Hi Jochen,
Thanks for showing me how to test SSL. I installed openssl and ran the test. This is what I received back.
C:\Programs\OpenSSL-Win32\bin>openssl s_client -connect smtp.verizon.net:465 WARNING: can't open config file: /usr/local/ssl/openssl.cnf Loading 'screen' into random state - done CONNECTED(00000170) depth=3 C = US, O = GTE Corporation, OU = "GTE CyberTrust Solutions, Inc.", CN = GTE CyberTrust Global Root verify error:num=19:self signed certificate in certificate chain verify return:0 --- Certificate chain 0 s:/C=US/ST=Texas/L=Irving/O=Verizon Data Services LLC/OU=SLB Mail/CN=smtp.ver izon.net i:/O=Cybertrust Inc/CN=Cybertrust Public SureServer SV CA 1 s:/O=Cybertrust Inc/CN=Cybertrust Public SureServer SV CA i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root 2 s:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root i:/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root 3 s:/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root i:/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root --- Server certificate -----BEGIN CERTIFICATE----- MIIEITCCAwmgAwIBAgIOAgAAAAABOXpjCqK/DBMwDQYJKoZIhvcNAQEFBQAwRjE X MBUGA1UEChMOQ3liZXJ0cnVzdCBJbmMxKzApBgNVBAMTIkN5YmVydHJ1c3QgUHVi bGljIFN1cmVTZXJ2ZXIgU1YgQ0EwHhcNMTIwODMxMDIxOTA0WhcNMTMwODMxM DIx OTA0WjCBgDELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVRleGFzMQ8wDQYDVQQHE wZJ cnZpbmcxIjAgBgNVBAoTGVZlcml6b24gRGF0YSBTZXJ2aWNlcyBMTEMxETAPBgNV BAsTCFNMQiBNYWlsMRkwFwYDVQQDExBzbXRwLnZlcml6b24ubmV0MIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6VDU0XM5Cm4f7sOLhvFbBR54rRXteNVl E9DCkyxmytbmqIpdDFq1CSD49odgI4ZlHlPGBDVm4Pt4JxLDcG6RjT1lwW4q2yNg 42KoVDCjuc0eRJnB3oMOE1m5/N+f3oLw0qvDAmKcxVapStGguBu+00AyBE6KXG8v 1m1y4CnvQEeQXDG5lfUJpuNOdNbceu+hkPhOYVojJj70oeY/iFhoEfahLZN9nETu v8YUHIWGJmhYhoeb7EwQQD+W6LLvK6LkKO3qN971z5E1yZCRRVZsZHfA8C7anM81 JnZjSwFT+GDuIV8SRxzdIOVO60HZas4t7YUQkB88hlHgeTX83P4n8QIDAQABo4HR MIHOMB8GA1UdIwQYMBaAFASYYN+AG5ZJXWVWLaUsCSQK7Ny5MD8GA1UdHwQ4 MDYw NKAyoDCGLmh0dHA6Ly9jcmwub21uaXJvb3QuY29tL1B1YmxpY1N1cmVTZXJ2ZXJT Vi5jcmwwHQYDVR0OBBYEFB2x6XvzIPb+eOSdOqNvhaYxhwz5MAkGA1UdEwQCMAAw DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD AjAR BglghkgBhvhCAQEEBAMCBsAwDQYJKoZIhvcNAQEFBQADggEBAF9FBEfQdOEhiZil UZALpa3JB6+xNVfHZCK7IRdeflSWmKZcg4CQu8wkqJ5nnYylgCcRtYktVFDvW085 ebs09BI5FOYS6Cuomt7RIgSTzKcpbtG8s5nlandW5WZYeC4ueCmcgoRc1Gev17Tf OxV7aCXa6sYC3dlJbM24rNUzfrRH5F3wlCTkZyOgl/WrfCg6/Dm6yOK8ie2FoEaK FAudFoyjerWgOB5rfzQFyKb9nQ7z0PSFUoCLBAuEu407clXid3MCA333nXT5H3Qx uOUZLP/elKOBtAXusPj8sqXOPtuLyNtmKYobxfVlzjux9necoAXSIkuruzZnFpXe GzFcOWM= -----END CERTIFICATE----- subject=/C=US/ST=Texas/L=Irving/O=Verizon Data Services LLC/OU=SLB Mail/CN=smtp. verizon.net issuer=/O=Cybertrust Inc/CN=Cybertrust Public SureServer SV CA --- No client certificate CA names sent --- SSL handshake has read 4523 bytes and written 535 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.1 Cipher : DHE-RSA-AES256-SHA Session-ID: D47F44EFE5AB2DD76917430CEC041A14362B65EF2F010F432477BB13FBE41CD6
Session-ID-ctx: Master-Key: 842CC8800336B248C125371F7B62ECBAC124DE4308021EB02D1C196925842F15 0F7137F8463D92F15120B03294A6F150 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1371058849 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- 220 vms173025pub.verizon.net -- Server ESMTP (Sun Java(tm) System Messaging Serv er 7u2-7.02 32bit (built Apr 16 2009)) 421 4.4.2 Timeout while waiting for command. closed
It sounds like something is wrong on this end. Any ideas?
Thanks,
Gary
On 12 Jun 2013 at 9:04, Jochen (Jochen Bern Jochen.Bern@LINworks.de) commented about Re: [stunnel-users] Getting Stunnel working with :
On 12.06.2013 05:12, Gary Kuznitz wrote:
[Verizon-smtp] client = yes accept = 11015
^##^^
connect = smtp.verizon.net:465 delay = yes
[...]
--- Tue, 11 Jun 2013 16:38:55 --- Connect to 'localhost' port 10115, timeout 60.
^##^^
16:38:56.897 15: Peer connect failure (the host has refused the connection).
"openssl s_client -connect smtp.verizon.net:465" happily gives me an ESMTP server hello, so I doubt there's much of a problem hiding in the actual SSL ...
Regards, J. Bern -- *NEU* - NEC IT-Infrastruktur-Produkte im http://www.linworks-shop.de/: Server--Storage--Virtualisierung--Management SW--Passion for Performance Jochen Bern, Systemingenieur --- LINworks GmbH http://www.LINworks.de/ Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27 Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202 Unternehmenssitz Weiterstadt, Geschäftsführer Metin Dogan, Oliver Michel