Return-Path: <jolson@communigate.com>
Received: from [64.173.55.167] (account jolson@communigate.com HELO josh.mv)
  by mail.stalker.com (CommuniGate Pro SMTP 5.3.9)
  with ESMTPSA id 61815039 for CGatePro@mail.stalker.com; Thu, 02 Sep 2010 08:11:53 -0700
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Apple Message framework v1081)
Subject: Re: TLS problem with huge acceptable client certs
From: Josh Olson <jolson@communigate.com>
In-Reply-To: <list-61814583@mail.stalker.com>
Date: Thu, 2 Sep 2010 08:11:54 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <3B21BEC8-13D3-418E-B694-24434A55D704@communigate.com>
References: <list-61814583@mail.stalker.com>
To: "CommuniGate Pro Discussions" <CGatePro@mail.stalker.com>
X-Mailer: Apple Mail (2.1081)

Hello Tamas,

The TLS handshake record in the current CGP implementation can not =
exceed 16384 bytes. This is enough for normal applications, but servers =
configured with large lists of certificates acceptable from clients may =
send larger handshake records. If the record is in excess of this value, =
TLS connections may fail.

This limit should be removed when CommuniGate Pro 5.4 is released later =
this year.

-Josh

On Sep 2, 2010, at 7:31 AM, Tamas Levente wrote:

> Hi,
> we are experiencing a problem that seems to be realted to a fact that =
CGP (5.3.8 and possibly all before that) only reads in 16k of cert on =
TLS negotiation. I attached the CGP log and the console openssl =
connection results, you can see CGP after read in 16k of data decides =
that the certificate is broken and wants to proceed with cleartext, but =
the remote side is still pushing the remaining part of the certificate =
hence the weird reply to our QUIT.
> =20
> It should be easy to fix it, just read the cert to EOF or certsize , =
without size limit, or if you are affraid that it might get hacked, =
choose a little bigger buffer size, 64k-128k must do it. you can test it =
with postmaster@hoti.hu address.
> =20
> 15:43:27.110 5 SMTP-088085() started
> 15:43:27.110 5 SMTP-088085(hoti.hu) processing
> 15:43:27.113 5 SMTP-088085(hoti.hu) 1 relay(s) found:mail.hoti.hu
> 15:43:27.113 4 SMTP-088085(hoti.hu) connecting [193.23.138.91]:65535 =
-> [195.70.35.118]:25
> 15:43:27.563 5 SMTP-088085(hoti.hu) inp: 220 mail2.netforum.hu ESMTP =
mail server ready. Wed, 25 Aug 2010 15:43:27 +0200
> 15:43:27.563 4 SMTP-088085(hoti.hu) connected to mail.hoti.hu =
[195.70.35.118]:25, ESMTP
> 15:43:27.563 5 SMTP-088085(hoti.hu) out: EHLO mail.tamisoft.com\r\n
> 15:43:27.564 5 SMTP-088085(hoti.hu ) inp: 250-mail2.netforum.hu Hello =
mail.tamisoft.com [193.23.138.91]
> 15:43:27.564 5 SMTP-088085(hoti.hu) inp: 250-SIZE 15120000
> 15:43:27.564 5 SMTP-088085(hoti.hu) inp: 250-8BITMIME
> 15:43:27.564 5 SMTP-088085(hoti.hu) inp: 250-PIPELINING
> 15:43:27.564 5 SMTP-088085(hoti.hu) inp: 250-AUTH PLAIN LOGIN
> 15:43:27.564 5 SMTP-088085(hoti.hu) inp: 250-STARTTLS
> 15:43:27.564 5 SMTP-088085(hoti.hu) inp: 250 HELP
> 15:43:27.564 4 SMTP-088085(hoti.hu) Connected. SIZE TLS AUTH
> 15:43:27.564 5 SMTP-088085(hoti.hu) out: STARTTLS\r\n
> 15:43:27.633 5 SMTP-088085(hoti.hu) inp: 220 TLS go ahead
> 15:43:27.633 5 SMTP-088085( hoti.hu) TLS out 22: (53) 01 00 00 31 03 =
00 42 33 38 34 30 30 30 30 31 33 45 30 37 44 31 39 36 39 30 45 39 35 30 =
43 45 44 42 36 45 42 42 45 00 00 0A 00 0A 00 05 00 04 00 03 00 06 01 00
> 15:43:27.634 5 SMTP-088085(hoti.hu) TLS inp 22: (74) 02 00 00 46 03 00 =
4C 75 1D FF E5 3A AC 7F D3 B7 80 88 DB 4F E4 F4 F1 BB 02 77 2F 46 3B 96 =
BB 91 BD 27 C6 87 56 39 20 A0 DC 76 70 D3 B6 59 FA 4A A2 0C 1A 7F 9C F2 =
6F 12 8B BB C9 C5 DE EA 3E 24 E7 F5 B4 35 B4 0C 6E 00 0A 00
> 15:43:27.634 2 TLS-069570 session created for SMTP-088085, v.0, =
method=3DDES3_SHA
> 15:43:27.634 4 SMTP-088085(hoti.hu) TLSv0 handshake: 'server_hello' =
processed; method=3DDES3_SHA, residual=3D0
> 15:43:27.634 5 SMTP-088085(hoti.hu) TLS inp 22: (447) 0B 00 01 BB 00 =
01 B8 00 01 B5 30 82 01 B1 30 82 01 1A 02 09 00 85 1D 4E 22 27 C7 17 DF =
30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 1D 31 1B 30 19 06 03 55 =
04 03 13 12 6D 61 69 6C 2D 61 2E 6E 65 74 66 6F 72 75 6D 2E 68 75 30 1E =
17 0D 30 39 30 37 30 31 32 32 32 32 32 34 5A 17 0D 31 39 30 36 32 39 32 =
32 32 32 32 34 5A 30 1D 31 1B 30 19 06 03 55 04 03 13 12 6D 61 69 6C 2D =
61 2E 6E 65 74 66 6F 72 75 6D 2E 68 75 30 81 9F 30 0D 06 09 2A 86 48
> 15:43:27.634 4 SMTP-088085(hoti.hu) TLSv0 inp(443): certificate
> 15:43:27.634 4 SMTP-088085(hoti.hu) TLS 1024-bit certificate read
> 15:43:27.637 5 SMTP-088085(hoti.hu) TLS inp 22: (16384) 0D 00 4B D6 02 =
01 02 4B D1 00 B7 30 81 B4 31 0B 30 09 06 03 55 04 06 13 02 42 52 31 13 =
30 11 06 03 55 04 0A 13 0A 49 43 50 2D 42 72 61 73 69 6C 31 3D 30 3B 06 =
03 55 04 0B 13 34 49 6E 73 74 69 74 75 74 6F 20 4E 61 63 69 6F 6E 61 6C =
20 64 65 20 54 65 63 6E 6F 6C 6F 67 69 61 20 64 61 20 49 6E 66 6F 72 6D =
61 63 61 6F 20 2D 20 49 54 49 31 11 30 0F 06 03 55 04 07 13 08 42 72 61 =
73 69 6C 69 61 31 0B 30 09 06 03 55 04 08 13 02 44 46 31 31 30 2F 06
> 15:43:27.637 3 SMTP-088085(hoti.hu) TLSv0 handshake: input record =
length 19414/16384 is incorrect
> 15:43:27.837 5 SMTP-088085( hoti.hu) TLS out 21: (2) 02 32
> 15:43:27.837 2 TLS-069570 session closed by SMTP-088085, refCount=3D1
> 15:43:27.837 3 SMTP-088085(hoti.hu) failed to establish a secure =
connection with [195.70.35.118]:25. Error Code=3Dnot a TLS =
handshake-type record
> 15:43:27.837 4 SMTP-088085(hoti.hu) [12883883] sending
> 15:43:27.837 5 SMTP-088085(hoti.hu) out: MAIL =
FROM:<levi@mail.tamisoft.com> SIZE=3D502\r\n
> 15:43:27.837 5 SMTP-088085(hoti.hu) inp: =
\003U\004\006\019\002PL1\0310\029\006\003U\004
> 15:43:27.837 1 SMTP-088085(hoti.hu) [12883883] return-path rejected, =
got:\003U\004\006\019\002PL1\0310\029\006\003U\004
> 15:43:27.837 5 SMTP-088085(hoti.hu) out: QUIT\r\n
> 15:43:27.837 5 SMTP-088085(hoti.hu) inp: \019\022TP Internet Sp. z =
o.o.1$0"\006\003U\004\011\019\027Centrum Certyfikacji =
Signet1\0310\029\006\003U\004\003\019\022CC Signet - CA Klasa 1
> 15:43:27.837 4 SMTP-088085(hoti.hu) closing connection
> 15:43:27.837 4 SMTP-088085(hoti.hu) releasing stream
> =20
> This is how it looks like from CLI:
> openssl s_client -connect 195.70.35.118:25 -starttls smtp
> CONNECTED(00000003)
> depth=3D0 CN =3D mail-a.netforum.hu
> verify error:num=3D18:self signed certificate
> verify return:1
> depth=3D0 CN =3D mail-a.netforum.hu
> verify return:1
> ---
> Certificate chain
> 0 s:/CN=3Dmail-a.netforum.hu
> i:/CN=3Dmail-a.netforum.hu
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> MIIBsTCCARoCCQCFHU4iJ8cX3zANBgkqhkiG9w0BAQUFADAdMRswGQYDVQQDExJt
> YWlsLWEubmV0Zm9ydW0uaHUwHhcNMDkwNzAxMjIyMjI0WhcNMTkwNjI5MjIyMjI0
> WjAdMRswGQYDVQQDExJtYWlsLWEubmV0Zm9ydW0uaHUwgZ8wDQYJKoZIhvcNAQEB
> BQADgY0AMIGJAoGBALRsu1r3jkKxNkuEiHLRLt6zK5dXkWy+mv1OrZAF8ExiMLTb
> rExi70sgRuH149DdiQ/v95V75JGxwWZo+J8uzPWCdoybNWbSSOMgItlMkX+y93EF
> gIlXnvYxL14q6O+9AFj7Qte3PJW1v6ZYFqO5FyaJnGW/nHxK59bPyq2IwrPLAgMB
> AAEwDQYJKoZIhvcNAQEFBQADgYEAHsqSt+9Qa1jyU5jL7IhOXvlLcumUvyuf5w3O
> 6o4T976hx1jiaQBM0wjIbI9yig+PB0crHOCkQHTcfOV+rJksQ9lEMOrjq2IWaZ/U
> 5UDAuUTdhmSmI0VWXv1n7lgjOU0iM0nFSChB4BBvdPA0qvI0Z+5QMcN16sJtMwQ7
> Cox1wJI=3D
> -----END CERTIFICATE-----
> subject=3D/CN=3Dmail-a.netforum.hu
> issuer=3D/CN=3D mail-a.netforum.hu
> ---
> Acceptable client certificate CA names
> /C=3DBR/O=3DICP-Brasil/OU=3DInstituto Nacional de Tecnologia da =
Informacao - ITI/L=3DBrasilia/ST=3DDF/CN=3DAutoridade Certificadora Raiz =
Brasileira
> /O=3DRoot CA/OU=3Dhttp://www.cacert.org/CN=3DCA Cert Signing =
Authority/emailAddress=3Dsupport@cacert.org
> /O=3DCAcert Inc./OU=3Dhttp://www.CAcert.org/CN=3DCAcert Class 3 Root
> /C=3DDE/ST=3DHessen/L=3DFulda/O=3DDebconf/CN=3DDebconf =
CA/emailAddress=3Djoerg@debian.org
> =
/C=3DFR/ST=3DFrance/L=3DParis/O=3DPM/SGDN/OU=3DDCSSI/CN=3DIGC/A/emailAddre=
ss=3Digca@sgdn.pm.gouv.fr
> =
/C=3DFR/ST=3DFrance/L=3DParis/O=3DPM/SGDN/OU=3DDCSSI/CN=3DIGC/A/emailAddre=
ss=3Digca@sgdn.pm.gouv.fr
> /C=3DUS/ST=3DDC/L=3DWashington/O=3DABA.ECOM, INC./CN=3DABA.ECOM Root =
CA/emailAddress=3Dadmin@digsigtrust.com
> /C=3DUS/O=3DAOL Time Warner Inc./OU=3DAmerica Online Inc./CN=3DAOL =
Time Warner Root Certification Authority 1
> /C=3DUS/O=3DAOL Time Warner Inc./OU=3DAmerica Online Inc./CN=3DAOL =
Time Warner Root Certification Authority 2
> /C=3DSE/O=3DAddTrust AB/OU=3DAddTrust External TTP Network/CN=3DAddTrust=
 External CA Root
> /C=3DSE/O=3DAddTrust AB/OU=3DAddTrust TTP Network/CN=3DAddTrust Class =
1 CA Root
> /C=3DSE/O=3DAddTrust AB/OU=3DAddTrust TTP Network/CN=3DAddTrust Public =
CA Root
> /C=3DSE/O=3DAddTrust AB/OU=3DAddTrust TTP Network/CN=3DAddTrust =
Qualified CA Root
> /C=3DUS/O=3DAmerica Online Inc./CN=3DAmerica Online Root Certification =
Authority 1
> /C=3DUS/O=3DAmerica Online Inc./CN=3DAmerica Online Root Certification =
Authority 2
> /C=3DIE/O=3DBaltimore/OU=3DCyberTrust/CN=3DBaltimore CyberTrust Root
> /C=3DGB/ST=3DGreater Manchester/L=3DSalford/O=3DCOMODO CA =
Limited/CN=3DCOMODO Certification Authority
> /C=3DEU/O=3DAC Camerfirma SA CIF =
A82743287/OU=3Dhttp://www.chambersign.org/CN=3DChambers of Commerce Root
> /C=3DEU/O=3DAC Camerfirma SA CIF =
