From: Martin Schmitt (Schmitt Systems) (masscsy.de)
Date: Mon Dec 03 2007 - 08:02:00 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Bill Cole schrieb:

>> I've been trying to enable Secure Channel TLS for a remote domain and am
>> at a point where my understanding of TLS and the ciphers seems to be too
>> meager to figure out what is going wrong.
>
> You probably do not need to understand ciphers deeply to understand most
> such problems. Understanding the basics of TLS helps, but that's not
> really hard and you seem to have the clues you need.

Thanks Bill for your comprehensive response.

As described by Victor, this appears to indeed be caused by a bug in MS
Exchange. I'll probably just keep exerting some pressure on the remote
admin for another day or two before I finally activate ciphers=medium. ;-)

> It is surprising that you cannot troubleshoot this with s_client and
> that does make it a tougher challenge. What's failing when you try?

First, the remote side is configured to not accept STARTTLS without EHLO
(which sounds reasonable), so it can't be tested with versions of
s_client from before 2007.

Second, with an up-to-date s_client, STARTTLS succeeds but I can't send
any commands, like, e.g. "MAIL FROM:<>", even when there's a cipher in
use that works with Postfix.

Thanks again,

-martin

--
Martin Schmitt - Schmitt Systemberatung - http://www.scsy.de
DE 35415 Pohlheim, Gießener Str. 18
DE 65307 Bad Schwalbach, Am Bräunchesberg 9
Linux/UNIX - Internet - E-Mail Infrastructure - Antispam/Antivirus
- "What goes up, must come down. Ask any system administrator." -

• application/pgp-signature attachment: OpenPGP digital signature

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]