Hello everyone,since i've updated openssl to 1.0.0 (first "b-r1" and "c" after) version i'm unable to establish TLS connection to some mailservers - probably with older binaries of openssl. Below is telnet connection with starttls to mailserver.prestice-mesto.cz - Kerio Mailserver 6.0.10. I found out that with never version of Kerio Mailserver TLS works. But today some other machines didn't work with TLS.
Anyone with same problem? Thanks Jan Hejlaq ~ # openssl s_client -starttls smtp -tls1 -crlf -tlsextdebug -connect mailserver.prestice-mesto.cz:25
CONNECTED(00000003)depth=0 CN = mailserver.prestice-mesto.cz, O = M\C3\84\C2\9Bsto P\C3\85\C2\99e\C3\85\C2\A1tice, C = CZ
verify error:num=18:self signed certificate verify return:1depth=0 CN = mailserver.prestice-mesto.cz, O = M\C3\84\C2\9Bsto P\C3\85\C2\99e\C3\85\C2\A1tice, C = CZ
verify return:1119378694334120:error:14094406:SSL routines:SSL3_READ_BYTES:sslv3 alert decompression failure:s3_pkt.c:1193:SSL alert number 30 119378694334120:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:590:
--- Certificate chain0 s:/CN=mailserver.prestice-mesto.cz/O=M\xC4\x9Bsto P\xC5\x99e\xC5\xA1tice/C=CZ i:/CN=mailserver.prestice-mesto.cz/O=M\xC4\x9Bsto P\xC5\x99e\xC5\xA1tice/C=CZ
--- Server certificate -----BEGIN CERTIFICATE----- MIICFDCCAX2gAwIBAgIBADANBgkqhkiG9w0BAQQFADBQMSUwIwYDVQQDExxtYWls c2VydmVyLnByZXN0aWNlLW1lc3RvLmN6MRowGAYDVQQKFBFNxJtzdG8gUMWZZcWh dGljZTELMAkGA1UEBhMCQ1owHhcNMTAxMDIxMTIzODQ0WhcNMTExMDIxMTIzODQ0 WjBQMSUwIwYDVQQDExxtYWlsc2VydmVyLnByZXN0aWNlLW1lc3RvLmN6MRowGAYD VQQKFBFNxJtzdG8gUMWZZcWhdGljZTELMAkGA1UEBhMCQ1owgZ8wDQYJKoZIhvcN AQEBBQADgY0AMIGJAoGBAJ2UyStS0nZXRLtp3Vh4yleQawsqGKS/Mnwgbq2gvahX OeU0gkdOtgGI9TTGWjCB1PnBrAXoiDHYA3ENsoh3Mrx8nhBRUL0TDwenDbeM11fh tJUP77pfJ9Dc6DZaI9EnuMfCYx0GU0umcURwNMt0oK/UHY+NrIJgOCvgh8ONCa69 AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAfF4AkBlgKmOGWjVNYiNH1xoPBZ8NLqU/ c+zDgPw/3MbVFYCC4NKyt83LFQuQ0ylIlhHlrfsdxo+L4EILEyRNDJ9CKMVx9eTc l/9kjmYutEpKiSFujRDyw0CWtqC6Rq3Nbx6fIP9FCcpS3rDftJ6VCl1gqT9MHWs3 +WTsXor+55M= -----END CERTIFICATE-----subject=/CN=mailserver.prestice-mesto.cz/O=M\xC4\x9Bsto P\xC5\x99e\xC5\xA1tice/C=CZ issuer=/CN=mailserver.prestice-mesto.cz/O=M\xC4\x9Bsto P\xC5\x99e\xC5\xA1tice/C=CZ
---
No client certificate CA names sent
---
SSL handshake has read 926 bytes and written 198 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: zlib compression
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
9C49084FFD26A8646D60DC4F36E858E7DE6CCF660F821E0FC6B7F690677CE27C
Session-ID-ctx:
Master-Key:
12025745E3CEBC4DC95208AF289F817BEBEC8ADB5D6A112EA72C525C4FCDEF4E71E7994E58335B9B918744ABC9D30536
Key-Arg : None
PSK identity: None
PSK identity hint: None
Compression: 1 (zlib compression)
Start Time: 1292517174
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
---
smime.p7s
Description: S/MIME Cryptographic Signature
