13 Mar
2024
13 Mar
'24
12:14 p.m.
On 13/03/24 22:30, Stuart Henderson wrote:
I test with this: openssl s_client -connect mail.domain.com:993 -crlf -quie= t
That's not a valid test. openssl >=1.1.1 s_client uses SNI by default, with libressl or older openssl you need to use -servername.
Indeed, you want: openssl s_client -connect mail.example.com:993 -servername mail.example.com -crlf -quiet
-servername works with newer versions of s_client but is required for older versions, if you include it in everything you can't go wrong.
Peter