* Viktor Dukhovni <postfix-users@postfix.org>: > On Wed, May 08, 2013 at 03:54:35PM +0000, Viktor Dukhovni wrote: > > > Can you reproduce this with: > > > > openssl s_client \ > > -cipher $(postconf -xh tls_export_cipher_list) \ > > -sslv2 \ > > -starttls smtp -connect mail.vex.net:25 > > Sorry that should be "tls_export_cipherlist" not "tls_export_cipher_list".
Retrying: # openssl s_client -cipher aNULL:-aNULL:ALL:+RC4:@STRENGTH -ssl2 -starttls smtp -connect mail.vex.net:25 CONNECTED(00000003) depth=0 /OU=Domain Control Validated/OU=Hosted by Tucows/OU=COMODO SSL Wildcard/CN=*.vex.net verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /OU=Domain Control Validated/OU=Hosted by Tucows/OU=COMODO SSL Wildcard/CN=*.vex.net verify error:num=27:certificate not trusted verify return:1 depth=0 /OU=Domain Control Validated/OU=Hosted by Tucows/OU=COMODO SSL Wildcard/CN=*.vex.net verify error:num=21:unable to verify the first certificate verify return:1 --- Server certificate -----BEGIN CERTIFICATE----- MIIGAzCCBOugAwIBAgIRALqlwWNku18YUKtc1pSBvNEwDQYJKoZIhvcNAQEFBQAw cDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxFjAUBgNV BAMTDUNPTU9ETyBTU0wgQ0EwHhcNMTMwMjAyMDAwMDAwWhcNMTQwMjAyMjM1OTU5 WjBwMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGTAXBgNVBAsT EEhvc3RlZCBieSBUdWNvd3MxHDAaBgNVBAsTE0NPTU9ETyBTU0wgV2lsZGNhcmQx EjAQBgNVBAMUCSoudmV4Lm5ldDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC ggIBAJ29UxZ6vq564T+Wg8JedELXh5Tdry8FArPL95u/lWUwpw742WrVBWVKoix9 stVHGw0QD7Q+MtS7fG5Qo6tA+6sEgmQU5Rgt2NLMorSAKvepOi9eAd4JJH5GSj8p 3Bzdt0afxBTE72zny1UlQak9ElK1wsheaTwJ2ZToAeOFLHbdaTO5k6oPuSQ96V8R u1kzafht07yj9eThrAZKKH+FV6c9kdfkBMnBvUZ/W7PMfoe2bZiOKLiYHux+rOLX mMKG+fLechs77dhmxR+rpigezIeTR4YEBTzfzHOntiVl5W1ck/QlnektLMHEmHwu RIJ/ht2yVWU/JBXoDxdh+S4VMvazrNYSKP+0lsmIVQh9fh43zaS1f4h98/Rwzl6R m1FOtg6p1tnj5iBRSqoxacsxhWVNkp+EVOdSqMENAtttxl0i95dPpnx3OHc+isw9 Z/JCqbwS/QckvtUk0QQXtpip+yoQvdS7310GIQKKyHFH0sLtph8HaFAAwHFNjJJB RWPyM+Cnueqdtg+/faZnN6HtRLPGyDsdvC+JM8fSUsWQJPH+hRXpIqI5t0EcSn/c E19Ewohx2VEArivoEcY8TUAlAH6Jacb/Zn5ace8eqWOQCllezG2gQURVogTZfOEm VBMQlRk7Bk12D4EeKvfDybxp9Po3Z1yFcpmnEpJILqTzbEj1AgMBAAGjggGWMIIB kjAfBgNVHSMEGDAWgBQba70fikkYlFQ3VbQgF+03uXcYfTAdBgNVHQ4EFgQUqwy5 k8xmppHGwlieqqVgsGHF1aUwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAw HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCME8GA1UdIARIMEYwOgYLKwYB BAGyMQECAgcwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv bS9DUFMwCAYGZ4EMAQIBMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuY29t b2RvY2EuY29tL0NPTU9ET1NTTENBLmNybDBpBggrBgEFBQcBAQRdMFswMwYIKwYB BQUHMAKGJ2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1NTTENBLmNydDAk BggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMB0GA1UdEQQWMBSC CSoudmV4Lm5ldIIHdmV4Lm5ldDANBgkqhkiG9w0BAQUFAAOCAQEAIhLA2Q8JbnzH R5nPZh/Q0GLr0JIrRXm9YtXr26vX38wIIpogAxlcbkWKIq+Q2mBICxTx0pG813R3 2JHKBjAG/WFKOTnXNyuf/90+yLjH+pv8rzxcClq20ufqw7GOpk7+/FTAAoGSanOc EW0eUVd9Ur1xVgcqzLlGvORxif9WO/jdvNhd/k0ge9mGbdmcdWDsQLwFldYOj8dW fUtpBdPq3zZzNg9OZ9SGVkxfpofJHR02Ipe2IGS53RBs6k8DcCQoR8i31fcUHSEj 1w4CtGl4HDeSEy5yjiFZGVWyhFG7rmT0ZFLyG5KDG1VzGjbuKzb0g8NqCHILQ4Wa +tLcmRTzLQ== -----END CERTIFICATE----- subject=/OU=Domain Control Validated/OU=Hosted by Tucows/OU=COMODO SSL Wildcard/CN=*.vex.net issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO SSL CA --- No client certificate CA names sent --- Ciphers common between both SSL endpoints: RC4-MD5 EXP-RC4-MD5 RC2-CBC-MD5 EXP-RC2-CBC-MD5 DES-CBC-MD5 DES-CBC3-MD5 --- SSL handshake has read 1918 bytes and written 655 bytes --- New, SSLv2, Cipher is DES-CBC3-MD5 Server public key is 4096 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv2 Cipher : DES-CBC3-MD5 Session-ID: 53740A778E774C578C399F7052BE9E76 Session-ID-ctx: Master-Key: 75BD124A3DB9EB2C1A33360C48CAA9EB9B9AE8B609B593D6 Key-Arg : C7C09B33B14F47F8 Start Time: 1368120312 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- 250 DSN QUIT DONE -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
