[Pkg-gnutls-maint] Bug#458817: /usr/bin/gnutls-cli: seems to eat first TLS line after starttls

Andreas Metzler ametzler at downhill.at.eu.org
Thu Jan 3 16:38:52 UTC 2008 

On 2008-01-03 Marc Haber <mh+debian-bugs at zugschlus.de> wrote:
> Package: gnutls-bin
> Version: 2.0.4-1
> Severity: normal
> File: /usr/bin/gnutls-cli

> When I use gnutls-cli to debug a SMTP/STARTTLS session, I usually do
> not see the banner sent by the ESMTP server after the TLS session was
> established. The session seems to be in an OK state though, since I
> get an error message when I simply type <RETURN> after switching to TLS:

> $ gnutls-cli -p 587 smtp.gmail.com -s
> Resolving 'smtp.gmail.com'...
> Connecting to '72.14.221.111:587'...

> - Simple Client Mode:

> 220 mx.google.com ESMTP 4sm12205522fge.8
> EHLO test.client.example
> 250-mx.google.com at your service, [77.1.33.179]
> 250-SIZE 28311552
> 250-8BITMIME
> 250-STARTTLS
> 250 ENHANCEDSTATUSCODES
> STARTTLS
> 220 2.0.0 Ready to start TLS
[...]
> - Compression: NULL
> <here, the session seems to hang. typing without waiting for the banner>
> EHLO test.client.example
[...]
> I am not sure whether this is gnutls-cli's fault, but it would be
> great to see the entire conversation.
[...]

Hello,

I am not entirely sure but I think you are seeing the complete
transaction. The output in swaks looks basically identical, openssl's
s_client looks similar ("openssl s_client -tls1 -starttls smtp -connect 
smtp.gmail.com:587"), it just seems to garble the output by
displaying the initial
250 ENHANCEDSTATUSCODES
*after* successful TLS-negotiation although the server sent it before
STARTTLS was sent by the client.

I also do not think the server is broken, mail.gmx.net looks the same
and RFC3207 says:

| Upon completion of the TLS handshake, the SMTP protocol is reset to
| the initial state (the state in SMTP _after_ a server issues a 220
| service ready greeting).

and the example listed in the rfc does not show a prompt sent by the
server after successful TLS either.

cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the Pkg-gnutls-maint mailing list