[openssl-users] Unable to STARTTLS behind a specific network

Hoggins! fuckspam at wheres5.com
Thu Dec 22 10:30:12 UTC 2016

Hello there,

First post here, I would like to know how it's possible to debug a
certain problem I have.
Behind a specific network, I'm unable to bootstrap a STARTTLS session on
an SMTP server. Usually, it works flawlessly.

So my request for help is not to try to change anything to the
configuration (I'm not in charge of this network) but to confirm that
there is a "problem" in between on that network that prevents the
transaction from being conducted.

So what I do is :

    $ openssl s_client -starttls smtp -crlf -connect newdude.radiom.fr:5000

No problem, I can communicate with the SMTP server after the STARTTLS

But behind that specific network, if I run the same command, all I get is :

    no peer certificate available
    No client certificate CA names sent
    SSL handshake has read 351 bytes and written 147 bytes
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE

When I compare two tcpdumps, I can clearly see that a lot of data is
missing, the transaction is not complete.

Before being paranoid, I simply suspect a MTU problem, but I'm not sure
how this would only apply to SSL transactions.

Should I provide tcpdumps or anything else ?

Thank you !


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20161222/f048cfe0/attachment.sig>

More information about the openssl-users mailing list