Re: [exim] Can't do TLS between two exim 4.80

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Cyborg
Datum:  
To: exim-users
Betreff: Re: [exim] Can't do TLS between two exim 4.80
Am 09.11.2013 14:04, schrieb Andreas Metzler:
> openssl s_client -starttls smtp -crlf -connect smtp.merlins.org:587


It's not working for you, but for me it is.

Hope that helps:

# openssl s_client -starttls smtp -crlf -connect smtp.merlins.org:587
CONNECTED(00000004)
depth=0 C = US, ST = California, L = Silicon Valley, O = Linux Geeks 
Incorporated, OU = merlins.org, CN = Marc MERLIN, emailAddress = 
marc_cert@???
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = California, L = Silicon Valley, O = Linux Geeks 
Incorporated, OU = merlins.org, CN = Marc MERLIN, emailAddress = 
marc_cert@???
verify return:1
---
Certificate chain
  0 s:/C=US/ST=California/L=Silicon Valley/O=Linux Geeks 
Incorporated/OU=merlins.org/CN=Marc 
MERLIN/emailAddress=marc_cert@???
    i:/C=US/ST=California/L=Silicon Valley/O=Linux Geeks 
Incorporated/OU=merlins.org/CN=Marc 
MERLIN/emailAddress=marc_cert@???
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID6zCCA1SgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBsDELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExFzAVBgNVBAcTDlNpbGljb24gVmFsbGV5MSEw
HwYDVQQKExhMaW51eCBHZWVrcyBJbmNvcnBvcmF0ZWQxFDASBgNVBAsTC21lcmxp
bnMub3JnMRQwEgYDVQQDEwtNYXJjIE1FUkxJTjEkMCIGCSqGSIb3DQEJARYVbWFy
Y19jZXJ0QG1lcmxpbnMub3JnMB4XDTAyMDgxODIyMzYxMFoXDTMwMDEwMzIyMzYx
MFowgbAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQH
Ew5TaWxpY29uIFZhbGxleTEhMB8GA1UEChMYTGludXggR2Vla3MgSW5jb3Jwb3Jh
dGVkMRQwEgYDVQQLEwttZXJsaW5zLm9yZzEUMBIGA1UEAxMLTWFyYyBNRVJMSU4x
JDAiBgkqhkiG9w0BCQEWFW1hcmNfY2VydEBtZXJsaW5zLm9yZzCBnzANBgkqhkiG
9w0BAQEFAAOBjQAwgYkCgYEAy90Re3gyol7wkw+ix/BNEeVUmtBaVHdU/m7CjPbG
0vpcSsIUrCcorMH65cyITbugHD/7LpLnH/svH5xzsu4QHra7JWVIZ3NwAcCDqyud
0Tt8/p00s2C/ZOe2WQ7UUamG4MJGP9t0DfVz2hP7eB4Yx1q7G0qof2L+s8+lP3lf
+TcCAwEAAaOCAREwggENMB0GA1UdDgQWBBR81aeHns9INDeUObbn83VJyyOrIzCB
3QYDVR0jBIHVMIHSgBR81aeHns9INDeUObbn83VJyyOrI6GBtqSBszCBsDELMAkG
A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFzAVBgNVBAcTDlNpbGljb24g
VmFsbGV5MSEwHwYDVQQKExhMaW51eCBHZWVrcyBJbmNvcnBvcmF0ZWQxFDASBgNV
BAsTC21lcmxpbnMub3JnMRQwEgYDVQQDEwtNYXJjIE1FUkxJTjEkMCIGCSqGSIb3
DQEJARYVbWFyY19jZXJ0QG1lcmxpbnMub3JnggEAMAwGA1UdEwQFMAMBAf8wDQYJ
KoZIhvcNAQEEBQADgYEALpbhn+1WFh8PLkAW7HaeYZ8+TUO5T/Y7J9SnOPMhAf+U
ub75oalLfkZe1hYPqFccrt3wCHDv3VJXD6A4vFpUmpTOYl5BfVesyfK+jCYvgX+W
JfBd+KygF4GHuxQHp52bJZ5gvsYnHM0ikys/icAKBs8eoexjN1aLo5s2yBt7qn8=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Silicon Valley/O=Linux Geeks 
Incorporated/OU=merlins.org/CN=Marc 
MERLIN/emailAddress=marc_cert@???
issuer=/C=US/ST=California/L=Silicon Valley/O=Linux Geeks 
Incorporated/OU=merlins.org/CN=Marc 
MERLIN/emailAddress=marc_cert@???
---
No client certificate CA names sent
---
SSL handshake has read 2371 bytes and written 474 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is *1024* *bit*
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
     Protocol  : TLSv1
     Cipher    : DHE-RSA-AES256-SHA
     Session-ID: 
CF8269B4D9802D38F1A2A5F573963643344EC99E848D8164165680BDEDBB7478
     Session-ID-ctx:
     Master-Key: 
F3292940361294B4D76D014729C39E18FA90CE14E66F1FE690B0571A195F3A1E4170C0A8C4753BD29C0183BE353A15EE
     Key-Arg   : None
     Krb5 Principal: None
     PSK identity: None
     PSK identity hint: None
     Start Time: 1384012882
     Timeout   : 300 (sec)
     Verify return code: 18 (*self signed certificate*)
---
250 HELP
QUIT