A82743287/OU=3Dhttp://www.chambersign.org/CN=3DGlobal Chambersign Root
> /C=3DFR/O=3DCertplus/CN=3DClass 2 Primary CA
> /C=3DPL/O=3DUnizeto Sp. z o.o./CN=3DCertum CA
> /C=3DGB/ST=3DGreater Manchester/L=3DSalford/O=3DComodo CA =
Limited/CN=3DAAA Certificate Services
> /C=3DGB/ST=3DGreater Manchester/L=3DSalford/O=3DComodo CA =
Limited/CN=3DSecure Certificate Services
> /C=3DGB/ST=3DGreater Manchester/L=3DSalford/O=3DComodo CA =
Limited/CN=3DTrusted Certificate Services
> /C=3DUS/O=3DDigital Signature Trust/OU=3DDST ACES/CN=3DDST ACES CA X6
> /O=3DDigital Signature Trust Co./CN=3DDST Root CA X3
> /C=3DUS/O=3DDigiCert Inc/OU=3Dwww.digicert.com/CN=3DDigiCert Assured =
ID Root CA
> /C=3DUS/O=3DDigiCert Inc/OU=3Dwww.digicert.com/CN=3DDigiCert Global =
Root CA
> /C=3DUS/O=3DDigiCert Inc/OU=3Dwww.digicert.com/CN=3DDigiCert High =
Assurance EV Root CA
> /C=3DUS/O=3DDigital Signature Trust Co./OU=3DDSTCA E1
> /C=3Dus/ST=3DUtah/L=3DSalt Lake City/O=3DDigital Signature Trust =
Co./OU=3DDSTCA X1/CN=3DDST RootCA X1/emailAddress=3Dca@digsigtrust.com
> /C=3DUS/O=3DDigital Signature Trust Co./OU=3DDSTCA E2
> /C=3Dus/ST=3DUtah/L=3DSalt Lake City/O=3DDigital Signature Trust =
Co./OU=3DDSTCA X2/CN=3DDST RootCA X2/emailAddress=3Dca@digsigtrust.com
> /O=3DEntrust.net/OU=3Dwww.entrust.net/GCCA_CPS incorp. by ref. (limits =
liab.)/OU=3D(c) 2000 Entrust.net Limited/CN=3DEntrust.net Client =
Certification Authority
> /O=3DEntrust.net/OU=3Dwww.entrust.net/SSL_CPS incorp. by ref. (limits =
liab.)/OU=3D(c) 2000 Entrust.net Limited/CN=3DEntrust.net Secure Server =
Certification Authority
> /O=3DEntrust.net/OU=3Dwww.entrust.net/CPS_2048 incorp. by ref. (limits =
liab.)/OU=3D(c) 1999 Entrust.net Limited/CN=3DEntrust.net Certification =
Authority (2048)
> /C=3DUS/O=3DEntrust.net/OU=3Dwww.entrust.net/Client_CA_Info/CPS =
incorp. by ref. limits liab./OU=3D(c) 1999 Entrust.net Limited/CN=3D =
Entrust.net Client Certification Authority
> /C=3DUS/O=3DEntrust.net/OU=3Dwww.entrust.net/CPS incorp. by ref. =
(limits liab.)/OU=3D(c) 1999 Entrust.net Limited/CN=3DEntrust.net Secure =
Server Certification Authority
> /C=3DUS/O=3DEntrust, Inc./OU=3Dwww.entrust.net/CPS is incorporated by =
reference/OU=3D(c) 2006 Entrust, Inc./CN=3DEntrust Root Certification =
Authority
> /C=3DUS/O=3DEquifax/OU=3DEquifax Secure Certificate Authority
> /C=3DUS/O=3DEquifax Secure Inc./CN=3DEquifax Secure Global eBusiness =
CA-1
> /C=3DUS/O=3DEquifax Secure Inc./CN=3DEquifax Secure eBusiness CA-1
> /C=3DUS/O=3DEquifax Secure/OU=3DEquifax Secure eBusiness CA-2
> /C=3DES/L=3DC/ Muntaner 244 Barcelona/CN=3DAutoridad de Certificacion =
Firmaprofesional CIF A62634068/emailAddress=3Dca@firmaprofesional.com
> /C=3DUS/O=3DGTE Corporation/OU=3DGTE CyberTrust Solutions, Inc./CN=3DGTE=
 CyberTrust Global Root
> /C=3DUS/O=3DGTE Corporation/CN=3DGTE CyberTrust Root
> /C=3DUS/O=3DGeoTrust Inc./CN=3DGeoTrust Global CA
> /C=3DUS/O=3DGeoTrust Inc./CN=3DGeoTrust Global CA 2
> /C=3DUS/O=3DGeoTrust Inc./CN=3DGeoTrust Primary Certification =
Authority
> /C=3DUS/O=3DGeoTrust Inc./CN=3DGeoTrust Universal CA
> /C=3DUS/O=3DGeoTrust Inc./CN=3DGeoTrust Universal CA 2
> /C=3DBE/O=3DGlobalSign nv-sa/OU=3DRoot CA/CN=3DGlobalSign Root CA
> /OU=3DGlobalSign Root CA - R2/O=3DGlobalSign/CN=3DGlobalSign
> /C=3DUS/O=3DThe Go Daddy Group, Inc./OU=3DGo Daddy Class 2 =
Certification Authority
> /C=3DES/ST=3DBarcelona/L=3DBarcelona/O=3DIPS Internet publishing =
Services s.l./O=3Dips@mail.ips.es C.I.F. B-60929452/OU=3DIPS CA CLASE1 =
Certification Authority/CN=3DIPS CA CLASE1 Certification =
Authority/emailAddress=3Dips@mail.ips.es
> /C=3DES/ST=3DBarcelona/L=3DBarcelona/O=3DIPS Internet publishing =
Services s.l./O=3Dips@mail.ips.es C.I.F. B-60929452/OU=3DIPS CA CLASE3 =
Certification Authority/CN=3DIPS CA CLASE3 Certification =
Authority/emailAddress=3Dips@mail.ips.es
> /C=3DES/ST=3DBarcelona/L=3DBarcelona/O=3DIPS Internet publishing =
Services s.l./O=3Dips@mail.ips.es C.I.F. B-60929452/OU=3DIPS CA CLASEA1 =
Certification Authority/CN=3DIPS CA CLASEA1 Certification =
Authority/emailAddress=3Dips@mail.ips.es
> /C=3DES/ST=3DBarcelona/L=3DBarcelona/O=3DIPS Internet publishing =
Services s.l./O=3Dips@mail.ips.es C.I.F. B-60929452/OU=3DIPS CA CLASEA3 =
Certification Authority/CN=3DIPS CA CLASEA3 Certification =
Authority/emailAddress=3D ips@mail.ips.es
> /C=3DES/ST=3DBarcelona/L=3DBarcelona/O=3DIPS Internet publishing =
Services s.l./O=3Dips@mail.ips.es C.I.F. B-60929452/OU=3DIPS CA Chained =
CAs Certification Authority/CN=3DIPS CA Chained CAs Certification =
Authority/emailAddress=3Dips@mail.ips.es
> /C=3DES/ST=3DBARCELONA/L=3DBARCELONA/O=3DIPS Seguridad =
CA/OU=3DCertificaciones/CN=3DIPS SERVIDORES/emailAddress=3Dips@mail.ips.es=

> /C=3DES/ST=3DBarcelona/L=3DBarcelona/O=3DIPS Internet publishing =
Services s.l./O=3Dips@mail.ips.es C.I.F. B-60929452/OU=3DIPS CA =
Timestamping Certification Authority/CN=3DIPS CA Timestamping =
Certification Authority/emailAddress=3D ips@mail.ips.es
> /C=3DHU/L=3DBudapest/O=3DNetLock Halozatbiztonsagi =
Kft./OU=3DTanusitvanykiadok/CN=3DNetLock Uzleti (Class B) =
Tanusitvanykiado
> /C=3DHU/L=3DBudapest/O=3DNetLock Halozatbiztonsagi =
Kft./OU=3DTanusitvanykiadok/CN=3DNetLock Expressz (Class C) =
Tanusitvanykiado
> /C=3DHU/ST=3DHungary/L=3DBudapest/O=3DNetLock Halozatbiztonsagi =
Kft./OU=3DTanusitvanykiadok/CN=3DNetLock Kozjegyzoi (Class A) =
Tanusitvanykiado
> /C=3DHU/L=3DBudapest/O=3DNetLock Halozatbiztonsagi =
Kft./OU=3DTanusitvanykiadok/CN=3DNetLock Minositett Kozjegyzoi (Class =
QA) Tanusitvanykiado/emailAddress=3Dinfo@netlock.hu
> /C=3DBM/O=3DQuoVadis Limited/OU=3DRoot Certification =
Authority/CN=3DQuoVadis Root Certification Authority
> /C=3DBM/O=3DQuoVadis Limited/CN=3DQuoVadis Root CA 2
> /C=3DBM/O=3DQuoVadis Limited/CN=3DQuoVadis Root CA 3
> /L=3DValiCert Validation Network/O=3DValiCert, Inc./OU=3DValiCert =
Class 3 Policy Validation =
Authority/CN=3Dhttp://www.valicert.com//emailAddress=3Dinfo@valicert.com
> /O=3DRSA Security Inc/OU=3DRSA Security 1024 V3
> /O=3DRSA Security Inc/OU=3DRSA Security 2048 V3
> /C=3DUS/O=3DSecureTrust Corporation/CN=3DSecureTrust CA
> /C=3DUS/O=3DSecureTrust Corporation/CN=3DSecure Global CA
> /C=3DJP/O=3DSECOM Trust.net/OU=3DSecurity Communication RootCA1
> /C=3DFI/O=3DSonera/CN=3DSonera Class1 CA
> /C=3DFI/O=3DSonera/CN=3DSonera Class2 CA
> /C=3DNL/O=3DStaat der Nederlanden/CN=3DStaat der Nederlanden Root CA
> /C=3DUS/O=3DStarfield Technologies, Inc./OU=3DStarfield Class 2 =
Certification Authority
> /C=3DIL/O=3DStartCom Ltd./OU=3DSecure Digital Certificate =
Signing/CN=3DStartCom Certification Authority
> /C=3DIL/ST=3DIsrael/L=3DEilat/O=3DStartCom Ltd./OU=3DCA Authority =
Dep./CN=3DFree SSL Certification =
Authority/emailAddress=3Dadmin@startcom.org
> /C=3DCH/O=3DSwissSign AG/CN=3DSwissSign Gold CA - G2
> /C=3DCH/O=3DSwissSign AG/CN=3DSwissSign Platinum CA - G2
> /C=3DCH/O=3DSwissSign AG/CN=3DSwissSign Silver CA - G2
> /C=3Dch/O=3DSwisscom/OU=3DDigital Certificate Services/CN=3DSwisscom =
Root CA 1
> /C=3DDE/ST=3DHamburg/L=3DHamburg/O=3DTC TrustCenter for Security in =
Data Networks GmbH/OU=3DTC TrustCenter Class 2 =
CA/emailAddress=3Dcertificate@trustcenter.de
> /C=3DDE/ST=3DHamburg/L=3DHamburg/O=3DTC TrustCenter for Security in =
Data Networks GmbH/OU=3DTC TrustCenter Class 3 =
CA/emailAddress=3Dcertificate@trustcenter.de
> /C=3DDK/O=3DTDC Internet/OU=3DTDC Internet Root CA
> /C=3DDK/O=3DTDC/CN=3DTDC OCES CA
> /CN=3DT\xC3\x9CRKTRUST Elektronik Sertifika Hizmet =
Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=3DTR/L=3DANKARA/O=3D(c) 2005 =
T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim =
G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E.
> /CN=3DT\xC3\x9CRKTRUST Elektronik Sertifika Hizmet =
Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=3DTR/L=3DAnkara/O=3DT\xC3\x9CRKT=
RUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim =
G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005
> /C=3DTW/O=3DGovernment Root Certification Authority
> /C=3DZA/ST=3DWestern Cape/L=3DCape Town/O=3DThawte =
Consulting/OU=3DCertification Services Division/CN=3DThawte Personal =
Basic CA/emailAddress=3Dpersonal-basic@thawte.com
> /C=3DZA/ST=3DWestern Cape/L=3DCape Town/O=3DThawte =
Consulting/OU=3DCertification Services Division/CN=3DThawte Personal =
Freemail CA/emailAddress=3Dpersonal-freemail@thawte.com
> /C=3DZA/ST=3DWestern Cape/L=3DCape Town/O=3DThawte =
Consulting/OU=3DCertification Services Division/CN=3DThawte Personal =
Premium CA/emailAddress=3Dpersonal-premium@thawte.com
> /C=3DZA/ST=3DWestern Cape/L=3DCape Town/O=3DThawte Consulting =
cc/OU=3DCertification Services Division/CN=3DThawte Premium Server =
CA/emailAddress=3Dpremium-server@thawte.com
> /C=3DZA/ST=3DWestern Cape/L=3DCape Town/O=3DThawte Consulting =
cc/OU=3DCertification Services Division/CN=3DThawte Server =
CA/emailAddress=3Dserver-certs@thawte.com
> /C=3DZA/ST=3DWestern Cape/L=3DDurbanville/O=3DThawte/OU=3DThawte =
Certification/CN=3DThawte Timestamping CA
> /C=3DUS/ST=3DUT/L=3DSalt Lake City/O=3DThe USERTRUST Network/OU=3D =
http://www.usertrust.com/CN=3DUTN-USERFirst-Network Applications
> /C=3DUS/ST=3DUT/L=3DSalt Lake City/O=3DThe USERTRUST =
Network/OU=3Dhttp://www.usertrust.com/CN=3DUTN - DATACorp SGC
> /C=3DUS/ST=3DUT/L=3DSalt Lake City/O=3DThe USERTRUST =
Network/OU=3Dhttp://www.usertrust.com/CN=3DUTN-USERFirst-Client =
Authentication and Email
> /C=3DUS/ST=3DUT/L=3DSalt Lake City/O=3DThe USERTRUST =
Network/OU=3Dhttp://www.usertrust.com/CN=3DUTN-USERFirst-Hardware
> /L=3DValiCert Validation Network/O=3DValiCert, Inc./OU=3DValiCert =
Class 1 Policy Validation Authority/CN=3D =
http://www.valicert.com//emailAddress=3Dinfo@valicert.com
> /L=3DValiCert Validation Network/O=3DValiCert, Inc./OU=3DValiCert =
Class 2 Policy Validation =
Authority/CN=3Dhttp://www.valicert.com//emailAddress=3Dinfo@valicert.com
> /C=3DUS/O=3DVeriSign, Inc./OU=3DVeriSign Trust Network/OU=3D(c) 2006 =
VeriSign, Inc. - For authorized use only/CN=3DVeriSign Class 3 Public =
Primary Certification Authority - G5
> /C=3DUS/O=3DVeriSign, Inc./OU=3DClass 1 Public Primary Certification =
Authority
> /C=3DUS/O=3DVeriSign, Inc./OU=3DClass 1 Public Primary Certification =
Authority - G2/OU=3D(c) 1998 VeriSign, Inc. - For authorized use =
only/OU=3DVeriSign Trust Network
> /C=3DUS/O=3DVeriSign, Inc./OU=3DVeriSign Trust Network/OU=3D(c) 1999 =
VeriSign, Inc. - For authorized use only/CN=3DVeriSign Class 1 Public =
Primary Certification Authority - G3
> /C=3DUS/O=3DVeriSign, Inc./OU=3DClass 2 Public Primary Certification =
Authority
> /C=3DUS/O=3DVeriSign, Inc./OU=3DClass 2 Public Primary Certification =
Authority - G2/OU=3D(c) 1998 VeriSign, Inc. - For authorized use =
only/OU=3DVeriSign Trust Network
> /C=3DUS/O=3DVeriSign, Inc./OU=3DVeriSign Trust Network/OU=3D(c) 1999 =
VeriSign, Inc. - For authorized use only/CN=3DVeriSign Class 2 Public =
Primary Certification Authority - G3
> /C=3DUS/O=3DVeriSign, Inc./OU=3DClass 3 Public Primary Certification =
Authority
> /C=3DUS/O=3DVeriSign, Inc./OU=3DClass 3 Public Primary Certification =
Authority - G2/OU=3D(c) 1998 VeriSign, Inc. - For authorized use =
only/OU=3DVeriSign Trust Network
> /C=3DUS/O=3DVeriSign, Inc./OU=3DVeriSign Trust Network/OU=3D(c) 1999 =
VeriSign, Inc. - For authorized use only/CN=3DVeriSign Class 3 Public =
Primary Certification Authority - G3
> /C=3DUS/O=3DVeriSign, Inc./OU=3DClass 4 Public Primary Certification =
Authority - G2/OU=3D(c) 1998 VeriSign, Inc. - For authorized use =
only/OU=3DVeriSign Trust Network
> /C=3DUS/O=3DVeriSign, Inc./OU=3DVeriSign Trust Network/OU=3D(c) 1999 =
VeriSign, Inc. - For authorized use only/CN=3DVeriSign Class 4 Public =
Primary Certification Authority - G3
> /C=3DUS/O=3DRSA Data Security, Inc./OU=3DSecure Server Certification =
Authority
> /O=3DVeriSign, Inc./OU=3DVeriSign Trust Network/OU=3DTerms of use at =
https://www.verisign.com/rpa (c)00/CN=3DVeriSign Time Stamping Authority =
CA
> /C=3DUS/O=3DVISA/OU=3DVisa International Service Association/CN=3DGP =
Root 2
> /C=3DUS/O=3DVISA/OU=3DVisa International Service Association/CN=3DVisa =
eCommerce Root
> /C=3DUS/O=3DWells Fargo/OU=3DWells Fargo Certification =
