need to proceed to "MAIL" after EHLO to see whether they are really
> stuck.

It also hangs with MAIL and QUIT.

        Wietse

Script started on Thu Apr 12 10:39:52 2012

spike_1% openssl s_client -starttls smtp -connect 77.43.17.211:25
CONNECTED(00000003)
depth=1 /C=US/O=GeoTrust, Inc./CN=RapidSSL CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 
s:/serialNumber=XGTbH8gT6gIJRZsE/Y/zjnPUd1lsJgqj/C=IT/O=*.seronosymposia.org/OU=GT20020846/OU=See
 www.rapidssl.com/resources/cps (c)11/OU=Domain Control Validated - 
RapidSSL(R)/CN=*.seronosymposia.org
   i:/C=US/O=GeoTrust, Inc./CN=RapidSSL CA
 1 s:/C=US/O=GeoTrust, Inc./CN=RapidSSL CA
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEbTCCA1WgAwIBAgIDAa7oMA0GCSqGSIb3DQEBBQUAMDwxCzAJBgNVBAYTAlVT
MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEUMBIGA1UEAxMLUmFwaWRTU0wgQ0Ew
HhcNMTEwNTExMDk1MzI5WhcNMTIwODEyMDM1NjQ4WjCB7zEpMCcGA1UEBRMgWEdU
Ykg4Z1Q2Z0lKUlpzRS9ZL3pqblBVZDFsc0pncWoxCzAJBgNVBAYTAklUMR0wGwYD
VQQKDBQqLnNlcm9ub3N5bXBvc2lhLm9yZzETMBEGA1UECxMKR1QyMDAyMDg0NjEx
MC8GA1UECxMoU2VlIHd3dy5yYXBpZHNzbC5jb20vcmVzb3VyY2VzL2NwcyAoYykx
MTEvMC0GA1UECxMmRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkIC0gUmFwaWRTU0wo
UikxHTAbBgNVBAMMFCouc2Vyb25vc3ltcG9zaWEub3JnMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQCvGPCsC4IzFhrXK63hXLN1SdbjaAckbpMpSotMt2jUrbWB
P60ePYk7C4Y9pM9kLpg55oS1Ka32gn1Uk/fPSTFxGcbyO+Wlev9py/mq+98aihlf
7ibv22R1NYVhut//NNJPFxKdYM1U4jQuTMP2w+Gdnaupw54VxumoCPGaTp7dewID
AQABo4IBRjCCAUIwHwYDVR0jBBgwFoAUa2k9ahhCSt2PAmU5/TUkhniRFjAwDgYD
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAzBgNV
HREELDAqghQqLnNlcm9ub3N5bXBvc2lhLm9yZ4ISc2Vyb25vc3ltcG9zaWEub3Jn
MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9yYXBpZHNzbC1jcmwuZ2VvdHJ1c3Qu
Y29tL2NybHMvcmFwaWRzc2wuY3JsMB0GA1UdDgQWBBSnC7Dsz/C5kOUKrlgr1Uxa
OQbVTDAMBgNVHRMBAf8EAjAAMEkGCCsGAQUFBwEBBD0wOzA5BggrBgEFBQcwAoYt
aHR0cDovL3JhcGlkc3NsLWFpYS5nZW90cnVzdC5jb20vcmFwaWRzc2wuY3J0MA0G
CSqGSIb3DQEBBQUAA4IBAQCopW1tFMdiahh5nO3jkcW57RjFEf+PKjwsCrza+IrJ
H3Ahn9ZzZhDPph7tFm2UnnpLDtR05nlLfSocgAnhqp2PwCR8BVs3ixGC4YkOC9Ep
Rm51YtNIWuH8VIfUr2b5g7l+saqtx36B5ttIQtxd7zxAy07U2lQ/8Utll73Hads8
E0OiSOuxo14uU54I1Dc4DV7NZqg+c64YeP6Z4634BH4hIKhDIaUqmBRmr5X5qzFM
hZhBlYLyb5zL6EX36BO6OXAuYIS+gcbBGVr7251Tw+3NWzuBzDLBNcaCBofQhJF9
U+dS31gos2orKYzaI6+2oqnMsVxhmNdIAI9Vt75OE6Qw
-----END CERTIFICATE-----
subject=/serialNumber=XGTbH8gT6gIJRZsE/Y/zjnPUd1lsJgqj/C=IT/O=*.seronosymposia.org/OU=GT20020846/OU=See
 www.rapidssl.com/resources/cps (c)11/OU=Domain Control Validated - 
RapidSSL(R)/CN=*.seronosymposia.org
issuer=/C=US/O=GeoTrust, Inc./CN=RapidSSL CA
---
No client certificate CA names sent
---
SSL handshake has read 2771 bytes and written 356 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID: 2B1B000045CEFA0DC9D0EAEE6939896BBDBA45526F6BADDD192E20A7A06FAF06
    Session-ID-ctx: 
    Master-Key: 
C3348BD1FBD30654D8A825E4D4A3B24E13091A72A9F4F7B87F7F97C7C5D4F0A7D90A9A78BED58DDBD8C749A0CB01B15B
    Key-Arg   : None
    Start Time: 1334241599
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
250 OK
mail from:<wie...@porcupine.org>
^C
spike_2% openssl s_client -starttls smtp -connect 77.43.17.211:25
CONNECTED(00000003)
[...same text as above...]
250 OK
quit
^C
spike_3% exit
Script done on Thu Apr 12 10:40:26 2012

Reply via email to