Hello Maxim, On Wed, 6 Jun 2018, at 10:03:41 [GMT +0200] (which was 10:03 where I live) Gwen wrote:
> Fails to connect with TLS 1.2 to a IMAP mail server with modern > ciphers > TLS handshake failure for imap.vivaldi.net An other verbose check what the server can handle: # perl analyze-ssl.pl -v 3 --all-ciphers imap.vivaldi.net + checking host=imap.vivaldi.net(82.221.130.152) port=443 * version SSLv23 no verification, ciphers= -> TLSv1_2,ECDHE-RSA-AES256-GCM-SHA384 * version SSLv23 no verification, ciphers=HIGH:ALL -> TLSv1_2,ECDHE-RSA-AES256-GCM-SHA384 * version TLSv1_2 no verification, ciphers= -> TLSv1_2,ECDHE-RSA-AES256-GCM-SHA384 * version TLSv1_2 no verification, ciphers=HIGH:ALL -> TLSv1_2,ECDHE-RSA-AES256-GCM-SHA384 * version TLSv1_1 no verification, ciphers= -> TLSv1_1,ECDHE-RSA-AES256-SHA * version TLSv1_1 no verification, ciphers=HIGH:ALL -> TLSv1_1,ECDHE-RSA-AES256-SHA * version TLSv1 no verification, ciphers= -> TLSv1,ECDHE-RSA-AES256-SHA * version TLSv1 no verification, ciphers=HIGH:ALL -> TLSv1,ECDHE-RSA-AES256-SHA * version SSLv3, no verification, ciphers= -> FAIL! SSL connect attempt failed because of handshake problems error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure * version SSLv3, no verification, ciphers=HIGH:ALL -> FAIL! SSL connect attempt failed because of handshake problems error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure + successful connect with TLSv1_2, cipher=ECDHE-RSA-AES256-SHA, sni=imap.vivaldi.net and no other TLS extensions + SNI success * same certificate chain in without SNI + certificate verify success + OCSP stapling: no stapled response <3> need to send 120 bytes OCSP request to http://isrg.trustid.ocsp.identrust.com <3> need to send 122 bytes OCSP request to http://ocsp.int-x3.letsencrypt.org + all certificates verified * connect with version TLSv1_2 cipher ECDHE-RSA-AES256-GCM-SHA384 * connect with version TLSv1_2 cipher ECDHE-RSA-AES128-GCM-SHA256 * connect with version TLSv1_2 cipher DHE-RSA-AES256-GCM-SHA384 * connect with version TLSv1_2 cipher DHE-RSA-AES128-GCM-SHA256 * connect with version TLSv1_2 cipher ECDHE-RSA-AES256-SHA384 * connect with version TLSv1_2 cipher ECDHE-RSA-AES256-SHA * connect with version TLSv1_2 cipher DHE-RSA-AES256-SHA256 * connect with version TLSv1_2 cipher DHE-RSA-AES256-SHA * connect with version TLSv1_2 cipher ECDHE-RSA-AES128-SHA256 * connect with version TLSv1_2 cipher ECDHE-RSA-AES128-SHA * connect with version TLSv1_2 cipher DHE-RSA-AES128-SHA256 * connect with version TLSv1_2 cipher DHE-RSA-AES128-SHA * connect with version TLSv1_2 cipher ECDHE-RSA-DES-CBC3-SHA * connect with version TLSv1_2 cipher EDH-RSA-DES-CBC3-SHA * connect with version TLSv1_2 cipher AES256-GCM-SHA384 * connect with version TLSv1_2 cipher AES128-GCM-SHA256 * connect with version TLSv1_2 cipher AES256-SHA256 * connect with version TLSv1_2 cipher AES256-SHA * connect with version TLSv1_2 