On Tue, July 10, 2018 13:05, Fazzina, Angelo wrote:
> When you test connecting to your servers yourself do you get any
> errors ?
> Not sure if sslv3 is ok to see if using TLS ???
>
> Commands to try, just replace with your server name
> openssl s_client -connect mta5.uits.uconn.edu:465
> openssl s_client -starttls smtp -connect mta5.uits.uconn.edu:587
>
> openssl s_client -connect <yourname>:465
> openssl s_client -starttls smtp -connect <yourname>:587
>
I can connect to my services without difficulty:
# openssl s_client -starttls smtp -connect mx31.harte-lyne.ca:587
CONNECTED(00000003)
depth=2 CN = CA_HLL_ROOT_2016, ST = Ontario, O = Harte & Lyne Limited,
OU = Networked Data Services, C = CA, DC = harte-lyne, DC = ca, L =
Hamilton
verify return:1
depth=1 CN = CA_HLL_ISSUER_2016, OU = Networked Data Services, O =
Harte & Lyne Limited, L = Hamilton, ST = Ontario, C = CA, DC =
harte-lyne, DC = ca
verify return:1
depth=0 CN = mx31.harte-lyne.ca, OU = Networked Data Services, O =
Harte & Lyne Limited, L = Hamilton, ST = Ontario, C = CA, DC =
hamilton, DC = harte-lyne, DC = ca
verify return:1
---
Certificate chain
0 s:/CN=mx31.harte-lyne.ca/OU=Networked Data Services/O=Harte & Lyne
Limited/L=Hamilton/ST=Ontario/C=CA/DC=hamilton/DC=harte-lyne/DC=ca
i:/CN=CA_HLL_ISSUER_2016/OU=Networked Data Services/O=Harte & Lyne
Limited/L=Hamilton/ST=Ontario/C=CA/DC=harte-lyne/DC=ca
1 s:/CN=CA_HLL_ISSUER_2016/OU=Networked Data Services/O=Harte & Lyne
Limited/L=Hamilton/ST=Ontario/C=CA/DC=harte-lyne/DC=ca
i:/CN=CA_HLL_ROOT_2016/ST=Ontario/O=Harte & Lyne
Limited/OU=Networked Data
Services/C=CA/DC=harte-lyne/DC=ca/L=Hamilton
2 s:/CN=CA_HLL_ROOT_2016/ST=Ontario/O=Harte & Lyne
Limited/OU=Networked Data
Services/C=CA/DC=harte-lyne/DC=ca/L=Hamilton
i:/CN=CA_HLL_ROOT_2016/ST=Ontario/O=Harte & Lyne
Limited/OU=Networked Data
Services/C=CA/DC=harte-lyne/DC=ca/L=Hamilton
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIJnDCCB4SgAwIBAgIEIBYAPjANBgkqhkiG9w0BAQ0FADCBwDEbMBkGA1UEAxQS
. . .
-----END CERTIFICATE-----
subject=/CN=mx31.harte-lyne.ca/OU=Networked Data Services/O=Harte &
Lyne
Limited/L=Hamilton/ST=Ontario/C=CA/DC=hamilton/DC=harte-lyne/DC=ca
issuer=/CN=CA_HLL_ISSUER_2016/OU=Networked Data Services/O=Harte &
Lyne Limited/L=Hamilton/ST=Ontario/C=CA/DC=harte-lyne/DC=ca
---
Acceptable client certificate CA names
. . .
/CN=CA_HLL_ISSUER_2016/OU=Networked Data Services/O=Harte & Lyne
Limited/L=Hamilton/ST=Ontario/C=CA/DC=harte-lyne/DC=ca
/CN=CA_HLL_ROOT_2016/ST=Ontario/O=Harte & Lyne Limited/OU=Networked
Data Services/C=CA/DC=harte-lyne/DC=ca/L=Hamilton
/CN=CA HLL ISSUER 01/OU=Networked Data Services/O=Harte & Lyne
Limited/C=CA/ST=Ontario/L=Hamilton/DC=harte-lyne.ca
/CN=CA HLL ROOT/OU=Networked Data Services/O=Harte & Lyne
Limited/C=CA/ST=Ontario/L=Hamilton/DC=harte-lyne.ca
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms:
RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms:
RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 25642 bytes and written 480 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID:
050E0927F6972668834B7CF1128CD09652D2E3A0771F54D01506765C7007C0E9
Session-ID-ctx:
Master-Key:
EF2B819F9492D5C8B8E4728907EF383CC59404A2A935A654A7995D6863A9887BA0CF348D3253CBE154792D24EAC11C23
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 96 a3 78 b8 f9 08 0d d8-d6 d1 67 0a 25 dd 69 fb . . .
Start Time: 1531246713
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
250 SMTPUTF8
QUIT
DONE
[root@inet18 ~]# openssl s_client -starttls smtp -connect
mx32.harte-lyne.ca:587
CONNECTED(00000003)
depth=2 CN = CA_HLL_ROOT_2016, ST = Ontario, O = Harte & Lyne Limited,
OU = Networked Data Services, C = CA, DC = harte-lyne, DC = ca, L =
Hamilton
verify return:1
depth=1 CN = CA_HLL_ISSUER_2016, OU = Networked Data Services, O =
Harte & Lyne Limited, L = Hamilton, ST = Ontario, C = CA, DC =
harte-lyne, DC = ca
verify return:1
depth=0 CN = mx32.harte-lyne.ca, OU = Networked Data Systems, O =
Harte & Lyne Limited, L = Hamilton, ST = Ontario, C = CA, DC =
hamilton, DC = harte-lyne, DC = ca
verify return:1
---
Certificate chain
0 s:/CN=mx32.harte-lyne.ca/OU=Networked Data Systems/O=Harte & Lyne
Limited/L=Hamilton/ST=Ontario/C=CA/DC=hamilton/DC=harte-lyne/DC=ca
i:/CN=CA_HLL_ISSUER_2016/OU=Networked Data Services/O=Harte & Lyne
Limited/L=Hamilton/ST=Ontario/C=CA/DC=harte-lyne/DC=ca
1 s:/CN=CA_HLL_ISSUER_2016/OU=Networked Data Services/O=Harte & Lyne
Limited/L=Hamilton/ST=Ontario/C=CA/DC=harte-lyne/DC=ca
i:/CN=CA_HLL_ROOT_2016/ST=Ontario/O=Harte & Lyne
Limited/OU=Networked Data
Services/C=CA/DC=harte-lyne/DC=ca/L=Hamilton
2 s:/CN=CA_HLL_ROOT_2016/ST=Ontario/O=Harte & Lyne
Limited/OU=Networked Data
Services/C=CA/DC=harte-lyne/DC=ca/L=Hamilton
i:/CN=CA_HLL_ROOT_2016/ST=Ontario/O=Harte & Lyne
Limited/OU=Networked Data
Services/C=CA/DC=harte-lyne/DC=ca/L=Hamilton
---
Server certificate
-----BEGIN CERTIFICATE-----
. . .
Start Time: 1531246902
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
250 SMTPUTF8
QUIT
DONE
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:byrn...@harte-lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
