Re: TLS handshake fails ("SSL_accept:error in error") for server->server connection (smtp submit dovecot->postfix) if /etc/pki/tls/openssl.cnf "Options=" includes 'ServerPreference' ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Sep 24, 2020 at 08:30:35PM -0700, PGNet Dev wrote:

> for this instance with
> 
> 	dovecot --version
> 		2.3.10.1 (a3d0e1171)
> 	postconf mail_version
> 		mail_version = 3.5.7
> 	openssl version
> 		OpenSSL 1.1.1g FIPS  21 Apr 2020
> 
> 	dovecot submission port == 60465
> 	postfix submission port == 465
> 	

Well, the connection to port 60465 begins with a client TLS HELLO, and
then a successful TLS 1.3 handshake takes place.

For the connection to 465, the client connects, and just sends
"QUIT<CRLF>", which isn't exactly a TLS HELLO.  Is that really the
session you intended to capture.  It is not surprising that the server
is "unimpressed" with the client's TLS protocol version.  It is
surprising that the client sent "QUIT<CRLF>" only .14 seconds after SYN,
since if it expected to do SMTP STARTLS, it would typically wait for the
server greeting for more than a fraction of a second.

-- 
    Viktor.



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux