[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssl handshake problem with bugs.debian.org?

Harald Dunkel <harald.dunkel@aixigo.com> wrote:
> [-- text/plain, encoding 7bit, charset: utf-8, 60 lines --]

> On 2020-07-27 13:49, Sven Hartge wrote:
>> 
>> Does your MTA present a client certificate? Maybe buxtehude does not
>> like that?
>> 

> Yes, it has a certificate. Whether buxtehude likes it I cannot say,
> but it looks OK to me. Its a wildcard certificate, though:

> Certificate:
>         Subject: C=DE, ST=Nordrhein-Westfalen, L=Aachen, O=aixigo AG, OU=Internet, CN=*.aixigo.de

Wildcard or not shouldn't matter. What matters if the Server uses that
certificate as a client certificate.

> BTW, the problem showed up first on June 17th.

>> When diagnosing SSL errors I also find it helpful to wireshark the
>> connection to see which side exactly triggers the SSL Alert. That may
>> help highlight the culprit here.
>> 

> See attachment. AFAICT this is all encrypted.

Yes, but with TLS1.0 to TLS1.2 you could see the Alert and the rejection
of the connection unencrypted.

But your server and buxtehude switch to TLS1.3 and that prevents that
kind of information from showing, IIRC, including the handshake with the
certificate exchange.

So, unfortunately this seems to be a dead end.

S°

-- 
Sigmentation fault. Core dumped.
Reply to: