mail, TLS connect failed

[conym18]

Hallo,

ich habe eine Linux Server mit Plesk 10.4.4 und OpenSSL 1.0.1g 7 Apr 2014


Beim Senden an bestimmte Emails erhalten ich folgende Fehlermeldung zurück:

<philippe.bastin@yamauchi.be>:
TLS connect failed: error:1411809D:SSL
routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat
listZConnected to 213.199.154.23 but connection died. error:140920C5:SSL
routines:SSL3_GET_SERVER_HELLOld session cipher not returned (#4.4.2) I'm
not going to try again; this message has been in the queue too long.


Was kann ich machen?

 

[catwiesel]

https://github.com/droe/sslsplit/issues/7

http://stackoverflow.com/questions/20046176/rcurl-errors-when-fetching-ssl-endpoint

Schon mal gegoogelt...

 

[GwenDragon]

Ich weiß nicht welche Chiffren und welche SSL-Version du aktiviert hast, welchen OpenSSL aus welcher Distrie du verwendest, aber ich meine mich zu erinnern, dass es da einen Bug in 1.0.1 gab: http://rt.openssl.org/Ticket/Display.html?id=2240.

 

[conym18]

Danke CATWIESEL:

Wie gebe ich (aus: https://github.com/droe/sslsplit/issues/7) "-s ALL:-ECDH" ein?

openssl -s ALL:-ECDH


Es erscheint:

openssl:Error: '-s' is an invalid command.

 

[GwenDragon]

openssl s_client -cipher "ALL:-ECDH" -connect example.org:443

 

[conym18]

Ich erhalte:

openssl s_client -cipher "ALL:-ECDH" -connect yamauchi-be.mail.protection.outlook.com:465

connect: Connection timed out
connect:errno=110

bei Port 25 erhalte ich:

CONNECTED(00000003)
140219808417448:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 298 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
---

Hab jetzt übrigens die Version:
OpenSSL 1.0.2c 12 Jun 2015

 

[GwenDragon]

Ob du nun TLS oder StartTLS über Port 25 oder 587 oder 465 verwendest, welche Ports erreichbar sind, weiß ich nicht.

Aber wenn du bei SMTP StartTLS verwendest, brauch openssl noch den Parameter -starttls smtp um zu verbinden.

Du kannst auch gern noch -debug hinzufügen um zu sehen was genau passiert oder wo es hakt.

 

[conym18]

Hallo und vielen Dank für deine Info:

Hier die Ausgabe:

