Re: [exim] SSL_renegotiate:wrong ssl version

Góra strony
Delete this message
Reply to this message
Autor: Viktor Dukhovni
Data:  
Dla: exim-users
Temat: Re: [exim] SSL_renegotiate:wrong ssl version
On Sat, Sep 10, 2022 at 01:59:50PM +0200, Cyborg via Exim-users wrote:

> 250 HELP
> HELO smtp.example.com
> 250 smtp.target.de Hello smtp.example.com [83.246.32.110]
> MAIL FROM:<test@???>
> 250 OK
> RCPT TO:<recipientname>
> RENEGOTIATING
> 140149325708800:error:1420410A:SSL routines:SSL_renegotiate:wrong ssl
> version:ssl/ssl_lib.c:2143:


Your mistake is to expect a default invocation of s_client(1) to provide
a "transparent" channel. This is not the case, instead s_client(1)
interprets certain input lines specially (from 1.1.1 manpage):

    CONNECTED COMMANDS
       If a connection is established with an SSL server then any data
       received from the server is displayed and any key presses will be sent                                                              to the server. If end of file is reached then the connection will be
       closed down. When used interactively (which means neither -quiet nor
       -ign_eof have been given), then certain commands are also recognized                                                                which perform special operations. These commands are a letter which
       must appear at the start of a line. They are listed below.                                                                   


       Q   End the current SSL connection and exit.


       R   Renegotiate the SSL session (TLSv1.2 and below only).


       B   Send a heartbeat message to the server (DTLS only)


       k   Send a key update message to the server (TLSv1.3 only)


       K   Send a key update message to the server and request one back
           (TLSv1.3 only)


speaking of "case", one simple way to work around these is to issue all
SMTP commands in lower case.

    rcpt to:<mailbox>
    ...
    quit


rather than:

    RCPT TO:<mailbox>
    ...
    QUIT


Or use the "ign_eof" and/or the "-quiet" option.

-- 
    Viktor.