Re: Strech verweigert E-Mails
Am 11.07.2017 um 14:37 schrieb Siegfrid Brandstätter:
Am 11.07.2017 um 13:38 schrieb Heiko Schlittermann:
Siegfrid Brandstätter <debian@o-h-z.de> (Di 11 Jul 2017 13:42:58 CEST):
ftp
xmpp
xmpp-server
telnet
irc
Ja, hatte ich geschrieben:
Aber… ich habe bei starttls noch einen Parameter vergessen. So jetzt
openssl -starttls smtp -connect …:587
und für den POP3
openssl -starttls pop3 -connect …:995
Ja, aber auf Port 587 läuft bei Deinem Dienstleister offenbar nichts.
Also bleibt 465
openssl s_client -connect mail.vege.net:465
# openssl s_client -connect mail.vege.net:465
CONNECTED(00000003)
139927856821504:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert
handshake failure:../ssl/record/rec_layer_s3.c:1399:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 176 bytes
Verification: OK
---
…
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
…
---
openssl s_client -connect mail.vege.net:995
# openssl s_client -connect mail.vege.net:995
CONNECTED(00000003)
139729580999936:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert
handshake failure:../ssl/record/rec_layer_s3.c:1399:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 176 bytes
Verification: OK
---
…
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
…
Wird aber beides nicht gehen.
Doch. Umgekehrt ;-)
Nein, ging nicht. Es kommt keine Verbindung für POP3 oder SMTP
zustande, denn sonst würdest Du am Ende des Verbindungsaufbaus den
Prompt des jeweiligen Servers sehen.
Da steht Ciper: 000, das halte ich für nicht gut.
Mit gnutls-cli geht es aber
gnutls-cli -p 465 mail.vege.net
# gnutls-cli -p 465 mail.vege.net
bash: gnutls-cli: Kommando nicht gefunden.
Installierst Du Dir gnutls-client.
# gnutls-cli -p 465 mail.vege.net
Processed 166 CA certificate(s).
Resolving 'mail.vege.net:465'...
Connecting to '85.10.222.201:465'...
- Certificate type: X.509
- Got a certificate list of 4 certificates.
- Certificate[0] info:
- subject `CN=*.vege.net,OU=PositiveSSL Wildcard,OU=Domain Control
Validated', issuer `CN=COMODO RSA Domain Validation Secure Server
CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB', serial
0x78fb8293c18541999d1f59bd29cbdc77, RSA key 2048 bits, signed using
RSA-SHA256, activated `2016-08-23 00:00:00 UTC', expires `2017-08-23
23:59:59 UTC', key-ID
`sha256:cccb6fa81ffbf772891dfb67df006a3586a8744a759147cfc685a2815c5e56a3'
Public Key ID:
sha1:e281da69e9528b1abc0cf8ba611cf46cb44b82fb
sha256:cccb6fa81ffbf772891dfb67df006a3586a8744a759147cfc685a2815c5e56a3
Public key's random art:
+--[ RSA 2048]----+
| |
| |
| . . |
|o + .. |
|.o *. o S |
|+.=oo+ o |
|*+.+=.. |
|+=+o. |
|+*E.. |
+-----------------+
- Certificate[1] info:
- subject `CN=AddTrust External CA Root,OU=AddTrust External TTP
Network,O=AddTrust AB,C=SE', issuer `CN=AddTrust External CA
Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE', serial
0x01, RSA key 2048 bits, signed using RSA-SHA1, activated `2000-05-30
10:48:38 UTC', expires `2020-05-30 10:48:38 UTC', key-ID
`sha256:942a6916a6e4ae527711c5450247a2a74fb8e156a8254ca66e739a11493bb445'
- Certificate[2] info:
- subject `CN=COMODO RSA Certification Authority,O=COMODO CA
Limited,L=Salford,ST=Greater Manchester,C=GB', issuer `CN=AddTrust
External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE',
serial 0x2766ee56eb49f38eabd770a2fc84de22, RSA key 4096 bits, signed
using RSA-SHA384, activated `2000-05-30 10:48:38 UTC', expires
`2020-05-30 10:48:38 UTC', key-ID
`sha256:82b5f84daf47a59c7ab521e4982aefa40a53406a3aec26039efa6b2e0e7244c1'
- Certificate[3] info:
- subject `CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO
CA Limited,L=Salford,ST=Greater Manchester,C=GB', issuer `CN=COMODO
RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater
Manchester,C=GB', serial 0x2b2e6eead975366c148a6edba37c8c07, RSA key
2048 bits, signed using RSA-SHA384, activated `2014-02-12 00:00:00
UTC', expires `2029-02-11 23:59:59 UTC', key-ID
`sha256:9253b6de74f67a11435c27f1dde1d30d1112333ddab23d66b8efb86887638ae6'
- Status: The certificate is trusted.
- Description: (TLS1.0)-(RSA)-(3DES-CBC)-(SHA1)
- Session ID:
FB:9C:EF:99:44:7F:2A:31:91:44:0D:F9:2B:4F:E9:AC:A8:F3:5D:DD:CD:DD:63:BB:77:72:77:88:3D:C9:E9:98
- Version: TLS1.0
- Key Exchange: RSA
- Cipher: 3DES-CBC
- MAC: SHA1
- Compression: NULL
- Options:
- Handshake was completed
- Simple Client Mode:
220 mail.vege.net NO UCE ESMTP
# gnutls-cli -p 995 mail.vege.net
Processed 166 CA certificate(s).
Resolving 'mail.vege.net:995'...
Connecting to '85.10.222.201:995'...
- Certificate type: X.509
- Got a certificate list of 4 certificates.
- Certificate[0] info:
- subject `CN=*.vege.net,OU=PositiveSSL Wildcard,OU=Domain Control
Validated', issuer `CN=COMODO RSA Domain Validation Secure Server
CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB', serial
0x78fb8293c18541999d1f59bd29cbdc77, RSA key 2048 bits, signed using
RSA-SHA256, activated `2016-08-23 00:00:00 UTC', expires `2017-08-23
23:59:59 UTC', key-ID
`sha256:cccb6fa81ffbf772891dfb67df006a3586a8744a759147cfc685a2815c5e56a3'
Public Key ID:
sha1:e281da69e9528b1abc0cf8ba611cf46cb44b82fb
sha256:cccb6fa81ffbf772891dfb67df006a3586a8744a759147cfc685a2815c5e56a3
Public key's random art:
+--[ RSA 2048]----+
| |
| |
| . . |
|o + .. |
|.o *. o S |
|+.=oo+ o |
|*+.+=.. |
|+=+o. |
|+*E.. |
+-----------------+
- Certificate[1] info:
- subject `CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO
CA Limited,L=Salford,ST=Greater Manchester,C=GB', issuer `CN=COMODO
RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater
Manchester,C=GB', serial 0x2b2e6eead975366c148a6edba37c8c07, RSA key
2048 bits, signed using RSA-SHA384, activated `2014-02-12 00:00:00
UTC', expires `2029-02-11 23:59:59 UTC', key-ID
`sha256:9253b6de74f67a11435c27f1dde1d30d1112333ddab23d66b8efb86887638ae6'
- Certificate[2] info:
- subject `CN=COMODO RSA Certification Authority,O=COMODO CA
Limited,L=Salford,ST=Greater Manchester,C=GB', issuer `CN=AddTrust
External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE',
serial 0x2766ee56eb49f38eabd770a2fc84de22, RSA key 4096 bits, signed
using RSA-SHA384, activated `2000-05-30 10:48:38 UTC', expires
`2020-05-30 10:48:38 UTC', key-ID
`sha256:82b5f84daf47a59c7ab521e4982aefa40a53406a3aec26039efa6b2e0e7244c1'
- Certificate[3] info:
- subject `CN=AddTrust External CA Root,OU=AddTrust External TTP
Network,O=AddTrust AB,C=SE', issuer `CN=AddTrust External CA
Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE', serial
0x01, RSA key 2048 bits, signed using RSA-SHA1, activated `2000-05-30
10:48:38 UTC', expires `2020-05-30 10:48:38 UTC', key-ID
`sha256:942a6916a6e4ae527711c5450247a2a74fb8e156a8254ca66e739a11493bb445'
- Status: The certificate is trusted.
- Description: (TLS1.0)-(RSA)-(3DES-CBC)-(SHA1)
- Session ID:
29:1B:94:DB:9C:4C:9E:39:2E:E8:74:05:82:6E:0A:E1:44:1F:0F:06:50:9A:29:15:E3:8B:16:13:F7:4A:90:CE
- Version: TLS1.0
- Key Exchange: RSA
- Cipher: 3DES-CBC
- MAC: SHA1
- Compression: NULL
- Options:
- Handshake was completed
- Simple Client Mode:
+OK Hello there.
Ich habe nun nach dem mir vege.net geschrieben hat das ich anstatt
"mail.vege.net" "secure.vege.net" verwenden soll dies versucht:
# gnutls-cli -p 465 secure.vege.net
Processed 166 CA certificate(s).
Resolving 'secure.vege.net:465'...
Connecting to '85.10.222.200:465'...
- Certificate type: X.509
- Got a certificate list of 4 certificates.
- Certificate[0] info:
- subject `CN=*.vege.net,OU=PositiveSSL Wildcard,OU=Domain Control
Validated', issuer `CN=COMODO RSA Domain Validation Secure Server
CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB', serial
0x78fb8293c18541999d1f59bd29cbdc77, RSA key 2048 bits, signed using
RSA-SHA256, activated `2016-08-23 00:00:00 UTC', expires `2017-08-23
23:59:59 UTC', key-ID
`sha256:cccb6fa81ffbf772891dfb67df006a3586a8744a759147cfc685a2815c5e56a3'
Public Key ID:
sha1:e281da69e9528b1abc0cf8ba611cf46cb44b82fb
sha256:cccb6fa81ffbf772891dfb67df006a3586a8744a759147cfc685a2815c5e56a3
Public key's random art:
+--[ RSA 2048]----+
| |
| |
| . . |
|o + .. |
|.o *. o S |
|+.=oo+ o |
|*+.+=.. |
|+=+o. |
|+*E.. |
+-----------------+
- Certificate[1] info:
- subject `CN=AddTrust External CA Root,OU=AddTrust External TTP
Network,O=AddTrust AB,C=SE', issuer `CN=AddTrust External CA
Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE', serial 0x01,
RSA key 2048 bits, signed using RSA-SHA1, activated `2000-05-30 10:48:38
UTC', expires `2020-05-30 10:48:38 UTC', key-ID
`sha256:942a6916a6e4ae527711c5450247a2a74fb8e156a8254ca66e739a11493bb445'
- Certificate[2] info:
- subject `CN=COMODO RSA Certification Authority,O=COMODO CA
Limited,L=Salford,ST=Greater Manchester,C=GB', issuer `CN=AddTrust
External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE',
serial 0x2766ee56eb49f38eabd770a2fc84de22, RSA key 4096 bits, signed
using RSA-SHA384, activated `2000-05-30 10:48:38 UTC', expires
`2020-05-30 10:48:38 UTC', key-ID
`sha256:82b5f84daf47a59c7ab521e4982aefa40a53406a3aec26039efa6b2e0e7244c1'
- Certificate[3] info:
- subject `CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO
CA Limited,L=Salford,ST=Greater Manchester,C=GB', issuer `CN=COMODO RSA
Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater
Manchester,C=GB', serial 0x2b2e6eead975366c148a6edba37c8c07, RSA key
2048 bits, signed using RSA-SHA384, activated `2014-02-12 00:00:00 UTC',
expires `2029-02-11 23:59:59 UTC', key-ID
`sha256:9253b6de74f67a11435c27f1dde1d30d1112333ddab23d66b8efb86887638ae6'
- Status: The certificate is trusted.
