RE: SSMTP Client: SSL routines:SSL23_GET_SERVER_HELLO
sorry for the late reply. I was on vacation. Unfortunately, I returned and could not find the managed switch anymore. Someone must've taken it. So I won't be able to post a .pcap file, since I cannot remote capture. However, it seems I managed to get rid of the unknown protocol error. I was using the read function of my colleague and it was only copying bytes until it reaches a newline character, so when I call the TLS function (see the code my 1st post), the receive buffer had already some bytes left over from previous replies. So, as mentioned earlier, I do not get the unknown protocol error anymore, however, ssl_connect still fails but this time it does not print out any error, it simply prints out the following: ///creating TLS Session/ SSL_connect failed I'm trying to connect to smtp.gmail.com:587 Any help will be appreciated. -- View this message in context: http://openssl.6102.n7.nabble.com/SSMTP-Client-SSL-routines-SSL23-GET-SERVER-HELLO-tp48871p49060.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: SSMTP Client: SSL routines:SSL23_GET_SERVER_HELLO
Just to add more details, here are the replies that my code prints out, when trying to connect to smtp.gmail.com:587 *220 mx.google.com ESMTP x3sm39000551eep.17 - gsmtp //EHLO// 250-mx.google.com at your service, [80.149.109.201] 250-SIZE 35882577 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250 CHUNKING //STARTTLS// 220 2.0.0 Ready to start TLS ///creating TLS Session/ SSL_connect failed* -- View this message in context: http://openssl.6102.n7.nabble.com/SSMTP-Client-SSL-routines-SSL23-GET-SERVER-HELLO-tp48871p49061.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: SSMTP Client: SSL routines:SSL23_GET_SERVER_HELLO
From: owner-openssl-us...@openssl.org On Behalf Of hhachem Sent: Monday, March 17, 2014 07:35 openssl_capture.txt http://openssl.6102.n7.nabble.com/file/n48871/openssl_capture.txt Hello, I'm using OpenSSL in order to encrypt some emails, that a piece of hardware sends. But, whenever I try to call SSL_connect(), I get : SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol After sending EHLO and STARTTLS I call the following function: You are reading the responses to both, particularly the 220 to STARTTLS, before you try SSL_connect, right? I've tried connecting to : smtp.live.com : 587 -- SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol s23_clnt.c:787: smtp.live.com : 25 -- SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol s23_clnt.c:787: smtp.gmail.com : 587 -- SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol s23_clnt.c:787: smtp.gmail.com : 465 -- no response from server at all! smtp.gmail.com : 25 -- SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol s23_clnt.c:787: For me s_client with -starttls smtp works on both 587 ports, and I also get no response on gmail 465. For me it fails on both 25 ports, but I think that's something in our ISP mangling 25 (probably as an antispam measure) because the SMTP exchange is visibly weird even before STARTTLS. Your capture decoded as SMTP which makes the SSL exchange unreadable. Preferably do the first records (through 220) as SMTP, then the rest as SSL; if you can't, try attaching the pcap file itself if small, or put it somewhere we can download, or again if small just base64 and put in your text. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: SSMTP Client: SSL routines:SSL23_GET_SERVER_HELLO
U P Sent from my iPad On Mar 17, 2014, at 5:48 PM, hhachem hamze.hac...@deos-ag.com wrote: openssl_capture.txt http://openssl.6102.n7.nabble.com/file/n48871/openssl_capture.txt Hello, I'm using OpenSSL in order to encrypt some emails, that a piece of hardware sends. But, whenever I try to call SSL_connect(), I get : SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol After sending EHLO and STARTTLS I call the following function: /// SSL_CTX *ctx = NULL; SSL *ssl = NULL; void CreateTLSSession(int sockfd) { printf(///creating TLS Session/\n); SSL_library_init(); SSL_load_error_strings(); OpenSSL_add_all_algorithms(); ctx = SSL_CTX_new(SSLv23_client_method()); if (ctx == NULL) { printf(failed to initialize context\n); return; } SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); ssl = SSL_new(ctx); if (!SSL_set_fd(ssl, sockfd)) { printf(failed to bind to socket fd\n); return; } if (SSL_connect(ssl) 1) { ERR_print_errors_fp(stdout); fflush(stdout); printf(SSL_connect failed\n); return; } } I've tried connecting to : smtp.live.com : 587 -- SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol s23_clnt.c:787: smtp.live.com : 25 -- SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol s23_clnt.c:787: smtp.gmail.com : 587 -- SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol s23_clnt.c:787: smtp.gmail.com : 465 -- no response from server at all! smtp.gmail.com : 25 -- SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol s23_clnt.c:787: Am I missing something here? UPDATE: All other methods (i.e. TLSv1_1_method(), SSLv3_method() ...) lead to SSL3_GET_RECORD:wrong version number UPDATE: I've managed to sniff the network traffic using wireshark. The .txt capture file is attached. Any help will be appreciated -- View this message in context: http://openssl.6102.n7.nabble.com/SSMTP-Client-SSL-routines-SSL23-GET-SERVER-HELLO-tp48871.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: SSMTP Client: SSL routines:SSL23_GET_SERVER_HELLO
Sorry, just notice it, it might be sent out my 2 years old son by accident. please ignore this email. Regards,Pingzhong Subject: Re: SSMTP Client: SSL routines:SSL23_GET_SERVER_HELLO From: lipzh...@hotmail.com Date: Mon, 17 Mar 2014 21:13:20 -0400 To: openssl-users@openssl.org U P Sent from my iPad On Mar 17, 2014, at 5:48 PM, hhachem hamze.hac...@deos-ag.com wrote: openssl_capture.txt http://openssl.6102.n7.nabble.com/file/n48871/openssl_capture.txt Hello, I'm using OpenSSL in order to encrypt some emails, that a piece of hardware sends. But, whenever I try to call SSL_connect(), I get : SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol After sending EHLO and STARTTLS I call the following function: /// SSL_CTX *ctx = NULL; SSL *ssl = NULL; void CreateTLSSession(int sockfd) { printf(///creating TLS Session/\n); SSL_library_init(); SSL_load_error_strings(); OpenSSL_add_all_algorithms(); ctx = SSL_CTX_new(SSLv23_client_method()); if (ctx == NULL) { printf(failed to initialize context\n); return; } SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); ssl = SSL_new(ctx); if (!SSL_set_fd(ssl, sockfd)) { printf(failed to bind to socket fd\n); return; } if (SSL_connect(ssl) 1) { ERR_print_errors_fp(stdout); fflush(stdout); printf(SSL_connect failed\n); return; } } I've tried connecting to : smtp.live.com : 587 -- SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol s23_clnt.c:787: smtp.live.com : 25 -- SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol s23_clnt.c:787: smtp.gmail.com : 587 -- SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol s23_clnt.c:787: smtp.gmail.com : 465 -- no response from server at all! smtp.gmail.com : 25 -- SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol s23_clnt.c:787: Am I missing something here? UPDATE: All other methods (i.e. TLSv1_1_method(), SSLv3_method() ...) lead to SSL3_GET_RECORD:wrong version number UPDATE: I've managed to sniff the network traffic using wireshark. The .txt capture file is attached. Any help will be appreciated -- View this message in context: http://openssl.6102.n7.nabble.com/SSMTP-Client-SSL-routines-SSL23-GET-SERVER-HELLO-tp48871.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org