[stunnel-users] Error with negotiation OK

Flo Rance trourance at gmail.com
Tue May 15 13:09:48 CEST 2018


Hi Alix,

Yes, it does. And I've tested it from the command line, it listens on port
465 with SSL.

So the problem might be related to Outlook, as stated before. I don't use
Windows at all so I can't provide you much more information.

But still, IMO it has nothing to do with stunnel.

Flo

On Tue, May 15, 2018 at 12:56 PM, Alix Janeth Jerez <alixj at hotmail.com>
wrote:

> Hi Flo:
>
> I used 465 port, because is the information that sent  service provider
>
> If you see this lines, it connect succesfully, or not?
>
> 2018.05.14 12:59:34 LOG6[37]: s_connect: connecting 212.227.15.158:465
>  2018.05.14 12:59:34 LOG7[37]: s_connect: s_poll_wait 212.227.15.158:465:
> waiting 10 seconds
> 2018.05.14 12:59:34 LOG5[37]: s_connect: connected 212.227.15.158:465
> 2018.05.14 12:59:34 LOG5[37]: Service [pseudo-ssmtp] connected remote
> server from 172.31.41.84:53558
>
> Best regards,
>
> ------------------------------
> *De:* Flo Rance <trourance at gmail.com>
> *Enviado:* martes, 15 de mayo de 2018 10:28
> *Para:* Alix Janeth Jerez
> *Cc:* stunnel-users at stunnel.org
> *Asunto:* Re: [stunnel-users] Error with negotiation OK
>
> Hi,
>
> The problem was because you used port 465 (SSL) instead of 587 (STARTTLS).
> It doesn't seem that 1&1 smtp supports connection on port 465.
>
> Flo
>
> On Tue, May 15, 2018 at 12:16 PM, Alix Janeth Jerez <alixj at hotmail.com>
> wrote:
>
> Hi Flo:
>
> Thanks for replying.
>
> With gmail account it works ok.
>
> I setted 1and1 mail account in outlook client with the parameters
> smtp.1and1.es port 587 and I can send and receive emails.
>
> Thanks a lot.
>
> Best regards,
>
>
> ------------------------------
> *De:* Flo Rance <trourance at gmail.com>
> *Enviado:* martes, 15 de mayo de 2018 10:04
> *Para:* Alix Janeth Jerez
> *Cc:* stunnel-users at stunnel.org
> *Asunto:* Re: [stunnel-users] Error with negotiation OK
>
> Hi,
>
> IMO, this problem has nothing to do with stunnel.
>
> There are plenty of issues reported on the web, most of them related to
> Outlook.
>
> Does it happen with all email addresses or a specific one ?
>
> Flo
>
> On Tue, May 15, 2018 at 9:56 AM, Alix Janeth Jerez <alixj at hotmail.com>
> wrote:
>
> Hi
>
> I am using lastest stunnel version.
>
> When i try to send an email, i get:
>
> *"error permanente de SMTP: 503 Bad sequence of commands".*
>
> This is the trace generated when I try to send an email.
>
>  2018.05.14 12:59:08 LOG5[main]: Reading configuration from file
> stunnel.conf
>  2018.05.14 12:59:08 LOG5[main]: UTF-8 byte order mark not detected
>  2018.05.14 12:59:08 LOG5[main]: FIPS mode disabled
>  2018.05.14 12:59:08 LOG5[main]: Configuration successful
>  2018.05.14 12:59:08 LOG7[main]: Binding service [pseudo-ssmtp]
>  2018.05.14 12:59:08 LOG7[main]: Listening file descriptor created (FD=568)
>  2018.05.14 12:59:08 LOG7[main]: Option SO_EXCLUSIVEADDRUSE set on accept
> socket
>  2018.05.14 12:59:08 LOG7[main]: Service [pseudo-ssmtp] (FD=568) bound to
> 172.31.41.84:116
>  2018.05.14 12:59:08 LOG7[main]: Signal pipe is empty
>  2018.05.14 12:59:22 LOG7[main]: Found 1 ready file descriptor(s)
>  2018.05.14 12:59:22 LOG7[main]: FD=324 ifds=r-x ofds=r--
>  2018.05.14 12:59:22 LOG7[main]: Dispatching signals from the signal pipe
>  2018.05.14 12:59:22 LOG7[main]: Processing SIGNAL_RELOAD_CONFIG
>  2018.05.14 12:59:22 LOG7[main]: Running on Windows 6.1
>  2018.05.14 12:59:22 LOG5[main]: Reading configuration from file
> stunnel.conf
>  2018.05.14 12:59:22 LOG5[main]: UTF-8 byte order mark not detected
>  2018.05.14 12:59:22 LOG5[main]: FIPS mode disabled
>  2018.05.14 12:59:22 LOG7[main]: Compression disabled
