>I tried various changes to (SSL_version)
- use a version 1.x.x of OpenSSL - the default security and cipher setup
has been changed from version 0.9.x to 1.x.x
- setup the default behavior of OpenSSL in the OpenSSL config file
- setup 'SSL_version'
- setup 'SSL_cipher_list'
if you need to setup some very special parameters on your
SSL-SMTP-Listeners use the 'SSLSMTPConfigure' callback configuration
notice: if the connecting Server uses a weak cipher, that is not supported
(rejected) by your OpenSSL setup, the handshake will fail - the same is
the case, if your cipher is too weak for the connecting server
Thomas
Von: "Mr. Courtney Creighton" <a...@dezignguy.com>
An: For Users of ASSP <assp-user@lists.sourceforge.net>,
Datum: 01.05.2014 12:55
Betreff: Re: [Assp-user] SSL errors from Amazon mailservers
Ok, did some more testing for this. It looks like my mail server expects
SSL only connections (such as port 465) to come all the way through as
an encrypted connection and the Network Setup connections behavior has
changed in the new ASSP version (v14068). So that's why I was also
having problems with secure port 465. My previous setup had worked fine
(sending everything to the listenPort), but when checking the changelog
again, I noticed that the Network Setup settings were changed in the new
version, and incoming SSL connections to the destination mailserver had
to be specified as SSL in the ASSP config.
Changing (smtpDestinationSSL) to use an SSL connection to the mailserver
seems to have resolved the new problems that came up with port 465 not
working, but I am still having trouble with Amazon's mail servers
sending with SSL. I tried various changes to (SSL_version) and using SSL
on (listenPort), but none of them really worked properly.
I am not quite sure how Amazon's mail servers are connecting to mine
that gets the SSL handshake error, but maybe it is related to how the
SSL connections are proxied/not proxied now, and being unexpected by my
mailserver, ie one side is speaking SSL and the other is speaking in
plain text. SSL and TLS work fine for me with other combinations of
ports, so I am not sure why it is happening with connections from Amazon
and another regional ISP. Amazon seems to try the SSL connection first,
and then when it fails, just switches to plain text SMTP so the email
does get delivered in the end.
I've configured debugging for SSL on those Amazon IP addresses now, so
perhaps that will get more information.
-C
Thomas Eckardt said the following on 5/1/2014 2:41 AM:
>> Is it possible that ASSP may be advertising ciphers or encryption
>> capabilities that it does not actually have
> I don't see any missing parameter in V2.
>
> Thomas
>
>
>
> Von: "Mr. Courtney Creighton" <a...@dezignguy.com>
> An: For Users of ASSP <assp-user@lists.sourceforge.net>,
> Datum: 30.04.2014 09:07
> Betreff: Re: [Assp-user] SSL errors from Amazon mailservers
>
>
>
> Yes, though the Redhat packages have newer security patches and fixes
> backported.
> I also note that RHEL5/CentOS5 is supported through Mar 31st, 2017.
>
> So do you think that this issue is indeed caused by the OpenSSL package?
>
> Is it possible that ASSP may be advertising ciphers or encryption
> capabilities that it does not actually have (because of the underlying
> OpenSSL package) and that is why Amazon's servers persist in trying to
> connect securely using a method that fails in the SSL handshake? Can the
> advertised information be changed in ASSP?
>
> -C
>
>
>
>
> Thomas Eckardt said the following on 4/29/2014 9:43 AM:
>>> OpenSSL is the default CentOS 5 RPM package, Version: 0.9.8e
>> This is very much too old!
>>
>> Thomas
>>
>>
>>
>> Von: "Mr. Courtney Creighton" <a...@dezignguy.com>
>> An: assp-user@lists.sourceforge.net,
>> Datum: 29.04.2014 10:42
>> Betreff: [Assp-user] SSL errors from Amazon mailservers
>>
>>
>>
>> Hi,
>> I recently upgraded from ASSPv2 2.4.1(14058) to 2.4.1(14097). After the
>> upgrade I started getting alot of these SSL errors from Amazon's
>> outgoing mailservers, for their various alerts and newsletter emails:
>>
>> error: Couldn't upgrade to TLS for client 54.240.15.40: SSL connect
> accept
>> failed because of handshake problems error:14094438:SSL
>> routines:SSL3_READ_BYTES:tlsv1 alert internal error
>>
>> It also seems that I am getting a higher volume of these types of
> errors:
>> error: Couldn't upgrade to TLS for client 66.27.79.33: SSL accept
> attempt
>> failed with unknown error error:140760FC:SSL
>> routines:SSL23_GET_CLIENT_HELLO:unknown protocol
>>
>> But as far as I can tell, they all seem to be "spammy" (dynamic
>> ISP/foreign) ips, so I'm not too concerned about them. Just providing
>> the info in case it is related.
>>
>> Currently running ASSP version 2.4.1(14097) (Perl 5.014003) (on linux -
>> Centos 5.10 64 bit)
>>
>> OpenSSL is the default CentOS 5 RPM package, Version: 0.9.8e Release:
>> 27.el5_10.1
>>
>>
>> If more information is still needed, I can try to grab an SSL debug
file
>> when Amazon sends me some more email.
>>
>> thanks,
>> -Court
>>
>>
>
------------------------------------------------------------------------------
>> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>> Instantly run your Selenium tests across 300+ browser/OS combos. Get
>> unparalleled scalability from the best Selenium testing platform
>> available.
>> Simple to use. Nothing to install. Get started now for free."
>> http://p.sf.net/sfu/SauceLabs
>> _______________________________________________
>> Assp-user mailing list
>> Assp-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/assp-user
>>
>>
>>
>>
>> DISCLAIMER:
>> *******************************************************
>> This email and any files transmitted with it may be confidential,
> legally
>> privileged and protected in law and are intended solely for the use of
> the
>> individual to whom it is addressed.
>> This email was multiple times scanned for viruses. There should be no
>> known virus in this email!
>> *******************************************************
>>
>>
>>
>>
>>
>
------------------------------------------------------------------------------
>> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>> Instantly run your Selenium tests across 300+ browser/OS combos. Get
>> unparalleled scalability from the best Selenium testing platform
> available.
>> Simple to use. Nothing to install. Get started now for free."
>> http://p.sf.net/sfu/SauceLabs
>>
>>
>> _______________________________________________
>> Assp-user mailing list
>> Assp-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/assp-user
>
------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos. Get
> unparalleled scalability from the best Selenium testing platform
> available.
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> Assp-user mailing list
> Assp-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential,
legally
> privileged and protected in law and are intended solely for the use of
the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
>
>
>
------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos. Get
> unparalleled scalability from the best Selenium testing platform
available.
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
>
>
> _______________________________________________
> Assp-user mailing list
> Assp-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-user
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform
available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
