TLS handshake fails ("SSL_accept:error in error") for server->server connection (smtp submit dovecot->postfix) if /etc/pki/tls/openssl.cnf "Options=" includes 'ServerPreference' ?
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Sep 25 04:13:13 UTC 2020
On Thu, Sep 24, 2020 at 08:30:35PM -0700, PGNet Dev wrote:
> for this instance with
>
> dovecot --version
> 2.3.10.1 (a3d0e1171)
> postconf mail_version
> mail_version = 3.5.7
> openssl version
> OpenSSL 1.1.1g FIPS 21 Apr 2020
>
> dovecot submission port == 60465
> postfix submission port == 465
>
Well, the connection to port 60465 begins with a client TLS HELLO, and
then a successful TLS 1.3 handshake takes place.
For the connection to 465, the client connects, and just sends
"QUIT<CRLF>", which isn't exactly a TLS HELLO. Is that really the
session you intended to capture. It is not surprising that the server
is "unimpressed" with the client's TLS protocol version. It is
surprising that the client sent "QUIT<CRLF>" only .14 seconds after SYN,
since if it expected to do SMTP STARTLS, it would typically wait for the
server greeting for more than a fraction of a second.
--
Viktor.
More information about the openssl-users
mailing list