Re: [stunnel-users] EXTERNAL: How to setup stunnel für SMTP over STARTTL S (and not pure SSL)?
On 10/16/2013 05:07 PM, Ben Stover wrote:
Sorry, I went to the webpage with the link you mentioned. There I searched for STARTTLS but NO (!) occurence was found.
This is because STARTTLS is not a separate protocol, but rather an option (usually an extension) of various protocols that can negotiate SSL/TLS encryption. http://en.wikipedia.org/wiki/STARTTLS
Mike
On 16.10.2013 17:45, Michal Trojnara wrote:
On 10/16/2013 05:07 PM, Ben Stover wrote:
Sorry, I went to the webpage with the link you mentioned. There I searched for STARTTLS but NO (!) occurence was found.
This is because STARTTLS is not a separate protocol, but rather an option (usually an extension) of various protocols that can negotiate SSL/TLS encryption.
After reading this and the archived listmail, I'm under the impression that you're confirming my gut reaction of "stunnel doesn't do that, and won't anytime soon". :-}
In that case: The standard tool to provide STARTTLS functionality for manual testing is to use OpenSSL's s_client command. It would need to be started anew for every connection, though, and you might need to change the actual client's behavior (in particular, s_client needs to do the HELO/EHLO for you, and any line starting with an *uppercase* 'R' or 'Q' will make s_client do something undesirable instead of the intended effect).
It *might* be easier to install a second(?), natively STARTTLS-capable MTA on your client machine, point it to the real server as its relay, making it listen on a nonstandard port, and have your not-STARTTLS-capable client talk to *that* instead. Will introduce all sorts of locally generated headers into the e-mails, though.
Kind regards, J. Bern
-
Jochen Bern -
Michal Trojnara