On Thu, Aug 27, 2015 at 08:06:16PM +0300, Evgeniy Berdnikov wrote:
> On Thu, Aug 27, 2015 at 02:44:40PM +0000, Viktor Dukhovni wrote:
> > I just tried:
> >
> > $ posttls-finger ringways.co.uk
> > posttls-finger: Connected to mail.ringways.co.uk[88.211.105.31]:25
> ...
> > posttls-finger: < 220 TLS go ahead
> > posttls-finger: SSL_connect error to mail.ringways.co.uk[88.211.105.31]:25: Connection timed out
> >
> > Are you using /dev/random, rather than /dev/urandom for entropy?
>
> I tried "openssl s_client -connect mail.ringways.co.uk:25 -starttls smtp"
> with -tls1_1 and -tls1_2 options. The first option leads to very quick
> connect, tls handhaske and server prompt, the second leads to hangup
> after ClientHello.
Also checked with "gnutls-cli --starttls-proto=smtp -p 25 --insecure
--priority=[vary] mail.ringways.co.uk". With priority value "NORMAL"
and "PERFORMANCE" it hangs, with "SECURE128" and "SECURE256" works.
Anyone may dig futher, I stopped here.
> I don't know whether the difference between TLS protocol versions is
> related to usage of kernel random/urandom interfaces by crypto libs.
> --
--
Eugene Berdnikov