On Tuesday 15 November 2005 22:07, Marian Hercek wrote:
But when I telnet on 993:
$ telnet localhost 993 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
Hi Marian, You can't telnet to SSL ports like you do to normal ports because the connection is encrypted and it requires an SSL handshake before you can pass data. You can use openssl's s_client command to connect to it though. I use this to test my server:
# openssl s_client -connect kitty:993
Replace kitty:993 with your mailserver name or IP and the port. You should see something like this:
- -----------------------------------------8<------------------------ paudley@inanna ~ $ openssl s_client -connect kitty:993 CONNECTED(00000003) depth=1 /C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SSL Domain CA verify error:num=20:unable to get local issuer certificate verify return:0
Certificate chain 0 s:/O=mail.blackcat.ca/OU=Domain Validated/OU=Go to https://www.thawte.com/repository/index.html/OU=Thawte SSL123 certificate/CN=mail.blackcat.ca i:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SSL Domain CA 1 s:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SSL Domain CA i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Server CA/emailAddress=server-certs@thawte.com
Server certificate
- ----BEGIN CERTIFICATE----- MIIDKjCCApOgAwIBAgIDINv1MA0GCSqGSIb3DQEBBAUAMFMxCzAJBgNVBAYTAlpB MSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMR0wGwYDVQQD ExRUaGF3dGUgU1NMIERvbWFpbiBDQTAeFw0wNTAyMDEyMDI4NDlaFw0wNzAyMDEy MDI4NDlaMIGyMRkwFwYDVQQKExBtYWlsLmJsYWNrY2F0LmNhMRkwFwYDVQQLExBE b21haW4gVmFsaWRhdGVkMTswOQYDVQQLEzJHbyB0byBodHRwczovL3d3dy50aGF3 dGUuY29tL3JlcG9zaXRvcnkvaW5kZXguaHRtbDEiMCAGA1UECxMZVGhhd3RlIFNT TDEyMyBjZXJ0aWZpY2F0ZTEZMBcGA1UEAxMQbWFpbC5ibGFja2NhdC5jYTCBnzAN BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz4Dp0Z1JXN1L33dmVXJ6uBoxvBH2GldV Nois9VMW5udDZsnSHqBggkVCbt7EzJXHLc2PkB6+Cr59jGPvcbWvfbJy4Fy0mNgX ajizSaWy6adoC7gMKgI3+d/Mvnji1YJhcdGfW4w/MPIaCMVhIYXidWU3/wTfp13I rcEq1SCUU6sCAwEAAaOBqzCBqDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH AwIweQYIKwYBBQUHAQEEbTBrMCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC50aGF3 dGUuY29tMEUGCCsGAQUFBzAChjlodHRwOi8vd3d3LnRoYXd0ZS5jb20vcmVwb3Np dG9yeS9UaGF3dGVfU1NMX0RvbWFpbl9DQS5jcnQwDAYDVR0TAQH/BAIwADANBgkq hkiG9w0BAQQFAAOBgQAMUG8WdxpPv4qcRcpTwtzg9d/a5BcaLdcBWzIpUXXiXJd8 FHUUX1Hu4VZ0O+/YScW1aL5PtiY8mDW5tMqZwDT5rU+pbWWUVwExMuJniCRSi57h fyZRfy7mL0Rxz08bQNgOKn4CBgb7qTrotTLHtC7TE2x0z3acTmQd4PvnKLP60A==
- ----END CERTIFICATE----- subject=/O=mail.blackcat.ca/OU=Domain Validated/OU=Go to https://www.thawte.com/repository/index.html/OU=Thawte SSL123 certificate/CN=mail.blackcat.ca issuer=/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SSL Domain CA
No client certificate CA names sent
SSL handshake has read 1802 bytes and written 346 bytes
New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: 0D40DB2EFD89B5495FFA1C0A8AF56EDF0A88F91C9312E5E7472A0DFEF9DD822B Session-ID-ctx: Master-Key: 8B4039B0562E7B0C1895A61C694CC30D514E5247E4F14826AFF5AE9BAFEC1B1DBFAF2E53C788CEB26442F6B704846437 Key-Arg : None Start Time: 1132131265 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate)
- OK [CAPABILITY IMAP4rev1 SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS AUTH=PLAIN] Dovecot ready.
- ------->8----------------------------------------------------------------
Hope that helps, Patrick.
-- "Believe those who are seeking the truth. Doubt those who find it." - Andre Gide ... Patrick Audley paudley@blackcat.ca Blackcat Systems http://blackcat.ca Bringing Elegance to Complexity