Bonjour,
Je suis entrain de travailler sur le support TLS pour postfix sur un
syst�me (Debian-Sarge).
J'ai cr�er une autorit� de certification racine auto-sign�, puis le
certificat pour postfix valid� et sign� par le CA. Tout semble
parfaitement fonctionn�... le client de messagerie (outlook) indique
simplement lors de la premi�re requ�te que le serveur est en mode
s�curis� mais que le certificat n'a pas �t� valid� par une autorit�
reconnue... Il suffit d'accepter le certificat pour que le client le
prenne en compte les prochaine fois...rien l� d'extraordinaire... sinon
qu'au niveau du log /var/mail/mail.info ... apparaissent certaines
erreurs au cours de chaque transaction entre client et le serveur ....
que je ne m'explique pas!!! Est-ce li� au CA auto-sign�? o� autre
chose? Quel est la solution pour que ce soit clean...
Voici le log (extrait) en question:
setting up TLS connection from unknown[10.0.1.2]
Jan 15 22:22:08 Orpheus postfix/smtpd[938]: SSL_accept:before/accept
initialization
Jan 15 22:22:08 Orpheus postfix/smtpd[938]: read from 100703E8
[1007C568] (11 bytes => -1 (0xFFFFFFFF))
Jan 15 22:22:08 Orpheus postfix/smtpd[938]: SSL_accept:error in
SSLv2/v3 read client hello A
Jan 15 22:22:08 Orpheus postfix/smtpd[938]: read from 100703E8
[1007C568] (11 bytes => 11 (0xB))
Jan 15 22:22:08 Orpheus postfix/smtpd[938]: 0000 16 03 01 00 57 01 00
00|53 03 01 ....W... S..
Jan 15 22:22:08 Orpheus postfix/smtpd[938]: read from 100703E8
[1007C573] (81 bytes => -1 (0xFFFFFFFF))
Jan 15 22:22:08 Orpheus postfix/smtpd[938]: SSL_accept:error in SSLv3
read client hello B
Jan 15 22:22:08 Orpheus postfix/smtpd[938]: SSL_accept:error in SSLv3
read client hello B
Jan 15 22:22:08 Orpheus postfix/smtpd[938]: read from 100703E8
[1007C573] (81 bytes => 81 (0x51))
Jan 15 22:22:08 Orpheus postfix/smtpd[938]: 0000 41 e9 89 7f e4 ca ae
ec|30 fe 11 08 17 af 01 5a A....... 0......Z
Jan 15 22:22:08 Orpheus postfix/smtpd[938]: 0010 1b 9f 5b 35 0f cf d7
96|74 3b fd 39 a3 b8 c0 dc ..[5.... t;.9....
Jan 15 22:22:08 Orpheus postfix/smtpd[938]: 0020 00 00 2c 00 05 00 04
00|0a ff 83 00 09 ff 82 00 ..,..... ........
Jan 15 22:22:08 Orpheus postfix/smtpd[938]: 0030 03 00 08 00 06 ff 80
00|01 00 16 00 15 00 14 00 ........ ........
Jan 15 22:22:08 Orpheus postfix/smtpd[938]: 0040 13 00 12 00 11 00 18
00|1b 00 1a 00 17 00 19 01 ........ ........
Jan 15 22:22:08 Orpheus postfix/smtpd[938]: 0051 - <SPACES/NULS>?
Jan 15 22:22:08 Orpheus postfix/smtpd[938]: SSL_accept:SSLv3 read
client hello B
Jan 15 22:22:08 Orpheus postfix/smtpd[938]: SSL_accept:SSLv3 write
server hello A
Jan 15 22:22:08 Orpheus postfix/smtpd[938]: SSL_accept:SSLv3 write
certificate A
Jan 15 22:22:08 Orpheus postfix/smtpd[938]: SSL_accept:SSLv3 write
server done A
Jan 15 22:22:08 Orpheus postfix/smtpd[938]: write to 100703E8
[10084D78] (820 bytes => 820 (0x334))
...
SSL_accept:SSLv3 flush data
Jan 15 22:22:08 Orpheus postfix/smtpd[938]: read from 100703E8
[1007C568] (5 bytes => -1 (0xFFFFFFFF))
Jan 15 22:22:08 Orpheus postfix/smtpd[938]: SSL_accept:error in SSLv3
read client certificate A
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: read from 100703E8
[1007C568] (5 bytes => 5 (0x5))
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: 0000 16 03 01 00 86
.....
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: read from 100703E8
[1007C56D] (134 bytes => -1 (0xFFFFFFFF))
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: SSL_accept:error in SSLv3
read client certificate A
...
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: SSL_accept:SSLv3 read
client key exchange A
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: read from 100703E8
[1007C568] (5 bytes => -1 (0xFFFFFFFF))
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: SSL_accept:error in SSLv3
read certificate verify A
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: read from 100703E8
[1007C568] (5 bytes => 5 (0x5))
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: 0000 14 03 01 00 01
.....
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: read from 100703E8
[1007C56D] (1 bytes => -1 (0xFFFFFFFF))
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: SSL_accept:error in SSLv3
read certificate verify A
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: read from 100703E8
[1007C56D] (1 bytes => 1 (0x1))
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: 0000 01 .
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: read from 100703E8
[1007C568] (5 bytes => -1 (0xFFFFFFFF))
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: SSL_accept:error in SSLv3
read certificate verify A
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: read from 100703E8
[1007C568] (5 bytes => 5 (0x5))
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: 0000 16 03 01 00 24
....$
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: read from 100703E8
[1007C56D] (36 bytes => -1 (0xFFFFFFFF))
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: SSL_accept:error in SSLv3
read certificate verify A
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: read from 100703E8
[1007C56D] (36 bytes => 36 (0x24))
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: 0000 5b 54 65 8f 76 24 84
93|70 76 dd d0 9c 80 84 6b [Te.v$.. pv.....k
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: 0010 7e fb 20 7d 65 5a 69
59|a3 7e 31 f6 72 7a 13 b9 ~. }eZiY .~1.rz..
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: 0020 33 2d ec be 3-..
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: SSL_accept:SSLv3 read
finished A
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: SSL_accept:SSLv3 write
change cipher spec A
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: SSL_accept:SSLv3 write
finished A
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: write to 100703E8
[10084D78] (47 bytes => 47 (0x2F))
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: 0000 14 03 01 00 01 01 16
03|01 00 24 2f 93 c9 67 b4 ........ ..$/..g.
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: 0010 c5 89 70 2f 4c a1 83
6b|3b 82 fc 0f 2a 5d bc b3 ..p/L..k ;...*]..
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: 0020 a6 ce 88 09 84 f4 48
59|db 69 cd 41 ec ab e0 ......HY .i.A...
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: SSL_accept:SSLv3 flush data
Jan 15 22:22:09 Orpheus postfix/smtpd[938]: TLS connection established
from unknown[10.0.1.2]: TLSv1 with cipher RC4-SHA (128/128 bits)
Merci