Authority/CN=3DWells Fargo Root Certificate Authority
> /C=3DUS/OU=3Dwww.xrampsecurity.com/O=3DXRamp Security Services =
Inc/CN=3DXRamp Global Certification Authority
> /O=3DbeTRUSTed/OU=3DbeTRUSTed Root CAs/CN=3DbeTRUSTed Root =
CA-Baltimore Implementation
> /C=3DWW/O=3DbeTRUSTed/CN=3DbeTRUSTed Root CAs/CN=3DbeTRUSTed Root CA
> /O=3DbeTRUSTed/OU=3DbeTRUSTed Root CAs/CN=3DbeTRUSTed Root CA - =
Entrust Implementation
> /O=3DbeTRUSTed/OU=3DbeTRUSTed Root CAs/CN=3DbeTRUSTed Root CA - RSA =
Implementation
> /C=3DUS/O=3Dthawte, Inc./OU=3DCertification Services Division/OU=3D(c) =
2006 thawte, Inc. - For authorized use only/CN=3Dthawte Primary Root CA
> /C=3DPL/O=3DTP Internet Sp. z o.o./OU=3DCentrum Certyfikacji =
Signet/CN=3DCC Signet - CA Klasa 1
> /C=3DPL/O=3DTP Internet Sp. z o.o./OU=3DCentrum Certyfikacji =
Signet/CN=3DCC Signet - CA Klasa 2
> /C=3DPL/O=3DTP Internet Sp. z o.o./CN=3DCC Signet - CA Klasa =
3/serialNumber=3DNumer wpisu: 4
> /C=3DPL/O=3DTP Internet Sp. z o.o./OU=3DCentrum Certyfikacji =
Signet/CN=3DCC Signet - OCSP Klasa 2
> /C=3DPL/O=3DTP Internet Sp. z o.o./OU=3DCentrum Certyfikacji =
Signet/CN=3DCC Signet - OCSP Klasa 3
> /C=3DPL/O=3DTP Internet Sp. z o.o./OU=3DCentrum Certyfikacji =
Signet/CN=3DCC Signet - PCA Klasa 2
> /C=3DPL/O=3DTP Internet Sp. z o.o./OU=3DCentrum Certyfikacji =
Signet/CN=3DCC Signet - PCA Klasa 3
> /C=3DPL/O=3DTP Internet Sp. z o.o./OU=3DCentrum Certyfikacji =
Signet/CN=3DCC Signet - RootCA
> /C=3DPL/O=3DTP Internet Sp. z o.o./OU=3DCentrum Certyfikacji =
Signet/CN=3DCC Signet - TSA Klasa 1
> /C=3DUS/ST=3DIndiana/L=3DIndianapolis/O=3DSoftware in the Public =
Interest/OU=3Dhostmaster/CN=3DCertification =
Authority/emailAddress=3Dhostmaster@spi-inc.org
> /C=3DUS/ST=3DIndiana/L=3DIndianapolis/O=3DSoftware in the Public =
Interest/OU=3Dhostmaster/CN=3DCertificate =
Authority/emailAddress=3Dhostmaster@spi-inc.org
> /C=3DDE/O=3DDeutsche Telekom AG/OU=3DT-TeleSec Trust =
Center/CN=3DDeutsche Telekom Root CA 2
> /C=3DGB/ST=3DGreater Manchester/L=3DSalford/O=3DCOMODO CA =
Limited/CN=3DCOMODO ECC Certification Authority
> /C=3DNL/O=3DDigiNotar/CN=3DDigiNotar Root =
CA/emailAddress=3Dinfo@diginotar.nl
> /C=3DUS/O=3DNetwork Solutions L.L.C./CN=3DNetwork Solutions =
Certificate Authority
> /C=3DUS/O=3DWells Fargo WellsSecure/OU=3DWells Fargo Bank =
NA/CN=3DWellsSecure Public Root Certificate Authority
> ---
> SSL handshake has read 21021 bytes and written 486 bytes
> ---
> New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
> Server public key is 1024 bit
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
> Protocol : TLSv1
> Cipher : DHE-RSA-AES256-SHA
> Session-ID: =
038238157B5D6594A668AF9F40769393C542E30D7B62AEB5F0B2B600252C9724
> Session-ID-ctx:
> Master-Key: =
BD5A789FF0D8F81C552EE73DDC480AA4EEA311F707254CD605291167E10F21B6B551D9E697=
9C40814251767985B0461E
> Key-Arg : None
> Krb5 Principal: None
> PSK identity: None
> PSK identity hint: None
> Start Time: 1282744555
> Timeout : 300 (sec)
> Verify return code: 18 (self signed certificate)
> ---
> 250 HELP
> =20