[SOLVED] Re: Howto delete TLS out of Debian-sendmail?
Hi all,
the problem did not reside in my server, but in one particular remote
one (webmail.hansenet.de). A friend of our local LUG in Hamburg told me
this ...
dieter@rubin:~> openssl s_client -connect 213.191.73.2:25 -starttls smtp
CONNECTED(00000003)
depth=0 /O=webmail.hansenet.de/OU=Domain Validated/OU=Go to
https://www.thawte.com/repository/index.html/OU=Thawte SSL123
certificate/CN=webmail.hansenet.de
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /O=webmail.hansenet.de/OU=Domain Validated/OU=Go to
https://www.thawte.com/repository/index.html/OU=Thawte SSL123
certificate/CN=webmail.hansenet.de
verify error:num=27:certificate not trusted
verify return:1
depth=0 /O=webmail.hansenet.de/OU=Domain Validated/OU=Go to
https://www.thawte.com/repository/index.html/OU=Thawte SSL123
certificate/CN=webmail.hansenet.de
verify error:num=21:unable to verify the first certificate
verify return:1
quit
In contrary to
dieter@rubin:~> openssl s_client -connect mail.gmx.net:25 -starttls smtp
CONNECTED(00000003)
depth=0 /C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=mail.gmx.net
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=mail.gmx.net
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=mail.gmx.net
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=mail.gmx.net
i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Server
CA/emailAddress=server-certs@thawte.com
---
Server certificate
-----BEGIN CERTIFICATE-----
[ Code of the certificate ]
-----END CERTIFICATE-----
subject=/C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=mail.gmx.net
issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Server
CA/emailAddress=server-certs@thawte.com
---
No client certificate CA names sent
---
SSL handshake has read 1464 bytes and written 350 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID:
82761154B0B758F3E5566E961D6649CB815CE23C91317CE665A191863A6B7FF3
Session-ID-ctx:
Master-Key:
ED479576316591322B137C97CA64358A98F0B5C911C6D58916E4EA345E1E3A1DD352DFD53FC5DE6B965B3832E143FA37
Key-Arg : None
Start Time: 1111422749
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
220 {mp025} GMX Mailservices ESMTP
quit
221 2.0.0 {mp025} GMX Mailservices
read:errno=0
webmail.hansenet.de does not show the certificate, but only the header.
That's why a SSL-Session cannot be started.
bis dahin / kind regards
Martin Mewes
--
http://webmin.mamemu.de/
Reply to: