Is there a reason the following openssl s_client command cannot successfully start a tls session?
772 views
Skip to first unread message
Joseph Shook
Jun 24, 2016, 11:10:58 AM6/24/16
to Edge Test Tool (ETT)
c:\OpenSSL-Win64\bin>openssl s_client -crlf -starttls smtp -connect edge.dnsops.gov:25
Loading 'screen' into random state - done
CONNECTED(0000013C)
didn't found starttls in server response, try anyway...
3268:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:.\ssl\s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 114 bytes and written 352 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
---
Andrew McCaffrey
Jun 24, 2016, 12:12:52 PM6/24/16
to Joseph Shook, Edge Test Tool (ETT)
Hi,
That port does not support TLS/STARTTLS for Direct communications.
If you are looking to test STARTTLS for Direct Edge communications you
can try testing against hit-testing2.nist.gov:25
Thanks,
-Andrew
> --
> You received this message because you are subscribed to the Google
> Groups "Edge Test Tool (ETT)" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to edge-test-too...@googlegroups.com
> <mailto:edge-test-too...@googlegroups.com>.
> To post to this group, send email to edge-te...@googlegroups.com
> <mailto:edge-te...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/edge-test-tool/3b30f3d6-ecf2-42de-a0fa-bc20485d0b48%40googlegroups.com
> <https://groups.google.com/d/msgid/edge-test-tool/3b30f3d6-ecf2-42de-a0fa-bc20485d0b48%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
That port does not support TLS/STARTTLS for Direct communications.
If you are looking to test STARTTLS for Direct Edge communications you
can try testing against hit-testing2.nist.gov:25
Thanks,
-Andrew
> You received this message because you are subscribed to the Google
> Groups "Edge Test Tool (ETT)" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to edge-test-too...@googlegroups.com
> <mailto:edge-test-too...@googlegroups.com>.
> To post to this group, send email to edge-te...@googlegroups.com
> <mailto:edge-te...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/edge-test-tool/3b30f3d6-ecf2-42de-a0fa-bc20485d0b48%40googlegroups.com
> <https://groups.google.com/d/msgid/edge-test-tool/3b30f3d6-ecf2-42de-a0fa-bc20485d0b48%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
Joseph Shook
Jun 30, 2016, 2:06:48 PM6/30/16
to Edge Test Tool (ETT), joes...@gmail.com
Joseph Shook
Jul 26, 2016, 8:22:50 PM7/26/16
to Edge Test Tool (ETT), joes...@gmail.com
So I am looking into this again and see now that the certificate returned from the hit-testing2.nist.gov:25 location is expired.
I am trying to experiment with these tests: SMTP Test 1-8, 14, 18 (Send)
But I cannot get any of my connections to ignore the expired certificate. Can we get this updated?
Thanks Andrew.
On Friday, June 24, 2016 at 9:12:52 AM UTC-7, andrew.mccaffrey wrote:
> <mailto:edge-test-tool+unsub...@googlegroups.com>.
Reply all
Reply to author
Forward
0 new messages