openssl failed to connect to MS Exchange Server (Office365) on RHEL 7.x

Chandu Gangireddy cgcyient at gmail.com
Sat May 11 19:09:31 UTC 2019


Thank you so much for the response Jakob.

Yes I agree with you about the connection succeeded and later rejected on
credentials part. The same worked from all the RHEL Version below 7 so I
was thinking it might be a issue at OS level.

Based on your suggestion, I feel that the issue is with the Exchange
Server. Please double confirm.

Thanks and Regards
Chandu

On Sat, May 11, 2019, 3:02 PM Jakob Bohm via openssl-users <
openssl-users at openssl.org> wrote:

> Your transcript below seems to show a successful connection to Microsoft's
> cloud mail, then Microsoft rejecting the password and closing the
> connection.
>
> You are not connecting to your own Exchange server, but to a central
> Microsoft
> service that also handles their consumer mail accounts (hotmail.com,
> live.com,
> outlook.com etc.).  This service load balances connections between many
> servers
> which cab give different results for each try.
>
> On 10/05/2019 17:01, Chandu Gangireddy wrote:
> > Dear OpenSSL Users,
> >
> > At my corporate environment, I'm experience a challenge to use openssl
> > s_client utility. I really appreciate if someone can help me narrow
> > down the issue.
> >
> > Here the details -
> >
> > Platform: RHEL 7.x
> > *Openssl version:*
> > OpenSSL 1.0.2k-fips  26 Jan 2017
> > built on: reproducible build, date unspecified
> > platform: linux-x86_64
> > options:  bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int)
> > idea(int) blowfish(idx)
> > compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB
> > -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT
> > -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
> > -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4
> > -grecord-gcc-switches   -m64 -mtune=generic -Wa,--noexecstack -DPURIFY
> > -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
> > -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
> > -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM
> > -DGHASH_ASM -DECP_NISTZ256_ASM
> > OPENSSLDIR: "/etc/pki/tls"
> > engines:  rdrand dynamic
> >
> > Command tried to tes the connectivity between my Linux client server
> > to remote office 365 exchange server using POP3 port -
> >
> > $ openssl s_client -crlf -connect outlook.office365.com:995
> > <http://outlook.office365.com:995>
> > ...
> > ...
> > subject=/C=US/ST=Washington/L=Redmond/O=Microsoft
> > Corporation/CN=outlook.com <http://outlook.com>
> > issuer=/C=US/O=DigiCert Inc/CN=DigiCert Cloud Services CA-1
> > ---
> > No client certificate CA names sent
> > Peer signing digest: SHA256
> > Server Temp Key: ECDH, P-256, 256 bits
> > ---
> > SSL handshake has read 3952 bytes and written 415 bytes
> > ---
> > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
> > Server public key is 2048 bit
> > Secure Renegotiation IS supported
> > Compression: NONE
> > Expansion: NONE
> > No ALPN negotiated
> > SSL-Session:
> >     Protocol  : TLSv1.2
> >     Cipher    : ECDHE-RSA-AES256-GCM-SHA384
> >     Session-ID:
> > 072F0000FFDC6177DE9CAB2B59EA06E486A25AD8A2882A9B82F16678BAD74E79
> >     Session-ID-ctx:
> >     Master-Key:
> >
> DD7B59F38867FEAB9656B519FBCD743158E528C63FF9A96CE758120424159F26967F9F6FE57A9B5E7CAD806798322278
> >     Key-Arg   : None
> >     Krb5 Principal: None
> >     PSK identity: None
> >     PSK identity hint: None
> >     Start Time: 1557500061
> >     Timeout   : 300 (sec)
> >     Verify return code: 0 (ok)
> > ---
> > +OK The Microsoft Exchange POP3 service is ready.
> >
> [QgBOADYAUABSADEANABDAEEAMAAwADQAMgAuAG4AYQBtAHAAcgBkADEANAAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A]
> > *USER netcool2 at cox.com <mailto:netcool2 at cox.com>*
> > *+OK*
> > *PASS XXXXXXXX*
> > *-ERR Logon failure: unknown user name or bad password.*
> > *quit*
> > *+OK Microsoft Exchange Server POP3 server signing off.*
> > *read:errno=0*
> >
> > Operating System:
> > Red Hat Enterprise Linux Server release 7.2 (Maipo)
> >
> > When I did the same from a different server, it worked as expected.
> > Following are the two difference which I noticed between a working
> > server and non-working server.
> > *
> > *
> > *Working server details:*
> > 1. Red Hat Enterprise Linux Server release 6.9 (Santiago)
> > 2. openssl version
> > OpenSSL 1.0.1e-fips 11 Feb 2013
> > built on: Mon Jan 30 07:47:24 EST 2017
> > platform: linux-x86_64
> > options:  bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int)
> > idea(int) blowfish(idx)
> > compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS
> > -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN
> > -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
> > -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic
> > -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
> > -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM
> > -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM
> > -DWHIRLPOOL_ASM -DGHASH_ASM
> > OPENSSLDIR: "/etc/pki/tls"
> > engines:  dynamic
> >
> > Please let me know if you need any further details from my end.
> >
> > Thanks, in advance.
> > Chandu
>
>
> --
> Jakob Bohm, CIO, partner, WiseMo A/S. https://www.wisemo.com
> Transformervej 29, 2860 Soborg, Denmark. direct: +45 31 13 16 10
> <call:+4531131610>
> This message is only for its intended recipient, delete if misaddressed.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190511/76bba24b/attachment.html>


More information about the openssl-users mailing list