-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
hello, stunnel 4.20 with OpenSSL 0.9.8d 28 Sep 2006 I wish have my MUA to send messages encrypted to a secure mail server. Stunnel is set up as a client with the following configuration:
client = yes
[smtps] accept = 127.0.0.1:465 connect = smtpauth.earthlink.net:25
I missed the part somewhere that tells Stunnel to issue a STARTTLS to the smtp server before attempting to negotiate a TLS connection. The "failed handshake" bit is because the server is rejecting the command because of NULLs in the text stream.
501 NULL characters are not allowed in SMTP commands.
Then there is the "wrong version" error. I suppose that is a side effect of the handshake failure?
Here is a typical connection log: 2007.05.19 12:52:42 LOG7[232:4239]: smtps accepted FD=12 from 127.0.0.1:52672 2007.05.19 12:52:42 LOG7[232:4239]: Creating a new thread 2007.05.19 12:52:42 LOG7[232:4239]: New thread created 2007.05.19 12:52:42 LOG7[264:4239]: smtps started 2007.05.19 12:52:42 LOG7[264:4239]: FD 12 in non-blocking mode 2007.05.19 12:52:42 LOG7[264:4239]: TCP_NODELAY option set on local socket 2007.05.19 12:52:42 LOG5[264:4239]: smtps accepted connection from 127.0.0.1:52672 2007.05.19 12:52:42 LOG7[264:4239]: FD 15 in non-blocking mode 2007.05.19 12:52:42 LOG7[264:4239]: smtps connecting 207.69.189.201:25 2007.05.19 12:52:42 LOG7[264:4239]: connect_wait: waiting 10 seconds 2007.05.19 12:52:42 LOG7[264:4239]: connect_wait: connected 2007.05.19 12:52:42 LOG5[264:4239]: smtps connected remote server from 192.168.69.14:52673 2007.05.19 12:52:42 LOG7[264:4239]: Remote FD=15 initialized 2007.05.19 12:52:42 LOG7[264:4239]: TCP_NODELAY option set on remote socket 2007.05.19 12:52:42 LOG7[264:4239]: SSL state (connect): before/connect initialization 2007.05.19 12:52:42 LOG7[264:4239]: SSL state (connect): SSLv3 write client hello A 2007.05.19 12:52:42 LOG7[264:4239]: SSL alert (write): fatal: handshake failure 2007.05.19 12:52:42 LOG3[264:4239]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number 2007.05.19 12:52:42 LOG5[264:4239]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2007.05.19 12:52:42 LOG7[264:4239]: smtps finished (0 left)
- -- jimoe (at) sohnen-moe (dot) com