Am 03.11.2016 um 14:26 schrieb Fazzina, Angelo: Hello Angelo,
please find attached my output, looks pretty good to me, similar to yours. > Hi Florian, > I am curious if you ran a basic telnet test of your SSL config, trying to > connect over port 465 or 587 ? > Sorry for not reading your attachments. > > I am attaching one file of the command and its output, showing example test > over both ports. > Does your postfix respond like my example or you are not even able to do that > ? > -ALF > > -Angelo Fazzina > Operating Systems Programmer / Analyst > University of Connecticut, UITS, SSG-Linux/ M&C > 860-486-9075 Cheers, Florian =========================================================================== Note: this message was send by me *only* if the eMail message contains a correct pgp signature corresponding to my address at flo...@floppy.org. Do you need my PGP public key? Check out http://www.floppy.org or send me an email with the subject "send pgp public key" to this address of mine.Thx!
root@blueberry:/home/software# openssl s_client -connect localhost:465 CONNECTED(00000003) depth=1 O = Root CA, OU = http://www.cacert.org, CN = CA Cert Signing Authority, emailAddress = supp...@cacert.org verify return:1 depth=0 CN = yabba.dadd-do.de verify return:1 --- Certificate chain 0 s:/CN=yabba.dadd-do.de i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=supp...@cacert.org 1 s:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=supp...@cacert.org i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=supp...@cacert.org --- Server certificate -----BEGIN CERTIFICATE----- MIIGJTCCBA2gAwIBAgIDEkl3MA0GCSqGSIb3DQEBDQUAMHkxEDAOBgNVBAoTB1Jv b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y dEBjYWNlcnQub3JnMB4XDTE2MDgxOTA1MjkyM1oXDTE3MDIxNTA1MjkyM1owIjEg MB4GA1UEAxMXYmx1ZWJlcnJ5LnBvc3QtcGVpbmUuZGUwggIiMA0GCSqGSIb3DQEB AQUAA4ICDwAwggIKAoICAQCyMxBTyzYZuIPqDDGAaZw3OaK6ntq2RCjdv1SNRHvQ UCLj/2Qh6XCcANbLraU59rBy4ioPON6pX73fXnfRApOP3l9jVsiDrvwzDbu2XOzF 6u8vZhbcG889zIyj0aPaR3pRsleWkxJ5vsmHS/MoaG++LUTLWGyBGFv05bDDtXVj QhdfDFW4JwDrznivbvu2bn3r09wiCb9J8f21Wr45n6vm6wmpsPXxiiUnzH08WvY8 xdHBOUKlfl4m7u+ZQ8YY/VchPzF5+zVvwh7vuGSvjL6TEznxZS5dtKSFKdQV2lXT z6KYGuGoVfs+CzeeoW8OO34jQ33BU9puFxb41iFJapuwe61xxQ/my/DTq3aCfwu3 6YdX9QejeYBuBKY7lYNTFSzOkpP/KQbxUGLY+lIv9omPNYC6WtZEpf368pycXFSH L5K0USpXPWA4Wc5O7k7xAXKKDAxYlIxIChPtEb4UylTmeinCbrOn3bs1igbvQ7dg n1BcNMZSmQCP1nLlOiVSHqvhD6BfATF0WgDpdIFvtizP/ep0qpjlmYhUVzaOtKFy KnNW8xGo03gICllHjx3ESWgvqw1b0zzvcIlmol19m61VzIp2mo2G1HxNdm3YtUhr Ss9J0XpAXkXH9A8QSMJhZR0Rvt5X/g5NZgXg7Q20oiUlReoagikKyda2AeRlzHBX nwIDAQABo4IBCzCCAQcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCA6gwNAYD VR0lBC0wKwYIKwYBBQUHAwIGCCsGAQUFBwMBBglghkgBhvhCBAEGCisGAQQBgjcK AwMwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5jYWNl cnQub3JnLzAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vY3JsLmNhY2VydC5vcmcv cmV2b2tlLmNybDBJBgNVHREEQjBAghdibHVlYmVycnkucG9zdC1wZWluZS5kZaAl BggrBgEFBQcIBaAZDBdibHVlYmVycnkucG9zdC1wZWluZS5kZTANBgkqhkiG9w0B AQ0FAAOCAgEAePVVQx9jJIYgtjBIGjssZgaiHi2Q908IEiC0JxDIYL98jIpmlHHO lZbaTurNh/n3HpC8sN52hVwA/Zbzna7XP5FbfvJhAHiaan/9jbPppP/nszvqP+pC d9SMrn5qeByES8R1XvbhWsIUsJDsfe68Hh9q7hDVwIG1jMFFI1vRxr+2h0owGxc3 