Hello all, Trying to connect to an Exchange 2003 SP2 Virtual SMTP Server with s_client but get the following (OpenSSL 0.9.8g):
openssl s_client -connect mail.somehost.com:587 -state CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:error in SSLv2/v3 read server hello A 1520:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:583: openssl s_client -connect mail.somehost.com:587 -state -ssl2 CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2 write client hello A (cursor waiting) openssl s_client -connect mail.somehost.com:587 -state -ssl3 CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv3 write client hello A SSL3 alert write:fatal:handshake failure SSL_connect:error in SSLv3 read server hello A 1694:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284: openssl s_client -connect mail.somehost.com:587 -state -starttls smtp CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A ***certificate *** ... SSL handshake has read 1022 bytes and written 335 bytes --- New, TLSv1/SSLv3, Cipher is RC4-MD5 Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-MD5 Session-ID: xxxxx ... Session-ID-ctx: Master-Key: xxxxx ... Key-Arg : None Start Time: 1247280228 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) The certificate on the Exchange Server was self-signed and was created through the IIS SelfCert tool. I thought perhaps the certificate wasn't trusted but it seems to be failing at the handshake phase; I double-checked by trying out Google's mail server (smtp.gmail.com) which supports SSL/TLS and while the certificate says it's untrusted, I still get a 250 OK, so I'm not thinking it's the certificate. Tried it on another box running 0.9.8a, same results. I'm definitely not ruling out a poorly-configured Exchange box -- I've gone through dozens of technet and web articles and everything *should* be working, but clearly it's not. Any ideas? I've been banging away at this for the last couple days and am at wit's end... any help greatly appreciated. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org