Hi Kurt, Kurt Roeckx schrieb: > On Mon, Jul 31, 2006 at 11:57:09PM +0100, James Westby wrote: >> On (01/08/06 00:06), Artur R. Czechowski wrote: >>> You can check the existence of the bug using any exim4 server. Currently >>> master.debian.org suits well: >>> >>> [EMAIL PROTECTED]:~$ openssl s_client -starttls smtp -ssl2 -connect >>> master.debian.org:25 -debug >>> CONNECTED(00000003) >>> read from 0x80cf1f8 [0x80b9d78] (8192 bytes => 71 (0x47)) >>> 0000 - 32 32 30 20 6d 61 73 74-65 72 2e 64 65 62 69 61 220 master.debia >>> 0010 - 6e 2e 6f 72 67 20 45 53-4d 54 50 20 45 78 69 6d n.org ESMTP Exim >>> 0020 - 20 34 2e 35 30 20 4d 6f-6e 2c 20 33 31 20 4a 75 4.50 Mon, 31 Ju >>> 0030 - 6c 20 32 30 30 36 20 31-37 3a 30 33 3a 35 37 20 l 2006 17:03:57 >>> 0040 - 2d 30 35 30 30 0d 0a -0500.. >>> write to 0x80cf1f8 [-0x40611278] (10 bytes => 10 (0xA)) >>> 0000 - 53 54 41 52 54 54 4c 53-0d 0a STARTTLS.. >>> read from 0x80cf1f8 [0x80b7d70] (8192 bytes => 47 (0x2F)) >>> 0000 - 35 30 33 20 53 54 41 52-54 54 4c 53 20 63 6f 6d 503 STARTTLS com >>> 0010 - 6d 61 6e 64 20 75 73 65-64 20 77 68 65 6e 20 6e mand used when n >>> 0020 - 6f 74 20 61 64 76 65 72-74 69 73 65 64 0d 0a ot advertised.. >>> write to 0x80cf1f8 [0x80c5e91] (48 bytes => 48 (0x30)) >>> 0000 - 80 2e 01 00 02 00 15 00-00 00 10 07 00 c0 03 00 ................ >>> 0010 - 80 01 00 80 08 00 80 06-00 40 04 00 80 02 00 80 [EMAIL PROTECTED] >>> 0020 - 39 e3 e3 94 2c 71 3e 8d-75 10 32 16 df e0 69 4e 9...,q>.u.2...iN >>> >> It is marked as wishlist as this is by design really. >> >> openssl cannot know how to speak every protocol, and know when to send >> STARTTLS for each, so it just does it at the start. > > But it does support 2 protocols, smtp and pop3. It just doesn't > support them very well. I'm not not familiar with the smtp > protocol enough to know what you can send STARTTLS. exim4 above > claims it wasn't advertised. So I wonder when it gets > advertised, and wether it supports it or not.
The smtp/starttls protocol works like this: After connection is up the
client first has to send the ehlo command. The response of the server is
a line were it advertises all its capabilities possibly including
starttls. If the client gets this response, it can use starttls.
Christoph
--
============================================================================
Christoph Martin, EDV der Verwaltung, Uni-Mainz, Germany
Internet-Mail: [EMAIL PROTECTED]
Telefon: +49-6131-3926337
Fax: +49-6131-3922856
signature.asc
Description: OpenPGP digital signature
