Thu Feb 12 16:22:09 CET 2009

deactivating openssl renegotiation

This happened way too often, so I'll write it down as a quick reminder:

Openssl in s_client mode will renegotiate a connection whenever a line starts with the letter R - which is an especially bad choice when you're using it to connect to an smtp server.

For example:
~# openssl s_client -host -port 465
220 ESMTP Postfix
HELO checko
250 2.1.0 Ok
depth=2 /C=US/ incorp. by ref. (limits liab.)/OU=(c) 1999 Limited/ Secure Server Certification Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0

So every time you try to enter RCPT the connection will be renegotiated, rendering it useless for sending mail - as a sidenote Q should also be avoided..

Since I always look it up, here it is once and for all:

openssl s_client -ign_eof -crlf -host $host -port $port

would be the correct way to go.

Posted by iso | Permanent Link | Tags: nerd stuff, annoyance, linux | comments >>