Mailing List CGatePro@mail.stalker.com Message #106228
From: Marcel Hochuli <mhochuli@a-f.ch>
Subject: Re: SMTP incoming SSL problems
Date: Tue, 25 Oct 2016 13:17:47 +0000
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
Hi,

I have the same problem on an installation with CGP 6.1.6.

"Accept SSLv2 'hello'" is already enabled!

I raised logging of TLS to max and got the following lines:

15:04:50.090 4 SMTPI-593379([46.14.xx.xx]:59235) [192.168.xx.xx]:25 <- [46.14.xx.xx]:59235 incoming connection(mydomain.dom)
15:05:17.092 5 SMTPI-593379([46.14.xx.xx]:59235) out: 220 mydomain.dom ESMTP CommuniGate Pro 6.1.6\r\n
15:05:17.112 5 SMTPI-593379([46.14.xx.xx]:59235) inp: EHLO mail.yourdomain.dom
15:05:17.166 5 SMTPI-593379(mail.yourdomain.dom) out: 250-mydomain.dom is pleased to meet you\r\n250-DSN\r\n250-SIZE 31457280\r\n250-STARTTLS\r\n250-AUTH LOGIN PLAIN CRAM-MD5 GSSAPI\r\n250-ETRN\r\n250-TURN\r\n250-ATRN\r\n250-NO-SOLICITING\r\n250-8BITMIME\r\n250-HELP\r\n250-PIPELINING\r\n250 EHLO\r\n
15:05:17.191 5 SMTPI-593379(mail.yourdomain.dom) inp: STARTTLS
15:05:17.191 5 SMTPI-593379(mail.yourdomain.dom) out: 220 please start a TLS connection\r\n
15:05:17.211 5 SMTPI-593379 TLS inp(157): 16 03 01 00 98 01 00 00 94 03 01 25 36 4E BE 2F B4 5E 90 07 A8 96 50 B6 3E F7 C1 98 6F 01 23 4B E3 FF 4E 96 C2 EA 78 79 FD 14 B8 00 00 26 C0 14 C0 0A C0 0F C0 05 00 39 C0 13 C0 09 C0 0E C0 04 00 33 C0 12 C0 08 C0 0D C0 03 00 16 00 35 00 2F 00 0A 00 FF 01 00
15:05:17.211 4 SMTPI-593379 TLSvX h-inp (148): client_hello
15:05:17.211 5 SMTPI-593379 unknown TLS client extension 0xF (1)
15:05:17.411 5 SMTPI-593379 TLS out<21> (2): 02 2F
15:05:17.411 5 SMTPI-593379 handshaker released
15:05:17.411 3 SMTPI-593379(mail.yourdomain.dom) failed to accept a secure connection for DOMAIN(mydomain.dom). Error Code=none of client TLS cipher methods is supported
15:05:17.411 5 SMTPI-593379 TLS out<21> (2): 02 0A
15:05:17.411 5 SMTPI-593379 TLS released
15:05:17.411 4 SMTPI-593379(mail.yourdomain.dom) closing connection
15:05:17.411 4 SMTPI-593379(mail.yourdomain.dom) releasing stream


What else to enable / disable?


Marcel


+---
mailto:mhochuli@a-f.ch
otherto:noway@a-f.ch
_______________________________________



> Am 25.04.2016 um 16:20 schrieb Technical Support <support@stalker.com>:
>
> Hello,
>
> On 2016-04-21 21:34, Kurt Albershardt wrote:
>> I'm getting these in the logs from a couple of providers and can't find
>> any references to the string online:
>>
>> ....failed to accept a secure connection for DOMAIN(nv.net). Error
>> Code=SSLv2 hello is not supported
>
> For this one enable "Accept SSLv2 'hello'" in WebAdmin -> Settings -> General -> Other -> TLS Sessions.
>
> --
> Best regards,
> Dmitry Akindinov
>
> =======================================================================
> When answering to letters sent to you by the tech.support staff, make
> sure the original message you have received is included into your
> reply.
>
> #############################################################
> This message is sent to you because you are subscribed to
> the mailing list <CGatePro@mail.stalker.com>.
> To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
> To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
> To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
> Send administrative queries to  <CGatePro-request@mail.stalker.com>

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster