On a current snapshot from Mar 2nd with the latest ssl patch and the openssl test behaving the same on 5.6 Stable with the latest ssl patch, I have an issue that I haven't been able to get to the bottom of.
I was going to post this to the opensmtp list as I have had an email stuck in my queue for days but a test with openssl gets stuck too and using checktls.com shows DHE-RSA-AES256-SHA successfully being used all be it with a hostname CN mismatch. /usr/bin/openssl s_client -connect mx5.demon.co.uk:25 -starttls smtp -CAfile /etc/ssl/cert.pem Just says CONNECTED(00000003) with no further output (atleast for minutes). swaks seems to get stuck at the same point as opensmtpd logs show (ready to start tls). OpenSMTPD then times out and seems to get in a loop between the MX. I'm not sure why it doesn't deliver to mx6.demon.co.uk without STARTTLS which it doesn't seem to offer after failing with mx5.demon.co.uk which does offer STARTTLS. I guess a backup without STARTTLS suggests they may have had issues before or are being prudent and expect any failures to fallback to sending in plain on mx6. I can send the smtpd log with trace mta enabled if it is of any use. I expect not though. I have successfully sent a mail to mx5 in plain text using telnet. I'd have to unblock port 25 for my clients on my firewall or setup a machine/connection to test from a newer or older libressl version so any tests on older or the latest current would be interesting and save me the trouble. I can always have the stuck mail sent by gmail and hope no others timeout which I shall probably have to do now anyway. Thanks for any insight Kc