lHyVKVKqTukgxze+HCpiK6KVNZ+O8g1LaSI4Ejqk0f9TpUB3ejnMJVls4266dC6a lemH0Lf1SIP6Dl8wlhxMnCk7wKb2kG5gi7aKshqOjcgRLc41pp2h3Wkba5Z/HDZ3 P1v+lpndKO4+PnAlsb3hSrQTPzs24kupMDHq7WNwt0XHl9oByxrIza+6YvufADi8 LMMOp6aq1UPv3k7UTzAn3XiSPC/jAkBFFQZYvFNuVF8NcCPAfeHnYNnxQqPA94Af 9uPo85o2tVMxcfPZ3ja/Ybj57Jy+7UvF2k6QS3ittdJTJ46bXqFXnYT350B6DnhS HZfo18qIcf0kjZfHq0+GTblUEsiBFv7bKFH7mKhHavqUAZg3E1eF1jtZp3N3A66g WENj2GNxaPHexYt5qZofz7k9dNuLuB/IIK03SvL8ErG8IScIWEBVy/kyi6HJ+8YW +K5sf3tgUm1L/hyf8exlTAGQWfdLCYsgy6gByxdOS4Z1SOQer+IBS/k= -----END CERTIFICATE----- subject=/CN=yabba.dadd-do.de issuer=/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=supp...@cacert.org --- No client certificate CA names sent Client Certificate Types: RSA sign, DSA sign, ECDSA sign Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 4394 bytes and written 443 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 4096 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 8BEFEAEFA881F97A56AC14E6894249C6E1F583628382FB0877597DFF554539C2 Session-ID-ctx: Master-Key: E2AB8D0C2166D4FE2626D3B8CE600F3E4F4B676D49ABE14B0996A4D41FAAC217A8718EA461023B4B374A4BD974915489 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 14400 (seconds) TLS session ticket: 0000 - fa e1 f2 9f c2 2b e9 f7-43 43 5e c9 ad 58 df 9c .....+..CC^..X.. 0010 - 48 44 10 f9 b9 e0 5f dd-f0 de 86 f0 a5 3b 1b 33 HD...._......;.3 0020 - 00 21 9e 8c 43 ab d8 b5-82 eb ec 6f 9a 56 51 0c .!..C......o.VQ. 0030 - 2d b1 58 0a ab a8 3b e8-49 82 fd 12 23 7e 19 a4 -.X...;.I...#~.. 0040 - 99 48 a1 89 a6 df 46 9b-5b 85 71 f7 7d a9 87 d7 .H....F.[.q.}... 0050 - b7 f2 eb 10 b7 5c 01 8e-e0 90 15 20 f7 86 f0 fa .....\..... .... 0060 - b0 08 35 f0 d7 2e 61 36-16 b9 c1 a6 be ce 90 d6 ..5...a6........ 0070 - f6 e3 48 a7 f9 c4 c5 28-9d 05 7a 2a 99 f7 ea b1 ..H....(..z*.... 0080 - 1b 64 75 65 25 91 71 58-4c 80 4f a2 91 4a 91 93 .due%.qXL.O..J.. 0090 - 94 1c 3a e0 e3 97 65 30-dc aa 8b 47 78 c1 34 98 ..:...e0...Gx.4. Start Time: 1478180146 Timeout : 300 (sec) Verify return code: 0 (ok) --- 220 yabba.dadd-do.de ESMTP Postfix quit 221 2.0.0 Bye closed root@blueberry:/home/software# openssl s_client -starttls smtp -connect localhost:587 CONNECTED(00000003) depth=1 O = Root CA, OU = http://www.cacert.org, CN = CA Cert Signing Authority, emailAddress = supp...@cacert.org verify return:1 depth=0 CN = yabba.dadd-do.de verify return:1 --- Certificate chain 0 s:/CN=yabba.dadd-do.de i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=supp...@cacert.org 1 s:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=supp...@cacert.org i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=supp...@cacert.org --- Server certificate -----BEGIN CERTIFICATE----- MIIGJTCCBA2gAwIBAgIDEkl3MA0GCSqGSIb3DQEBDQUAMHkxEDAOBgNVBAoTB1Jv b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y dEBjYWNlcnQub3JnMB4XDTE2MDgxOTA1MjkyM1oXDTE3MDIxNTA1MjkyM1owIjEg MB4GA1UEAxMXYmx1ZWJlcnJ5LnBvc3QtcGVpbmUuZGUwggIiMA0GCSqGSIb3DQEB AQUAA4ICDwAwggIKAoICAQCyMxBTyzYZuIPqDDGAaZw3OaK6ntq2RCjdv1SNRHvQ UCLj/2Qh6XCcANbLraU59rBy4ioPON6pX73fXnfRApOP3l9jVsiDrvwzDbu2XOzF 6u8vZhbcG889zIyj0aPaR3pRsleWkxJ5vsmHS/MoaG++LUTLWGyBGFv05bDDtXVj QhdfDFW4JwDrznivbvu2bn3r09wiCb9J8f21Wr45n6vm6wmpsPXxiiUnzH08WvY8 xdHBOUKlfl4m7u+ZQ8YY/VchPzF5+zVvwh7vuGSvjL6TEznxZS5dtKSFKdQV2lXT z6KYGuGoVfs+CzeeoW8OO34jQ33BU9puFxb41iFJapuwe61xxQ/my/DTq3aCfwu3 6YdX9QejeYBuBKY7lYNTFSzOkpP/KQbxUGLY+lIv9omPNYC6WtZEpf368pycXFSH L5K0USpXPWA4Wc5O7k7xAXKKDAxYlIxIChPtEb4UylTmeinCbrOn3bs1igbvQ7dg n1BcNMZSmQCP1nLlOiVSHqvhD6BfATF0WgDpdIFvtizP/ep0qpjlmYhUVzaOtKFy KnNW8xGo03gICllHjx3ESWgvqw1b0zzvcIlmol19m61VzIp2mo2G1HxNdm3YtUhr Ss9J0XpAXkXH9A8QSMJhZR0Rvt5X/g5NZgXg7Q20oiUlReoagikKyda2AeRlzHBX nwIDAQABo4IBCzCCAQcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCA6gwNAYD VR0lBC0wKwYIKwYBBQUHAwIGCCsGAQUFBwMBBglghkgBhvhCBAEGCisGAQQBgjcK AwMwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5jYWNl cnQub3JnLzAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vY3JsLmNhY2VydC5vcmcv cmV2b2tlLmNybDBJBgNVHREEQjBAghdibHVlYmVycnkucG9zdC1wZWluZS5kZaAl BggrBgEFBQcIBaAZDBdibHVlYmVycnkucG9zdC1wZWluZS5kZTANBgkqhkiG9w0B AQ0FAAOCAgEAePVVQx9jJIYgtjBIGjssZgaiHi2Q908IEiC0JxDIYL98jIpmlHHO lZbaTurNh/n3HpC8sN52hVwA/Zbzna7XP5FbfvJhAHiaan/9jbPppP/nszvqP+pC d9SMrn5qeByES8R1XvbhWsIUsJDsfe68Hh9q7hDVwIG1jMFFI1vRxr+2h0owGxc3 lHyVKVKqTukgxze+HCpiK6KVNZ+O8g1LaSI4Ejqk0f9TpUB3ejnMJVls4266dC6a lemH0Lf1SIP6Dl8wlhxMnCk7wKb2kG5gi7aKshqOjcgRLc41pp2h3Wkba5Z/HDZ3 P1v+lpndKO4+PnAlsb3hSrQTPzs24kupMDHq7WNwt0XHl9oByxrIza+6YvufADi8 LMMOp6aq1UPv3k7UTzAn3XiSPC/jAkBFFQZYvFNuVF8NcCPAfeHnYNnxQqPA94Af 9uPo85o2tVMxcfPZ3ja/Ybj57Jy+7UvF2k6QS3ittdJTJ46bXqFXnYT350B6DnhS HZfo18qIcf0kjZfHq0+GTblUEsiBFv7bKFH7mKhHavqUAZg3E1eF1jtZp3N3A66g WENj2GNxaPHexYt5qZofz7k9dNuLuB/IIK03SvL8ErG8IScIWEBVy/kyi6HJ+8YW +K5sf3tgUm1L/hyf8exlTAGQWfdLCYsgy6gByxdOS4Z1SOQer+IBS/k= -----END CERTIFICATE----- subject=/CN=yabba.dadd-do.de issuer=/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=supp...@cacert.org --- No client certificate CA names sent Client Certificate Types: RSA sign, DSA sign, ECDSA sign Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 4657 bytes and written 478 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 4096 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: DE1E29202B869E7EEB8B214D905FFF37733CDF5E39D4ABCF1C879E151E05161A Session-ID-ctx: Master-Key: AD9415AD9AB8B1B89F4E8F5F411142CAD307D1DA1594804F6D065927BD86AE07BF68D235F28F54ED26393D54BA4761D7 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 14400 (seconds) TLS session ticket: 0000 - fa e1 f2 9f c2 2b e9 f7-43 43 5e c9 ad 58 df 9c .....+..CC^..X.. 0010 - ff e0 82 60 bb 5a e5 51-83 a0 f1 2f 7c e3 c7 c7 ...`.Z.Q.../|... 0020 - cc 22 0b c8 2b a0 3c d2-01 b7 6f 76 92 2f 33 41 ."..+.<...ov./3A 0030 - 8c 35 1c 53 e6 2c 3c f0-10 36 1f 5b 60 00 98 95 .5.S.,<..6.[`... 0040 - 93 08 21 2f 98 15 2c 64-0b 03 34 6c fe ce 2a 5d ..!/..,d..4l..*] 0050 - fa 1e e0 48 60 89 4d f0-55 21 da 10 d4 82 47 eb ...H`.M.U!....G. 0060 - 20 64 a5 7e 15 f7 bb ac-e2 be 61 ff c7 d8 7c 67 d.~......a...|g 0070 - c3 1d c9 3c 5e eb 6a d5-c8 2c 7f 06 48 8a 5c 6c ...<^.j..,..H.\l 0080 - 5e 2c cd 01 4e 1a ca 85-c9 ae 89 6a 84 4e b0 c5 ^,..N......j.N.. 0090 - 30 ff 5f 15 18 32 8a 85-5d c5 a7 9a 80 2d c2 17 0._..2..]....-.. Start Time: 1478180277 Timeout : 300 (sec) Verify return code: 0 (ok) --- 250 DSN quit 221 2.0.0 Bye closed
signature.asc
Description: OpenPGP digital signature