[emailrelay-help] emailrelay and TLS versions > ssl v3 ?
SMTP email proxy and relay server
Brought to you by:
graeme_walker
Menu
▾
▴
[emailrelay-help] emailrelay and TLS versions > ssl v3 ?
|
From: Buehrer, J. (C. Switzerland) <Joh...@co...> - 2014-01-27 16:43:06
|
Hi, I recently started a successful use of emailrelay 1.9, including OpenSSL version 1.0.1f. But one mail server connecting to emailrelay wants to use a higher version of SSL than supported. Is there a way to refer to higher version of the protocol than --tls-config=3 ? This is on a Solaris-10 x86 box, with GCC 3.4.6 compilation. Interestingly, this mail server accepts inbound ssl v3 from emailrelay, but won't negotiate downwards on outbound connections. The certificate chain is fully valid. Diagnostics: Process Emailrelay runs as an inbound listener on port 25012, forwarding mail to a local application on port 15012. The inbound connection should use SSL/TLS. $ uname -a SunOS hostx 5.10 Generic_150401-03 i86pc i386 i86pc $ pargs 9400 9400: /u/emailrelay/sbin/emailrelay --log --pid-file ... argv[0]: /u/emailrelay/sbin/emailrelay argv[1]: --log argv[2]: --pid-file argv[3]: /var/tmp/emailrelay/pid argv[4]: --remote-clients argv[5]: --spool-dir argv[6]: /var/tmp/emailrelay/spool/ argv[7]: --server-tls argv[8]: /u/ssl/mystore2.pem argv[9]: --forward-to argv[10]: localhost:15012 argv[11]: --poll argv[12]: 15 argv[13]: --port argv[14]: 25012 argv[15]: --anonymous argv[16]: --verbose argv[17]: --log argv[18]: --debug Syslog of the error, with SSL/TLS "SSL3_GET_RECORD:wrong version number" Jan 27 15:56:59 hostx syslog[9400]: [ID 702911 mail.info] emailrelay: info: GSmtp::ServerPeer: smtp connection from 10.112.108.12:12550 Jan 27 15:56:59 hostx syslog[9400]: [ID 702911 mail.info] emailrelay: info: GSmtp::ServerProtocol: tx>>: "220 ready" Jan 27 15:56:59 hostx syslog[9400]: [ID 702911 mail.info] emailrelay: info: GSmtp::ServerProtocol: rx<<: "EHLO mail12" Jan 27 15:56:59 hostx syslog[9400]: [ID 702911 mail.info] emailrelay: info: GSmtp::ServerProtocol: tx>>: "250-hello\r\n250-STARTTLS\r\n250 8BITMIME" Jan 27 15:56:59 hostx syslog[9400]: [ID 702911 mail.info] emailrelay: info: GSmtp::ServerProtocol: rx<<: "STARTTLS" Jan 27 15:56:59 hostx syslog[9400]: [ID 702911 mail.info] emailrelay: info: GSmtp::ServerProtocol: tx>>: "220 ready to start tls" Jan 27 15:56:59 hostx syslog[9400]: [ID 702911 mail.warning] emailrelay: warning: GNet::SocketProtocolImp::log: ssl error: SSL_accept: [error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number] Jan 27 15:56:59 hostx syslog[9400]: [ID 702911 mail.info] emailrelay: info: GSmtp::ServerPeer: smtp connection closed: read error: disconnected: ssl accept: 10.112.108.12:12550 stderr debug emailrelay: info: GSmtp::ServerProtocol: rx<<: "EHLO mail12" emailrelay: debug: GSmtp::ProtocolMessageStore::clear emailrelay: info: GSmtp::ServerProtocol: tx>>: "250-hello\r\n250-STARTTLS\r\n250 8BITMIME" emailrelay: debug: GNet::Select::runOnce: detected event(s) on 1 fd(s) emailrelay: debug: SocketProtocolImp::readEvent: state=0 emailrelay: info: GSmtp::ServerProtocol: rx<<: "STARTTLS" emailrelay: info: GSmtp::ServerProtocol: tx>>: "220 ready to start tls" emailrelay: debug: SocketProtocolImp::sslAccept emailrelay: debug: SocketProtocolImp::sslAcceptImp emailrelay: debug: SocketProtocolImp::log: ssl error: SSL_accept: rc=-1: error 2 => Result_read emailrelay: debug: SocketProtocolImp::sslAcceptImp: result=Result_read emailrelay: debug: GNet::Select::runOnce: detected event(s) on 1 fd(s) emailrelay: debug: SocketProtocolImp::readEvent: state=2 emailrelay: debug: SocketProtocolImp::sslAcceptImp emailrelay: debug: SocketProtocolImp::log: ssl error: SSL_accept: rc=-1: error 1 => Result_error emailrelay: warning: GNet::SocketProtocolImp::log: ssl error: SSL_accept: [error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number] emailrelay: debug: SocketProtocolImp::sslAcceptImp: result=Result_error emailrelay: debug: ServerPeer::onException: exception: read error: disconnected: ssl accept emailrelay: info: GSmtp::ServerPeer: smtp connection closed: read error: disconnected: ssl accept: 10.112.108.12:12550 emailrelay: debug: GNet::TimerList::update: 1390834627 -> 1390834619 emailrelay: debug: GNet::Select::runOnce: select() timeout emailrelay: debug: GNet::TimerList::doTimeouts emailrelay: debug: GNet::ServerPeer::dtor: [0x835c248]: fd 10.112.108.12:12550@6 emailrelay: debug: GNet::EventHandlerList::remove: read-list: removing 6 emailrelay: debug: GNet::EventHandlerList::remove: exception-list: removing 6 emailrelay: debug: GNet::TimerList::update: ? -> 1390834627 emailrelay: debug: GNet::Select::runOnce: detected event(s) on 1 fd(s) emailrelay: debug: GNet::Select::runOnce: select() timeout emailrelay: debug: GNet::TimerList::doTimeouts emailrelay: debug: Main::Run::onPollTimeout emailrelay: debug: GNet::TimerList::update: 0 -> 1390834642 emailrelay: debug: Main::Run::doForwarding: polling emailrelay: debug: GNet::TimerList::update: ? -> 1390834642 Thanks John Buehrer This message (including any attachments) is confidential, for the exclusive use of the intended recipient and may contain privileged information. If you are not the intended recipient, retention, dissemination, distribution, copying or otherwise making use of this message is strictly prohibited. Please be kind enough to notify the sender immediately by e-mail if you have received this message by mistake, and delete it from your system. Thank you. -- E-mails may be intercepted, altered or read by unauthorized persons. If you send us messages by e-mail, we take this as your authorization to correspond with you by e-mail. |
