Thu Feb 12 16:22:09 CET 2009

deactivating openssl renegotiation

This happened way too often, so I'll write it down as a quick reminder:

Openssl in s_client mode will renegotiate a connection whenever a line starts with the letter R - which is an especially bad choice when you're using it to connect to an smtp server.

For example:
~# openssl s_client -host smtp.hushmail.com -port 465
CONNECTED(00000003)
[certificate..]
---
220 smtp.hushmail.com ESMTP Postfix
HELO checko
250 smtp.hushmail.com
MAIL FROM: supergeek@uberfreak.net
250 2.1.0 Ok
RCPT TO: lostgeek@hushmail.com
RENEGOTIATING
depth=2 /C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0

So every time you try to enter RCPT the connection will be renegotiated, rendering it useless for sending mail - as a sidenote Q should also be avoided..

Since I always look it up, here it is once and for all:

openssl s_client -ign_eof -crlf -host $host -port $port

would be the correct way to go.


Posted by iso | Permanent Link | Tags: nerd stuff, annoyance, linux | comments >>