>  2018.05.14 12:59:22 LOG7[main]: Snagged 64 random bytes from C:/.rnd
>  2018.05.14 12:59:22 LOG7[main]: Wrote 1024 new random bytes to C:/.rnd
>  2018.05.14 12:59:22 LOG7[main]: PRNG seeded successfully
>  2018.05.14 12:59:22 LOG6[main]: Initializing service [pseudo-ssmtp]
>  2018.05.14 12:59:22 LOG7[main]: Ciphers: HIGH:!DH:!aNULL:!SSLv2
>  2018.05.14 12:59:22 LOG7[main]: TLS options: 0x03000004 (+0x03000000,
> 0x00000000)
>  2018.05.14 12:59:22 LOG6[main]: Loading certificate from file: stunnel.pem
>  2018.05.14 12:59:22 LOG6[main]: Certificate loaded from file: stunnel.pem
>  2018.05.14 12:59:22 LOG6[main]: Loading private key from file: stunnel.pem
>  2018.05.14 12:59:22 LOG6[main]: Private key loaded from file: stunnel.pem
>  2018.05.14 12:59:22 LOG7[main]: Private key check succeeded
>  2018.05.14 12:59:22 LOG5[main]: Configuration successful
>  2018.05.14 12:59:22 LOG7[main]: Unbinding service [pseudo-ssmtp]
>  2018.05.14 12:59:22 LOG7[main]: Service [pseudo-ssmtp] closed (FD=568)
>  2018.05.14 12:59:22 LOG7[main]: Service [pseudo-ssmtp] closed
>  2018.05.14 12:59:22 LOG7[main]: Binding service [pseudo-ssmtp]
>  2018.05.14 12:59:22 LOG7[main]: Listening file descriptor created (FD=568)
>  2018.05.14 12:59:22 LOG7[main]: Option SO_EXCLUSIVEADDRUSE set on accept
> socket
>  2018.05.14 12:59:22 LOG7[main]: Service [pseudo-ssmtp] (FD=568) bound to
> 172.31.41.84:116
>  2018.05.14 12:59:22 LOG7[main]: Signal pipe is empty
>  2018.05.14 12:59:34 LOG7[main]: Found 1 ready file descriptor(s)
>  2018.05.14 12:59:34 LOG7[main]: FD=324 ifds=r-x ofds=---
>  2018.05.14 12:59:34 LOG7[main]: Service [pseudo-ssmtp] accepted (FD=584)
> from 172.31.41.84:53557
>  2018.05.14 12:59:34 LOG7[main]: Creating a new thread
>  2018.05.14 12:59:34 LOG7[main]: New thread created
>  2018.05.14 12:59:34 LOG7[37]: Service [pseudo-ssmtp] started
>  2018.05.14 12:59:34 LOG7[37]: Option TCP_NODELAY set on local socket
>  2018.05.14 12:59:34 LOG5[37]: Service [pseudo-ssmtp] accepted connection
> from 172.31.41.84:53557
>  2018.05.14 12:59:34 LOG6[37]: failover: round-robin, starting at entry #1
>  2018.05.14 12:59:34 LOG6[37]: s_connect: connecting 212.227.15.158:465
>  2018.05.14 12:59:34 LOG7[37]: s_connect: s_poll_wait 212.227.15.158:465:
> waiting 10 seconds
> 2018.05.14 12:59:34 LOG5[37]: s_connect: connected 212.227.15.158:465
> 2018.05.14 12:59:34 LOG5[37]: Service [pseudo-ssmtp] connected remote
> server from 172.31.41.84:53558
> 2018.05.14 12:59:34 LOG7[37]: Option TCP_NODELAY set on remote socket
> 2018.05.14 12:59:34 LOG7[37]: Remote descriptor (FD=552) initialized
> 2018.05.14 12:59:34 LOG6[37]: SNI: sending servername: smtp.1and1.es
> 2018.05.14 12:59:34 LOG6[37]: Peer certificate required
> 2018.05.14 12:59:34 LOG7[37]: TLS state (connect): before/connect
> initialization
> 2018.05.14 12:59:34 LOG7[37]: TLS state (connect): SSLv2/v3 write client
> hello A
> 2018.05.14 12:59:34 LOG7[37]: TLS state (connect): SSLv3 read server hello
> A
> 2018.05.14 12:59:34 LOG7[37]: Verification started at depth=2: C=US,
> O="thawte, Inc.", OU=Certification Services Division, OU="(c) 2006 thawte,
> Inc. - For authorized use only", CN=thawte Primary Root CA
> 2018.05.14 12:59:34 LOG7[37]: CERT: Pre-verification succeeded
> 2018.05.14 12:59:34 LOG7[37]: OCSP: Ignoring root certificate
> 2018.05.14 12:59:34 LOG6[37]: Certificate accepted at depth=2: C=US,
> O="thawte, Inc.", OU=Certification Services Division, OU="(c) 2006 thawte,
> Inc. - For authorized use only", CN=thawte Primary Root CA
> 2018.05.14 12:59:34 LOG7[37]: Verification started at depth=1: C=US,
> O="thawte, Inc.", CN=thawte SSL CA - G2
> 2018.05.14 12:59:34 LOG7[37]: CERT: Pre-verification succeeded
> 2018.05.14 12:59:34 LOG5[37]: OCSP: Connecting the AIA responder "
> http://t2.symcb.com"
> 2018.05.14 12:59:34 LOG6[37]: s_connect: connecting 23.5.251.27:80
> 2018.05.14 12:59:34 LOG7[37]: s_connect: s_poll_wait 23.5.251.27:80:
> waiting 10 seconds
> 2018.05.14 12:59:34 LOG5[37]: s_connect: connected 23.5.251.27:80
> 2018.05.14 12:59:34 LOG7[37]: OCSP: Connected t2.symcb.com:80
> 2018.05.14 12:59:34 LOG7[37]: OCSP: Response received
> 2018.05.14 12:59:34 LOG6[37]: OCSP: Status: good
> 2018.05.14 12:59:34 LOG6[37]: OCSP: This update: May 13 18:15:02 2018 GMT
> 2018.05.14 12:59:34 LOG6[37]: OCSP: Next update: May 20 18:15:02 2018 GMT
> 2018.05.14 12:59:34 LOG5[37]: OCSP: Certificate accepted
> 2018.05.14 12:59:34 LOG6[37]: Certificate accepted at depth=1: C=US, O="thawte,
> Inc.", CN=thawte SSL CA - G2
> 2018.05.14 12:59:34 LOG7[37]: Verification started at depth=0: C=DE,
> ST=Rheinland-Pfalz, L=Montabaur, O=1&1 Internet SE, CN=smtp.1and1.es
> 2018.05.14 12:59:34 LOG7[37]: CERT: Pre-verification succeeded
> 2018.05.14 12:59:34 LOG6[37]: CERT: Host name "smtp.1and1.es" matched
> with "smtp.1and1.es"
> 2018.05.14 12:59:34 LOG5[37]: OCSP: Connecting the AIA responder "
> http://tj.symcd.com"
> 2018.05.14 12:59:34 LOG6[37]: s_connect: connecting 23.5.251.27:80
> 2018.05.14 12:59:34 LOG7[37]: s_connect: s_poll_wait 23.5.251.27:80:
> waiting 10 seconds
> 2018.05.14 12:59:35 LOG5[37]: s_connect: connected 23.5.251.27:80
> 2018.05.14 12:59:35 LOG7[37]: OCSP: Connected tj.symcd.com:80
> 2018.05.14 12:59:35 LOG7[37]: OCSP: Response received
> 2018.05.14 12:59:35 LOG6[37]: OCSP: Status: good
> 2018.05.14 12:59:35 LOG6[37]: OCSP: This update: May 14 01:38:59 2018 GMT
> 2018.05.14 12:59:35 LOG6[37]: OCSP: Next update: May 21 01:38:59 2018 GMT
> 2018.05.14 12:59:35 LOG5[37]: OCSP: Certificate accepted
> 2018.05.14 12:59:35 LOG5[37]: Certificate accepted at depth=0: C=DE,
> ST=Rheinland-Pfalz, L=Montabaur, O=1&1 Internet SE, CN=smtp.1and1.es
> 2018.05.14 12:59:35 LOG7[37]: TLS state (connect): SSLv3 read server
> certificate A
> 2018.05.14 12:59:35 LOG7[37]: TLS state (connect): SSLv3 read server key
> exchange A
> 2018.05.14 12:59:35 LOG6[37]: Client certificate not requested
> 2018.05.14 12:59:35 LOG7[37]: TLS state (connect): SSLv3 read server done A
> 2018.05.14 12:59:35 LOG7[37]: TLS state (connect): SSLv3 write client key
> exchange A
> 2018.05.14 12:59:35 LOG7[37]: TLS state (connect): SSLv3 write change
> cipher spec A
> 2018.05.14 12:59:35 LOG7[37]: TLS state (connect): SSLv3 write finished A
> 2018.05.14 12:59:35 LOG7[37]: TLS state (connect): SSLv3 flush data
> 2018.05.14 12:59:35 LOG7[37]: TLS state (connect): SSLv3 read finished A
> 2018.05.14 12:59:35 LOG7[37]:      1 client connect(s) requested
> 2018.05.14 12:59:35 LOG7[37]:      1 client connect(s) succeeded
> 2018.05.14 12:59:35 LOG7[37]:      0 client renegotiation(s) requested
> 2018.05.14 12:59:35 LOG7[37]:      0 session reuse(s)
> 2018.05.14 12:59:35 LOG6[37]: TLS connected: new session negotiated
> 2018.05.14 12:59:35 LOG7[37]: Peer certificate was cached (5543 bytes)
> 2018.05.14 12:59:35 LOG6[37]: Negotiated TLSv1.2 ciphersuite
> ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption)
> 2018.05.14 12:59:35 LOG7[37]: Compression: null, expansion: null
> 2018.05.14 12:59:53 LOG3[36]: transfer: s_poll_wait: TIMEOUTclose
> exceeded: closing
> 2018.05.14 12:59:53 LOG5[36]: Connection closed: 15 byte(s) sent to TLS,
> 166 byte(s) sent to socket
>
> I can't find the error.
>
> Thanks in advance for your help.
>
>
> Best regards,
>
> Alix
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20180515/79edacbb/attachment.html>


More information about the stunnel-users mailing list