Dear OpenSSL Users, At my corporate environment, I'm experience a challenge to use openssl s_client utility. I really appreciate if someone can help me narrow down the issue.
Here the details - Platform: RHEL 7.x *Openssl version:* OpenSSL 1.0.2k-fips 26 Jan 2017 built on: reproducible build, date unspecified platform: linux-x86_64 options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM OPENSSLDIR: "/etc/pki/tls" engines: rdrand dynamic Command tried to tes the connectivity between my Linux client server to remote office 365 exchange server using POP3 port - $ openssl s_client -crlf -connect outlook.office365.com:995 ... ... subject=/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=outlook.com issuer=/C=US/O=DigiCert Inc/CN=DigiCert Cloud Services CA-1 --- No client certificate CA names sent Peer signing digest: SHA256 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 3952 bytes and written 415 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 072F0000FFDC6177DE9CAB2B59EA06E486A25AD8A2882A9B82F16678BAD74E79 Session-ID-ctx: Master-Key: DD7B59F38867FEAB9656B519FBCD743158E528C63FF9A96CE758120424159F26967F9F6FE57A9B5E7CAD806798322278 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1557500061 Timeout : 300 (sec) Verify return code: 0 (ok) --- +OK The Microsoft Exchange POP3 service is ready. [QgBOADYAUABSADEANABDAEEAMAAwADQAMgAuAG4AYQBtAHAAcgBkADEANAAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A] *USER netco...@cox.com <netco...@cox.com>* *+OK* *PASS XXXXXXXX* *-ERR Logon failure: unknown user name or bad password.* *quit* *+OK Microsoft Exchange Server POP3 server signing off.* *read:errno=0* Operating System: Red Hat Enterprise Linux Server release 7.2 (Maipo) When I did the same from a different server, it worked as expected. Following are the two difference which I noticed between a working server and non-working server. *Working server details:* 1. Red Hat Enterprise Linux Server release 6.9 (Santiago) 2. openssl version OpenSSL 1.0.1e-fips 11 Feb 2013 built on: Mon Jan 30 07:47:24 EST 2017 platform: linux-x86_64 options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM OPENSSLDIR: "/etc/pki/tls" engines: dynamic Please let me know if you need any further details from my end. Thanks, in advance. Chandu