Odd "RENEGOTIATING" behavior when calling "RCPT TO" ?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Odd "RENEGOTIATING" behavior when calling "RCPT TO" ?

Laura Smith
I've never seen this before, perhaps someone can throw light on it ?

Postfix 3.3.1

>openssl s_client -connect test.example.com:587 -starttls smtp
250 DSN
ehlo localhost
250-test.example.com
250-PIPELINING
250-SIZE 20480000
250-ETRN
250-AUTH PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN NONEOFYOURBUSINESS
235 2.7.0 Authentication successful
MAIL FROM:[hidden email]
250 2.1.0 Ok
RCPT TO:[hidden email]
RENEGOTIATING
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA
verify return:1
depth=0 C = X, L = X, O = X, CN = *.example.com
verify return:1
DATA
554 5.5.1 Error: no valid recipients
quit
221 2.0.0 Bye
closed





Reply | Threaded
Open this post in threaded view
|

Re: Odd "RENEGOTIATING" behavior when calling "RCPT TO" ?

Wietse Venema
Laura Smith:
> RCPT TO:[hidden email]
> RENEGOTIATING

Don't enter commands that start with R into OpenSSL.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Odd "RENEGOTIATING" behavior when calling "RCPT TO" ?

Laura Smith
On Thursday, October 11, 2018 6:15 PM, Wietse Venema <[hidden email]> wrote:

> Laura Smith:
>
> > RCPT TO:[hidden email]
> > RENEGOTIATING
>
> Don't enter commands that start with R into OpenSSL.
>
> Wietse

Rats !  ;-)

Well, I guess that makes sense.

Reply | Threaded
Open this post in threaded view
|

Re: Odd "RENEGOTIATING" behavior when calling "RCPT TO" ?

Viktor Dukhovni
In reply to this post by Wietse Venema
On Thu, Oct 11, 2018 at 01:15:02PM -0400, Wietse Venema wrote:

> Laura Smith:
> > RCPT TO:[hidden email]
> > RENEGOTIATING
>
> Don't enter commands that start with R into OpenSSL.

Lower-case 'r' works by the way.  The OpenSSL 's_client' utility,
is diagnostic tool for debugging SSL issues, not a general-purpose
proxy, so it has some extra features beyond what what you would
expect to find in a tool that's just an SSL tunnel.

The 'R' and 'Q' interpretation is also disabled if you use the
"-quiet" option (and don't also use '-no_ign_eof', this added
condition may be a bug that'll be fixed).

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Odd "RENEGOTIATING" behavior when calling "RCPT TO" ?

Laura Smith
On Thursday, October 11, 2018 6:51 PM, Viktor Dukhovni <[hidden email]> wrote:

> On Thu, Oct 11, 2018 at 01:15:02PM -0400, Wietse Venema wrote:
>
> > Laura Smith:
> >
> > > RCPT TO:[hidden email]
> > > RENEGOTIATING
> >
> > Don't enter commands that start with R into OpenSSL.
>
> Lower-case 'r' works by the way. The OpenSSL 's_client' utility,
> is diagnostic tool for debugging SSL issues, not a general-purpose
> proxy, so it has some extra features beyond what what you would
> expect to find in a tool that's just an SSL tunnel.
>
> The 'R' and 'Q' interpretation is also disabled if you use the
> "-quiet" option (and don't also use '-no_ign_eof', this added
> condition may be a bug that'll be fixed).
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>     Viktor.
>


Great tip Viktor. Thanks !