cipher AES128-SHA256 * connect with version TLSv1_2 cipher AES128-SHA * connect with version TLSv1_2 cipher DES-CBC3-SHA <3> handshake failed with HIGH:ALL:eNULL:!ECDHE-RSA-AES256-GCM-SHA384:!ECDHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-GCM-SHA256:!ECDHE-RSA-AES256-SHA384:!ECDHE-RSA-AES256-SHA:!DHE-RSA-AES256-SHA256:!DHE-RSA-AES256-SHA:!ECDHE-RSA-AES128-SHA256:!ECDHE-RSA-AES128-SHA:!DHE-RSA-AES128-SHA256:!DHE-RSA-AES128-SHA:!ECDHE-RSA-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!AES256-GCM-SHA384:!AES128-GCM-SHA256:!AES256-SHA256:!AES256-SHA:!AES128-SHA256:!AES128-SHA:!DES-CBC3-SHA: SSL connect attempt failed error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure <3> tried with cipher list 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:HIGH:ALL' -> ECDHE-RSA-AES256-GCM-SHA384 <3> tried with cipher list 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:HIGH:ALL' -> ECDHE-RSA-AES256-GCM-SHA384 * server decides cipher order -- imap.vivaldi.net port 443 * maximum SSL version : TLSv1_2 (SSLv23) * supported SSL versions with handshake used and preferred cipher(s): * handshake protocols ciphers * SSLv23 TLSv1_2 ECDHE-RSA-AES256-GCM-SHA384 * TLSv1_2 TLSv1_2 ECDHE-RSA-AES256-GCM-SHA384 * TLSv1_1 TLSv1_1 ECDHE-RSA-AES256-SHA * TLSv1 TLSv1 ECDHE-RSA-AES256-SHA * SSLv3 FAILED: SSL connect attempt failed because of handshake problems error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure * cipher order by : server * SNI supported : ok * certificate verified : ok * chain on 82.221.130.152 * [0/0] bits=2048, ocsp_uri=http://ocsp.int-x3.letsencrypt.org, /CN=imap.vivaldi.net SAN=DNS:imap.vivaldi.net,DNS:mail.vivaldi.net,DNS:pop3.vivaldi.net * [1/1] bits=2048, ocsp_uri=http://isrg.trustid.ocsp.identrust.com, /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 * [-/2] bits=2048, ocsp_uri=, /O=Digital Signature Trust Co./CN=DST Root CA X3 * OCSP stapling : no stapled response * OCSP status : good * supported ciphers with SSLv23 handshake * TLSv1_2 ECDHE-RSA-AES256-GCM-SHA384 * TLSv1_2 ECDHE-RSA-AES128-GCM-SHA256 * TLSv1_2 DHE-RSA-AES256-GCM-SHA384 * TLSv1_2 DHE-RSA-AES128-GCM-SHA256 * TLSv1_2 ECDHE-RSA-AES256-SHA384 * TLSv1_2 ECDHE-RSA-AES256-SHA * TLSv1_2 DHE-RSA-AES256-SHA256 * TLSv1_2 DHE-RSA-AES256-SHA * TLSv1_2 ECDHE-RSA-AES128-SHA256 * TLSv1_2 ECDHE-RSA-AES128-SHA * TLSv1_2 DHE-RSA-AES128-SHA256 * TLSv1_2 DHE-RSA-AES128-SHA * TLSv1_2 ECDHE-RSA-DES-CBC3-SHA * TLSv1_2 EDH-RSA-DES-CBC3-SHA * TLSv1_2 AES256-GCM-SHA384 * TLSv1_2 AES128-GCM-SHA256 * TLSv1_2 AES256-SHA256 * TLSv1_2 AES256-SHA * TLSv1_2 AES128-SHA256 * TLSv1_2 AES128-SHA * TLSv1_2 DES-CBC3-SHA -- Regards Gwen Using The Bat! Version 8.3.0.25 (BETA) (32-bit) on Windows 10.0 (Build 17134 )
pgpptl4xBj3l4.pgp
Description: PGP signature
________________________________________________________ Current beta is 8.3.0.26 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
