Bug#221689: [Pkg-openssl-devel] Bug#221689: Checking the existence of the bug.

Christoph Martin martin at uni-mainz.de
Wed Aug 2 12:14:44 UTC 2006 

Hi Kurt,

Kurt Roeckx schrieb:
> On Mon, Jul 31, 2006 at 11:57:09PM +0100, James Westby wrote:
>> On (01/08/06 00:06), Artur R. Czechowski wrote:
>>> You can check the existence of the bug using any exim4 server. Currently
>>> master.debian.org suits well:
>>>
>>> arturcz at blabluga:~$ openssl s_client -starttls smtp -ssl2 -connect master.debian.org:25 -debug
>>> CONNECTED(00000003)
>>> read from 0x80cf1f8 [0x80b9d78] (8192 bytes => 71 (0x47))
>>> 0000 - 32 32 30 20 6d 61 73 74-65 72 2e 64 65 62 69 61   220 master.debia
>>> 0010 - 6e 2e 6f 72 67 20 45 53-4d 54 50 20 45 78 69 6d   n.org ESMTP Exim
>>> 0020 - 20 34 2e 35 30 20 4d 6f-6e 2c 20 33 31 20 4a 75    4.50 Mon, 31 Ju
>>> 0030 - 6c 20 32 30 30 36 20 31-37 3a 30 33 3a 35 37 20   l 2006 17:03:57
>>> 0040 - 2d 30 35 30 30 0d 0a                              -0500..
>>> write to 0x80cf1f8 [-0x40611278] (10 bytes => 10 (0xA))
>>> 0000 - 53 54 41 52 54 54 4c 53-0d 0a                     STARTTLS..
>>> read from 0x80cf1f8 [0x80b7d70] (8192 bytes => 47 (0x2F))
>>> 0000 - 35 30 33 20 53 54 41 52-54 54 4c 53 20 63 6f 6d   503 STARTTLS com
>>> 0010 - 6d 61 6e 64 20 75 73 65-64 20 77 68 65 6e 20 6e   mand used when n
>>> 0020 - 6f 74 20 61 64 76 65 72-74 69 73 65 64 0d 0a      ot advertised..
>>> write to 0x80cf1f8 [0x80c5e91] (48 bytes => 48 (0x30))
>>> 0000 - 80 2e 01 00 02 00 15 00-00 00 10 07 00 c0 03 00   ................
>>> 0010 - 80 01 00 80 08 00 80 06-00 40 04 00 80 02 00 80   ......... at ......
>>> 0020 - 39 e3 e3 94 2c 71 3e 8d-75 10 32 16 df e0 69 4e   9...,q>.u.2...iN
>>>
>> It is marked as wishlist as this is by design really. 
>>
>> openssl cannot know how to speak every protocol, and know when to send
>> STARTTLS for each, so it just does it at the start. 
> 
> But it does support 2 protocols, smtp and pop3.  It just doesn't
> support them very well.  I'm not not familiar with the smtp
> protocol enough to know what you can send STARTTLS.  exim4 above
> claims it wasn't advertised.  So I wonder when it gets
> advertised, and wether it supports it or not.

The smtp/starttls protocol works like this: After connection is up the
client first has to send the ehlo command. The response of the server is
a line were it advertises all its capabilities possibly including
starttls. If the client gets this response, it can use starttls.

Christoph

-- 
============================================================================
Christoph Martin, EDV der Verwaltung, Uni-Mainz, Germany
 Internet-Mail:  Christoph.Martin at Verwaltung.Uni-Mainz.DE
  Telefon: +49-6131-3926337
      Fax: +49-6131-3922856

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20060802/e137761f/signature.pgp

More information about the Pkg-openssl-devel mailing list