This is mutt-1.14.6v3-sasl in 6.7-current/amd64.
Recently, my institution's mail has been moved to
220 mail.cvut.cz Microsoft ESMTP MAIL Service
Trying to send mail through it fails with
SSL failed: error:1404B42E:SSL routines:ST_CONNECT:tlsv1 alert protocol version
I enabled all the following to also enable the older ssl/tls protocols
in case the server needs one that is not enabled by mutt by default
as "tlsv1 alert protocol version" would suggest:
set ssl_starttls = yes
#set ssl_force_tls = yes
set ssl_use_sslv2 = yes
set ssl_use_sslv3 = yes
set ssl_use_tlsv1 = yes
set ssl_use_tlsv1_1 = yes
set ssl_use_tlsv1_2 = yes
set ssl_use_tlsv1_3 = yes
It made no difference, the error message is the same.
What's strange is that when connecting to the same server via IMAP
(to read mail as opposed to send mail), mutt reports
TLSv1.2 connection using TLSv1/SSLv3 (ECDHE-RSA-AES256-GCM-SHA384)
and I can read my INBOX; that makes me think
that ssl/tls connections to the server generally work.
After rebuilding mutt from source --with-gnutls instead of --with-ssl,
(and checking with ldd that it is indeed linked against gnutls and
not linked against libssl and libtls), the error becomes
gnutls_handshake: An unexpected TLS packet was received.
Suspecting that the server might be discriminating on the
exact version string (if there is such a thing), I also tried
to compile against the openssl port, i.e. the ssl/tls in /usr/local,
but I couldn't do it: the mutt build system alwasy picks the lib
in /usr/lib, whoch is LibreSSL, not OpenSSL.
Can I debug the details of the attempted tls connection?
(Recompiling --with-debug and running with -d 10 doesn't reveal anything.)
Is anyone seeing the same?
Jan
FWIW, with NetBSD's Mutt 1.11.4 (2019-03-13), the error is
SSL failed: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