- Description: (TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-256-GCM)
- Session ID:
CE:F6:D7:9C:74:C8:59:C9:26:AF:3E:59:4B:E1:7D:0D:6D:2C:7E:2C:FF:80:CD:1E:8F:0B:D5:2F:7C:0E:5A:79
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP256R1
- Curve size: 256 bits
- Version: TLS1.2
- Key Exchange: ECDHE-RSA
- Server Signature: RSA-SHA256
- Cipher: AES-256-GCM
- MAC: AEAD
- Compression: NULL
- Options: safe renegotiation,
- Handshake was completed
- Simple Client Mode:
220 ns02 ESMTP ready
*** Fatal error: The TLS connection was non-properly terminated.
*** Server has terminated the connection abnormally.
# gnutls-cli -p 995 secure.vege.net
Processed 166 CA certificate(s).
Resolving 'secure.vege.net:995'...
Connecting to '85.10.222.200:995'...
- Certificate type: X.509
- Got a certificate list of 4 certificates.
- Certificate[0] info:
- subject `CN=*.vege.net,OU=PositiveSSL Wildcard,OU=Domain Control
Validated', issuer `CN=COMODO RSA Domain Validation Secure Server
CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB', serial
0x78fb8293c18541999d1f59bd29cbdc77, RSA key 2048 bits, signed using
RSA-SHA256, activated `2016-08-23 00:00:00 UTC', expires `2017-08-23
23:59:59 UTC', key-ID
`sha256:cccb6fa81ffbf772891dfb67df006a3586a8744a759147cfc685a2815c5e56a3'
Public Key ID:
sha1:e281da69e9528b1abc0cf8ba611cf46cb44b82fb
sha256:cccb6fa81ffbf772891dfb67df006a3586a8744a759147cfc685a2815c5e56a3
Public key's random art:
+--[ RSA 2048]----+
| |
| |
| . . |
|o + .. |
|.o *. o S |
|+.=oo+ o |
|*+.+=.. |
|+=+o. |
|+*E.. |
+-----------------+
- Certificate[1] info:
- subject `CN=AddTrust External CA Root,OU=AddTrust External TTP
Network,O=AddTrust AB,C=SE', issuer `CN=AddTrust External CA
Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE', serial 0x01,
RSA key 2048 bits, signed using RSA-SHA1, activated `2000-05-30 10:48:38
UTC', expires `2020-05-30 10:48:38 UTC', key-ID
`sha256:942a6916a6e4ae527711c5450247a2a74fb8e156a8254ca66e739a11493bb445'
- Certificate[2] info:
- subject `CN=COMODO RSA Certification Authority,O=COMODO CA
Limited,L=Salford,ST=Greater Manchester,C=GB', issuer `CN=AddTrust
External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE',
serial 0x2766ee56eb49f38eabd770a2fc84de22, RSA key 4096 bits, signed
using RSA-SHA384, activated `2000-05-30 10:48:38 UTC', expires
`2020-05-30 10:48:38 UTC', key-ID
`sha256:82b5f84daf47a59c7ab521e4982aefa40a53406a3aec26039efa6b2e0e7244c1'
- Certificate[3] info:
- subject `CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO
CA Limited,L=Salford,ST=Greater Manchester,C=GB', issuer `CN=COMODO RSA
Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater
Manchester,C=GB', serial 0x2b2e6eead975366c148a6edba37c8c07, RSA key
2048 bits, signed using RSA-SHA384, activated `2014-02-12 00:00:00 UTC',
expires `2029-02-11 23:59:59 UTC', key-ID
`sha256:9253b6de74f67a11435c27f1dde1d30d1112333ddab23d66b8efb86887638ae6'
- Status: The certificate is trusted.
- Description: (TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-256-GCM)
- Session ID:
84:A1:BC:4A:23:C9:DE:1E:D9:9E:5E:02:6A:EE:59:6E:A0:68:29:B4:28:9E:D0:18:45:EF:54:E4:44:8C:EC:77
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP256R1
- Curve size: 256 bits
- Version: TLS1.2
- Key Exchange: ECDHE-RSA
- Server Signature: RSA-SHA256
- Cipher: AES-256-GCM
- MAC: AEAD
- Compression: NULL
- Options: safe renegotiation,
- Handshake was completed
- Simple Client Mode:
+OK POP3 ready
Schaut das besser aus?
--
Liebe Grüße
Sigi
Reply to: