Hi [2017-09-13 09:46] Bruno Pagani <[email protected]> > Le 13/09/2017 à 09:13, Niels Kobschätzki a écrit : > > > > RCPT TO: <[email protected]> > > RENEGOTIATING
The problem starts here, openssl s_client(1) hadle a 'R' at the begin of a line as a command to renegotiat the connection, to avoid this, you can use gnutls-cli or use a 'r' for 'rctp to'. > > 2383074270240:error:1400444C:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 > > alert no renegotiation:/usr/src/lib/libssl/ssl_pkt.c:1205:SSL alert > > number 100 > > 2383074270240:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl > > handshake failure:/usr/src/lib/libssl/ssl_pkt.c:585: > > > > If so I guess the answer here (from a SSL/TLS test): > > “The server supports a client-initiated secure renegotiation that may be > unsafe and allow Denial of Service attacks.” > > And your above log clearly state that there is renegotiation happening > and your SSL stack treats this as a fatal error, which I think is right. If I undetstand the soucre code correct, client renegotiation is disabled in smtpd. Probably for security reasons. satanist -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
