> openssl s_client \ > -verify +9 \ > -verify_return_error \ > -verifyCAfile /srv/ssl/myCA.CHAIN.crt \ > -verify_hostname internal.mx1-dev.example.com \ > -crlf \ > -4 \ > -showcerts \ > -bind 172.30.11.49 \ > -connect mx1-dev.example.com:41993 \ > -cert /srv/ssl/roundcube.example.com.client.EC.crt \ > -key /srv/ssl/roundcube.example.com.client.EC.key \ > -CAfile /srv/ssl/myCA.CHAIN.crt \ > -cipher ECDHE \ > -ciphersuites "TLS_CHACHA20_POLY1305_SHA256" \ > -min_protocol TLSv1.2 and, yes ... i note my silly typos. copy and paste from another setup :-( for this post, that^^ should be ~ openssl s_client \ -verify +9 \ -verify_return_error \ -verifyCAfile /srv/ssl/myCA.CHAIN.crt \ -verify_hostname internal.example.com \ -crlf \ -4 \ -showcerts \ -bind 10.1.1.50 \ -connect example.com:993 \ -cert /srv/ssl/mail.client.EC.crt \ -key /srv/ssl/mail.client.EC.key \ -CAfile /srv/ssl/myCA.CHAIN.crt \ -cipher ECDHE \ -ciphersuites "TLS_CHACHA20_POLY1305_SHA256" \ -min_protocol TLSv1.2 i.e., it _is_ consistent usage in the example.
