SSL_accept error from 213-225-38-118.nat.highway.a1.net[213.225.38.118]: -1 - Nachtrag

Walter H. Walter.H at mathemainzel.info
Mo Okt 25 14:37:10 CEST 2021 

irgendwie ein Widerspruch

wenn ich des bei mir im eingebe,
kommt das (nur der interessante Teil)

No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 5509 bytes and written 420 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported      <---  bei Dir war das 'IS NOT'
Compression: NONE
Expansion: NONE
SSL-Session:
     Protocol  : TLSv1.2
     Cipher    : ECDHE-RSA-AES256-GCM-SHA384

beim Submission Port 587 kommt des gleiche wie beim Standardport 25

On 25.10.2021 11:13, Andreas Wass - Glas Gasperlmair wrote:
>
> Am 25.10.2021 um 10:09 schrieb Walter H.:
>> kannst Dir das Zwischenzertifikat, welches Du mitschickst, mal ansehen?
> openssl s_client -starttls smtp -connect mail1.glasgasperlmair.at:25
>
> Bringt folgende Ausgabe:
>
> CONNECTED(00000003)
> depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
> verify return:1
> depth=1 C = US, O = Let's Encrypt, CN = R3
> verify return:1
> depth=0 CN = mail1.glasgasperlmair.at
> verify return:1
> ---
> Certificate chain
>  0 s:CN = mail1.glasgasperlmair.at
>    i:C = US, O = Let's Encrypt, CN = R3
>  1 s:C = US, O = Let's Encrypt, CN = R3
>    i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
>  2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
>    i:O = Digital Signature Trust Co., CN = DST Root CA X3
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> ..................................... (hab ich rausgeschnitten, damit 
> Nachricht nicht so lang ist)
> -----END CERTIFICATE-----
> subject=CN = mail1.glasgasperlmair.at
>
> issuer=C = US, O = Let's Encrypt, CN = R3
>
> ---
> No client certificate CA names sent
> Requested Signature Algorithms: 
> ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:ECDSA+SHA1:RSA+SHA224:RSA+SHA1
> Shared Requested Signature Algorithms: 
> ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
> Peer signing digest: SHA256
> Peer signature type: RSA-PSS
> Server Temp Key: ECDH, P-256, 256 bits
> ---
> SSL handshake has read 5593 bytes and written 808 bytes
> Verification: OK
> ---
> New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
> Server public key is 4096 bit
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> Early data was not sent
> Verify return code: 0 (ok)
> ---
> 250 CHUNKING
> ---
> Post-Handshake New Session Ticket arrived:
> SSL-Session:
>     Protocol  : TLSv1.3
>     Cipher    : TLS_AES_256_GCM_SHA384
>     Session-ID: 
> ACEDFFDE7C8E9CE76B54BF923D425B14650C5CA534FB20962DAF2BECB6F5FA3F
>     Session-ID-ctx:
>     Resumption PSK: 
> 64DDB3FA7E7CA53B1B9AC72F6F977843385E291FA6C3692CD9045212F99AE91BFA52A759665BDAF97536A993D6CF8C93
>     PSK identity: None
>     PSK identity hint: None
>     SRP username: None
>     TLS session ticket lifetime hint: 7200 (seconds)
>     TLS session ticket:
>     0000 - e5 98 43 58 1a d4 17 9a-f6 61 a8 4b 0d b8 4f bb 
> ..CX.....a.K..O.
>     0010 - 8c a6 00 2e 96 e0 94 ad-a2 b8 20 e1 95 ba 31 2e .......... 
> ...1.
>     0020 - 74 fc 8c c4 1b b4 8d 8f-46 fb 64 53 fd ad 6e b0 
> t.......F.dS..n.
>     0030 - 4f 8c 99 31 cd 9f 35 87-ea 51 3f af 99 35 55 f6 
> O..1..5..Q?..5U.
>     0040 - bc 31 bd 3a c0 56 40 6c-3e 25 cb 51 cf e3 8e ea 
> .1.:.V at l>%.Q....
>     0050 - f6 04 b0 42 e9 b2 12 e8-1e 23 1c 33 73 82 06 7d 
> ...B.....#.3s..}
>     0060 - 96 8a 0e 7b 70 69 75 31-4b 20 16 60 66 45 38 67 ...{piu1K 
> .`fE8g
>     0070 - a3 79 64 0d 5f 62 0d 9d-81 bf 0c 88 9d f5 c4 1d 
> .yd._b..........
>     0080 - 96 66 35 d9 28 e9 cd b7-5f 00 1f d4 12 5b de f9 
> .f5.(..._....[..
>     0090 - 61 1f 46 31 e4 d3 dd e4-1e 16 25 7a 03 cd af 85 
> a.F1......%z....
>     00a0 - 20 4e af ee 4d 92 40 0a-10 aa 5b 8b df d8 4c 49 
> N..M. at ...[...LI
>     00b0 - 13 e3 c4 88 6b e4 af 1e-eb d9 4c 69 b3 78 88 be 
> ....k.....Li.x..
>     00c0 - 51 74 b6 43 aa 3a e1 1b-89 a6 f8 09 65 16 33 0b 
> Qt.C.:......e.3.
>
>     Start Time: 1635152892
>     Timeout   : 7200 (sec)
>     Verify return code: 0 (ok)
>     Extended master secret: no
>     Max Early Data: 0
> ---
> read R BLOCK
>>
>> On 25.10.2021 09:10, Andreas Wass - Glas Gasperlmair wrote:
>>> Oct 25 08:59:14 mail postfix/submission/smtpd[33873]: warning: TLS 
>>> library problem: error:14094416:SSL routines:ssl3_read_bytes:sslv3 
>>> alert certificate unknown:../ssl/record/rec_layer_s3.c:1543:SSL 
>>> alert number 46: 
>>
>>
>


-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : smime.p7s
Dateityp    : application/pkcs7-signature
Dateigröße  : 3550 bytes
Beschreibung: S/MIME Cryptographic Signature
URL         : <https://de.postfix.org/pipermail/postfix-users/attachments/20211025/3698bf95/attachment.bin>

Mehr Informationen über die Mailingliste postfix-users