TLS handshake fails ("SSL_accept:error in error") for server->server connection (smtp submit dovecot->postfix) if /etc/pki/tls/openssl.cnf "Options=" includes 'ServerPreference' ?

PGNet Dev at
Fri Sep 25 04:26:26 UTC 2020

On 9/24/20 9:13 PM, Viktor Dukhovni wrote:
> On Thu, Sep 24, 2020 at 08:30:35PM -0700, PGNet Dev wrote:
> Is that really the session you intended to capture.

Interestingly phrased!

The intention was to capture the tcp data 'thru' the failed event.

That^^ is the data streamed to console, with that^^ tshark command, from right before the moment I exec the msmtp send, until it fails ... and sits there.

Whether that tshark cmd correctly captures that 'intention', well that's a different issue.

> It is surprising that the client sent "QUIT<CRLF>" only .14 seconds after SYN,
> since if it expected to do SMTP STARTLS, it would typically wait for the
> server greeting for more than a fraction of a second.

So, iiuc, that's a dovecot faux pas?

I certainly don't supsect that it's the result of anything that postfix signals in the transaction.

If it's 'from' dovecot, how would I ferret out whether it's dovecot code "innards", or something in the (mis)function of linked openssl libs?

More information about the openssl-users mailing list