james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harmeet Bedi" <harm...@kodemuse.com>
Subject Re: More on SMTPS (TLS) James and M$OE MUA
Date Thu, 16 May 2002 14:03:33 GMT
It looks like your first message from client to server is SSLv3 Hello.

MS typically sends the first message as SSLv2 Hello. The server side JSSE
may not be configured to support SSLv2. The motivation for doing this is
documented at
http://ssllib.sourceforge.net/docall/com/kodemuse/security/ssl/ClientHelloV2
.html

There is a way to specify protocols supported in IE. Go to 'Advanced' tab in
Internet Options. Turn of SSLv2, restart IE and OE and see if that make a
difference.

Harmeet

BTW. What has been your experience with JSSE ? Does it seem ok/fast ?

----- Original Message -----
From: "Andrei Ivanov" <myfam@surfeu.fi>
To: "James Developers List" <james-dev@jakarta.apache.org>
Sent: Thursday, May 16, 2002 2:18 AM
Subject: More on SMTPS (TLS) James and M$OE MUA


> Hi,
> First of all sorry, I regarded latest version of James as v2.0a3 but it
has
> to be 2.0.a2.
>
> In my previous emails to this group I've asked about possible M$ Outlook
> Express config to use James SMTPS. I still wasn't able to send e-mail from
> M$OE using SSL for outgoing mail. Though I managed to test that James
SMTPS
> works, but in different configuration. I used "stunnel" (www.stunnel.org)
> program to accept plain connections from M$ OE and then communicate with
> James SMTPS. And it works. So it seems that James can use TLS for its SMTP
> part. Below is the debug from "stunnel". I hope that anyone can give me a
> hint from reading this stunnel debug, why M$OE is not able to communicate
> directly with James SMTP over SSL, and what can be done to solve this
> problem?
>
> Br. Andrei
> ----------------------- stunnel debug -------------------
>
> D:\Work\stunnel>stunnel-3.22.exe -c -d localhost:25 -r localhost:8101 -D 7
> 2002.05.16 11:47:37 LOG5[724:2124]: Using 'localhost.8101' as tcpwrapper
> service name
> 2002.05.16 11:47:37 LOG7[724:2124]: RAND_status claims sufficient entropy
> for the PRNG
> 2002.05.16 11:47:37 LOG6[724:2124]: PRNG seeded successfully
> 2002.05.16 11:47:37 LOG5[724:2124]: stunnel 3.22 on x86-pc-mingw32-gnu
WIN32
> with OpenSSL 0.9.6c21 dec 2001
> 2002.05.16 11:47:37 LOG5[724:2124]: FD_SETSIZE=4096, file ulimit=-1
> (unlimited)-> 2000 clients allowed
> 2002.05.16 11:47:37 LOG7[724:2124]: SO_REUSEADDR option set on accept
socket
> 2002.05.16 11:47:37 LOG7[724:2124]: localhost.8101 bound to 127.0.0.1:25
> 2002.05.16 11:47:48 LOG7[724:2124]: localhost.8101 accepted FD=420 from
> 127.0.0.1:1188
> 2002.05.16 11:47:48 LOG7[724:2120]: localhost.8101 started
> 2002.05.16 11:47:48 LOG5[724:2120]: localhost.8101 connected from
> 127.0.0.1:1188
> 2002.05.16 11:47:48 LOG7[724:2120]: localhost.8101 connecting
127.0.0.1:8101
> 2002.05.16 11:47:48 LOG7[724:2120]: Remote FD=436 initialized
> 2002.05.16 11:47:48 LOG7[724:2120]: SSL state (connect): before/connect
> initialization
> 2002.05.16 11:47:48 LOG7[724:2120]: SSL state (connect): SSLv3 write
client
> hello A
> 2002.05.16 11:47:48 LOG7[724:2120]: SSL state (connect): SSLv3 read server
> hello A
> 2002.05.16 11:47:48 LOG7[724:2120]: SSL state (connect): SSLv3 read server
> certificate A
> 2002.05.16 11:47:48 LOG7[724:2120]: SSL state (connect): SSLv3 read server
> doneA
> 2002.05.16 11:47:48 LOG7[724:2120]: SSL state (connect): SSLv3 write
client
> keyexchange A
> 2002.05.16 11:47:48 LOG7[724:2120]: SSL state (connect): SSLv3 write
change
> cipher spec A
> 2002.05.16 11:47:48 LOG7[724:2120]: SSL state (connect): SSLv3 write
> finished A
> 2002.05.16 11:47:48 LOG7[724:2120]: SSL state (connect): SSLv3 flush data
> 2002.05.16 11:47:48 LOG7[724:2120]: SSL state (connect): SSLv3 read
finished
> A
> 2002.05.16 11:47:48 LOG7[724:2120]:    1 items in the session cache
> 2002.05.16 11:47:48 LOG7[724:2120]:    1 client connects (SSL_connect())
> 2002.05.16 11:47:48 LOG7[724:2120]:    1 client connects that finished
> 2002.05.16 11:47:48 LOG7[724:2120]:    0 client renegotiatations requested
> 2002.05.16 11:47:48 LOG7[724:2120]:    0 server connects (SSL_accept())
> 2002.05.16 11:47:48 LOG7[724:2120]:    0 server connects that finished
> 2002.05.16 11:47:48 LOG7[724:2120]:    0 server renegotiatiations
requested
> 2002.05.16 11:47:48 LOG7[724:2120]:    0 session cache hits
> 2002.05.16 11:47:48 LOG7[724:2120]:    0 session cache misses
> 2002.05.16 11:47:48 LOG7[724:2120]:    0 session cache timeouts
> 2002.05.16 11:47:48 LOG6[724:2120]: Negotiated ciphers: DES-CBC3-SHA SSLv3
> Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
> 2002.05.16 11:47:49 LOG7[724:2120]: Socket closed on read
> 2002.05.16 11:47:49 LOG7[724:2120]: SSL alert (write): warning: close
notify
> 2002.05.16 11:47:49 LOG7[724:2120]: SSL write shutdown (output buffer
empty)
> 2002.05.16 11:47:49 LOG7[724:2120]: SSL alert (read): warning: close
notify
> 2002.05.16 11:47:49 LOG7[724:2120]: SSL closed on SSL_read
> 2002.05.16 11:47:49 LOG7[724:2120]: Socket write shutdown (output buffer
> empty)
> 2002.05.16 11:47:49 LOG5[724:2120]: Connection closed: 547 bytes sent to
> SSL, 340 bytes sent to socket
> 2002.05.16 11:47:49 LOG7[724:2120]: localhost.8101 finished (0 left)
>
>
> --
> To unsubscribe, e-mail:
<mailto:james-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
<mailto:james-dev-help@jakarta.apache.org>


--
To unsubscribe, e-mail:   <mailto:james-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:james-dev-help@jakarta.apache.org>


Mime
View raw message