Re: openssl failed to connect to MS Exchange Server (Office365) on RHEL 7.x

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Your transcript below seems to show a successful connection to Microsoft's
cloud mail, then Microsoft rejecting the password and closing the connection.
You are not connecting to your own Exchange server, but to a central Microsoft service that also handles their consumer mail accounts (hotmail.com, live.com, outlook.com etc.).  This service load balances connections between many servers 
which cab give different results for each try.

On 10/05/2019 17:01, Chandu Gangireddy wrote:

Dear OpenSSL Users,
At my corporate environment, I'm experience a challenge to use openssl s_client utility. I really appreciate if someone can help me narrow down the issue. 

Here the details -

Platform: RHEL 7.x
*Openssl version:*
OpenSSL 1.0.2k-fips  26 Jan 2017
built on: reproducible build, date unspecified
platform: linux-x86_64
options:  bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM 
OPENSSLDIR: "/etc/pki/tls"
engines:  rdrand dynamic
Command tried to tes the connectivity between my Linux client server to remote office 365 exchange server using POP3 port -
$ openssl s_client -crlf -connect outlook.office365.com:995 <http://outlook.office365.com:995> 
...
...
subject=/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=outlook.com <http://outlook.com> 
issuer=/C=US/O=DigiCert Inc/CN=DigiCert Cloud Services CA-1
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3952 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 072F0000FFDC6177DE9CAB2B59EA06E486A25AD8A2882A9B82F16678BAD74E79 
    Session-ID-ctx:
    Master-Key: DD7B59F38867FEAB9656B519FBCD743158E528C63FF9A96CE758120424159F26967F9F6FE57A9B5E7CAD806798322278 
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1557500061
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
+OK The Microsoft Exchange POP3 service is ready. [QgBOADYAUABSADEANABDAEEAMAAwADQAMgAuAG4AYQBtAHAAcgBkADEANAAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A] 
*USER netcool2@xxxxxxx <mailto:netcool2@xxxxxxx>*
*+OK*
*PASS XXXXXXXX*
*-ERR Logon failure: unknown user name or bad password.*
*quit*
*+OK Microsoft Exchange Server POP3 server signing off.*
*read:errno=0*

Operating System:
Red Hat Enterprise Linux Server release 7.2 (Maipo)
When I did the same from a different server, it worked as expected. Following are the two difference which I noticed between a working server and non-working server. 
*
*
*Working server details:*
1. Red Hat Enterprise Linux Server release 6.9 (Santiago)
2. openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Mon Jan 30 07:47:24 EST 2017
platform: linux-x86_64
options:  bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM 
OPENSSLDIR: "/etc/pki/tls"
engines:  dynamic

Please let me know if you need any further details from my end.

Thanks, in advance.
Chandu



--
Jakob Bohm, CIO, partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Soborg, Denmark. direct: +45 31 13 16 10 <call:+4531131610> 
This message is only for its intended recipient, delete if misaddressed.
WiseMo - Remote Service Management for PCs, Phones and Embedded
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux