On Fri, Sep 25, 2020 at 10:01:18AM -0700, PGNet Dev wrote:
> > Where's the recording of the successful transmission to port 465 (and
> > not say 587).
>
> you asked for a capture of the _failed_ transaction.
I had intended to ask for both, hard to compare otherwise. Good luck.
--
Viktor.
On 9/25/20 8:55 AM, Viktor Dukhovni wrote:
> Well, I expected you to post a working and non-workin trace for the
> *same* server endpoint, with the good and bad configuration.
>
> Secondly,
(snip)
> Where's the recording of the successful transmission to port 465 (and
> not say 587).
you asked
On Fri, Sep 25, 2020 at 07:36:44AM -0700, PGNet Dev wrote:
> > But that is clearly not the case, because you're testing different server
> > endpoints, with port
> > 60465 for the "working" case, and "465" for the non-working case.
>
> that's simply not the case
>
> as stated
>
> 60465 is
On 9/25/20 12:18 AM, Viktor Dukhovni wrote:
> On Thu, Sep 24, 2020 at 09:26:26PM -0700, PGNet Dev wrote:
> I must lodge a complaint on wasting my time here
seems your're done, then.
thx anyway.
> you intimated that just changing openssl.cnf makes the difference.
i didn't 'intimate'.
i stated
On Thu, Sep 24, 2020 at 09:26:26PM -0700, PGNet Dev wrote:
> > It is surprising that the client sent "QUIT" only .14 seconds after
> > SYN,
> > since if it expected to do SMTP STARTLS, it would typically wait for the
> > server greeting for more than a fraction of a second.
>
> So, iiuc, that's
On 9/24/20 9:13 PM, Viktor Dukhovni wrote:
> On Thu, Sep 24, 2020 at 08:30:35PM -0700, PGNet Dev wrote:
> Is that really the session you intended to capture.
Interestingly phrased!
The intention was to capture the tcp data 'thru' the failed event.
That^^ is the data streamed to console, with
On Thu, Sep 24, 2020 at 08:30:35PM -0700, PGNet Dev wrote:
> for this instance with
>
> dovecot --version
> 2.3.10.1 (a3d0e1171)
> postconf mail_version
> mail_version = 3.5.7
> openssl version
> OpenSSL 1.1.1g FIPS 21 Apr 2020
>
>
On 9/24/20 7:32 PM, Viktor Dukhovni wrote:
> On Thu, Sep 24, 2020 at 06:43:05PM -0700, PGNet Dev wrote:
>
>> Been awhile since I 'de-noised' a comms dump; I'll dust off my notes, & work
>> on getting a useful/relevant PCAP file ...
>
> # tcpdump -s0 -w /some/file tcp port 12345
thx, was
On Thu, Sep 24, 2020 at 06:43:05PM -0700, PGNet Dev wrote:
> Been awhile since I 'de-noised' a comms dump; I'll dust off my notes, & work
> on getting a useful/relevant PCAP file ...
# tcpdump -s0 -w /some/file tcp port 12345
^C
# tcpdump -r /some/file 'tcp[13] & 0x12 == 2'
On 9/24/20 5:51 PM, Viktor Dukhovni wrote:
>> again, the _only_ change between the two submissions is the addition of the
>> "ServerPreference" option to the openssl.cnf config.
>
> This looks like the protocol version is no longer TLS 1.3 as a result,
> and one side or the other now expects or
On Thu, Sep 24, 2020 at 07:43:04AM -0700, PGNet Dev wrote:
> > I'd be tempted to drop most if not all of those settings, they're not
> > email-friendly.
>
> PUBLIC email non-friendly, because of still-frequent old cipher/protocol
> implementations?
>
> or,
>
> inherently problematic with TLS
> I'd be tempted to drop most if not all of those settings, they're not
> email-friendly.
PUBLIC email non-friendly, because of still-frequent old cipher/protocol
implementations?
or,
inherently problematic with TLS in/onr SMTP?
in this case, there's nothing public ... both the dovecot and
On Wed, Sep 23, 2020 at 02:11:50PM -0700, PGNet Dev wrote:
> /etc/pki/tls/openssl.cnf
> openssl_conf = default_conf
>
> [default_conf]
> ssl_conf = ssl_sect
>
> [ssl_sect]
> system_default = system_default_sect
>
>
i've got two servers communicating over ssl.
comms between them work if
/etc/pki/tls/openssl.cnf
includes
Options = PrioritizeChaCha
but fail if 'ServerPreference'
(cref:
Undocumented openssl.cnf options and PrioritizeChaCha
14 matches
Mail list logo