From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.user/14230
Path: news.gmane.org!not-for-mail
From: Jarmo Hurri <jarmo.hurrigarbage@syk.fi>
Newsgroups: gmane.emacs.gnus.user
Subject: Re: SMTP over SSL
Date: Mon, 27 Sep 2010 08:41:13 +0300
Organization: NA
Message-ID: <m362xrg2va.fsf@syk.fi>
References: <m3wrqz2hgw.fsf@syk.fi> <87aanuq4xz.fsf@topper.koldfront.dk>
	<m3tyljf4an.fsf@syk.fi> <87vd5z2gd3.fsf@topper.koldfront.dk>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: dough.gmane.org 1291957129 13538 80.91.229.12 (10 Dec 2010 04:58:49 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Fri, 10 Dec 2010 04:58:49 +0000 (UTC)
To: info-gnus-english@gnu.org
Original-X-From: info-gnus-english-bounces+gegu-info-gnus-english=m.gmane.org@gnu.org Fri Dec 10 05:58:46 2010
Return-path: <info-gnus-english-bounces+gegu-info-gnus-english=m.gmane.org@gnu.org>
Envelope-to: gegu-info-gnus-english@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <info-gnus-english-bounces+gegu-info-gnus-english=m.gmane.org@gnu.org>)
	id 1PQv45-00078b-7v
	for gegu-info-gnus-english@m.gmane.org; Fri, 10 Dec 2010 05:58:41 +0100
Original-Received: from localhost ([127.0.0.1]:55397 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1PQuyK-0001Jq-Bd
	for gegu-info-gnus-english@m.gmane.org; Thu, 09 Dec 2010 23:52:44 -0500
Original-Path: usenet.stanford.edu!newsserver.news.garr.it!kanaga.switch.ch!switch.ch!newsfeed3.funet.fi!newsfeeds.funet.fi!feeder2.news.elisa.fi!feeder1.news.elisa.fi!uutiset.elisa.fi!7564ea0f!not-for-mail
Original-Newsgroups: gnu.emacs.gnus
User-Agent: Gnus/5.110011 (No Gnus v0.11) XEmacs/21.5-b29 (linux)
Cancel-Lock: sha1:c+tpYYEtS5v/+XAKkYi2sdRJFcg=
Original-Lines: 61
Original-NNTP-Posting-Host: 82.181.233.130
Original-X-Complaints-To: newsmaster@saunalahti.com
Original-X-Trace: uutiset.elisa.fi 1285566074 82.181.233.130 (Mon,
	27 Sep 2010 08:41:14 EEST)
Original-NNTP-Posting-Date: Mon, 27 Sep 2010 08:41:14 EEST
Original-Xref: usenet.stanford.edu gnu.emacs.gnus:84776
X-Mailman-Approved-At: Thu, 09 Dec 2010 20:27:59 -0500
X-BeenThere: info-gnus-english@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Announcements and discussions for GNUS,
	the GNU Emacs Usenet newsreader \(in English\)"
	<info-gnus-english.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/info-gnus-english>,
	<mailto:info-gnus-english-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/info-gnus-english>
List-Post: <mailto:info-gnus-english@gnu.org>
List-Help: <mailto:info-gnus-english-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/info-gnus-english>,
	<mailto:info-gnus-english-request@gnu.org?subject=subscribe>
Original-Sender: info-gnus-english-bounces+gegu-info-gnus-english=m.gmane.org@gnu.org
Errors-To: info-gnus-english-bounces+gegu-info-gnus-english=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.gnus.user:14230
Archived-At: <http://permalink.gmane.org/gmane.emacs.gnus.user/14230>


Adam> $ openssl s_client -starttls smtp -connect smtp.welho.com:465

>> CONNECTED(00000003)

>> Is this good or bad?

Adam> If it stops there, then it's bad.

Yep, it stops there. But this works:

--------------------------------------------------------------------------
[jarmo@localhost ~]$ gnutls-cli --port 465 smtp.welho.com

...

- Version: TLS1.0
- Key Exchange: DHE-RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed

- Simple Client Mode:

220 smtp6.welho.com ESMTP Postfix
--------------------------------------------------------------------------

Adam> Port 25 _with starttls_ is not insecure.

>> I know, but starttls does not work in port 25.

Adam> So "openssl s_client -starttls smtp -connect smtp.welho.com:25"
Adam> doesn't work?

Nope, as demonstrated by the following:

--------------------------------------------------------------------------
[jarmo@localhost ~]$ openssl s_client -starttls smtp -connect smtp.welho.com:25

...

---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 189 bytes and written 148 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
--------------------------------------------------------------------------

-- 
Jarmo Hurri

Remove all garbage from header email address when replying, or just
use firstname.lastname@syk.fi .