openssl s_client -cipher "ALL:-ECDH" -starttls smtp -connect yamauchi-be.mail.protection.outlook.com:25
CONNECTED(00000003)
depth=2 CN = Microsoft Internet Authority
verify error:num=20:unable to get local issuer certificate
---
Certificate chain
 0 s:/C=US/ST=WA/L=Redmond/O=Microsoft/OU=Forefront Online Protection for Exchange/CN=mail.protection.outlook.com
   i:/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2
 1 s:/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2
   i:/CN=Microsoft Internet Authority
 2 s:/CN=Microsoft Internet Authority
   i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHITCCBgmgAwIBAgIKaJVJ8AABAADfvjANBgkqhkiG9w0BAQUFADCBgDETMBEG
CgmSJomT8ixkARkWA2NvbTEZMBcGCgmSJomT8ixkARkWCW1pY3Jvc29mdDEUMBIG
CgmSJomT8ixkARkWBGNvcnAxFzAVBgoJkiaJk/IsZAEZFgdyZWRtb25kMR8wHQYD
VQQDExZNU0lUIE1hY2hpbmUgQXV0aCBDQSAyMB4XDTE0MDUyOTIyMTk0NloXDTE2
MDUxNTIwNTA1NVowgZkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJXQTEQMA4GA1UE
BxMHUmVkbW9uZDESMBAGA1UEChMJTWljcm9zb2Z0MTEwLwYDVQQLEyhGb3JlZnJv
bnQgT25saW5lIFByb3RlY3Rpb24gZm9yIEV4Y2hhbmdlMSQwIgYDVQQDExttYWls
LnByb3RlY3Rpb24ub3V0bG9vay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC//+TcN6C92y7BZE4E9+3VJfxW/QHCbOdk8/W2rZ9NXK+JfgM8t6lD
+Xi9IQflxEnOpuANelypefk5rfpJuiSnGRGMg44xAWQkhhBVynduvDRoddd9ieaC
LIC0rcuyeqpvXnw8MPZdp1nRn12XoOrDhUYBke3JRk9JKys5yOec+g5a65nUxp++
jDtQOHCN60n5MmGZH5a+/EX++ZpyC13SISHEcVLNRDMMHzpmYT3h5JjCe3AhMgTy
qbjavIddv5lAyuGw9UsSpmjdyQ0gLPepfKscZ/5bp6QRT8rOj3d4jTlAbqsjJM6y
PBHxAHXrLiCPC3mn38Eggs7PIAPce47/AgMBAAGjggOAMIIDfDALBgNVHQ8EBAMC
BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMHgGCSqGSIb3DQEJDwRr
MGkwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDALBglghkgBZQMEASow
CwYJYIZIAWUDBAEtMAsGCWCGSAFlAwQBAjALBglghkgBZQMEAQUwBwYFKw4DAgcw
CgYIKoZIhvcNAwcwHQYDVR0OBBYEFOdAD77qj+T7cfw6+hwbEjOKBl9DMB8GA1Ud
IwQYMBaAFOvbEV74CZ7Y1mKc/WKd44RKKOEnMIHuBgNVHR8EgeYwgeMwgeCggd2g
gdqGT2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01T
SVQlMjBNYWNoaW5lJTIwQXV0aCUyMENBJTIwMigxKS5jcmyGTWh0dHA6Ly9jcmwu
bWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NU0lUJTIwTWFjaGluZSUyMEF1
dGglMjBDQSUyMDIoMSkuY3JshjhodHRwOi8vY29ycHBraS9jcmwvTVNJVCUyME1h
Y2hpbmUlMjBBdXRoJTIwQ0ElMjAyKDEpLmNybDCBrQYIKwYBBQUHAQEEgaAwgZ0w
VQYIKwYBBQUHMAKGSWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3Jw
L01TSVQlMjBNYWNoaW5lJTIwQXV0aCUyMENBJTIwMigxKS5jcnQwRAYIKwYBBQUH
MAKGOGh0dHA6Ly9jb3JwcGtpL2FpYS9NU0lUJTIwTWFjaGluZSUyMEF1dGglMjBD
QSUyMDIoMSkuY3J0MD8GCSsGAQQBgjcVBwQyMDAGKCsGAQQBgjcVCIPPiU2t8gKF
oZ8MgvrKfYHh+3SBT4PC7YUIjqnShWMCAWQCAQ0wJwYJKwYBBAGCNxUKBBowGDAK
BggrBgEFBQcDAjAKBggrBgEFBQcDATCBiAYDVR0RBIGAMH6CFSoubWFpbC5lby5v
dXRsb29rLmNvbYIdKi5tYWlsLnByb3RlY3Rpb24ub3V0bG9vay5jb22CG21haWwu
cHJvdGVjdGlvbi5vdXRsb29rLmNvbYILb3V0bG9vay5jb22CHG1haWwubWVzc2Fn
aW5nLm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEFBQADggEBAG0IKQDUPEOjAOv2
RMUAzyveNL590cdIVRNb3qq9kOOAK2HsUJJy8AE6HXEhgAl2kOyeIUKLlO0iYVRe
Viapc0nAcmuGT0AJtNEOaklBBzEAxfMBVsDuo1N9ngGDH4sx0izkM1R6fkN6fjHe
lVWeyne4GnJG//RoiQDIoRcETgLhpr+fd972PupvF13ao+tC3L4MEx6K5KfDY4z9
Fvjz+uPd1Y/6h2PwmxyBR2C5G2hkAsKs7ZD2ZhI5JhI+Sle4JLFDcjhdYVHS/dGo
s5+lCADuoG4gaPkdHplaqHyF5p8kREhlCOlwhEp3c6LXoTjgG75Lu02V1YKy+DZK
v5STRJE=
-----END CERTIFICATE-----
subject=/C=US/ST=WA/L=Redmond/O=Microsoft/OU=Forefront Online Protection for Exchange/CN=mail.protection.outlook.com
issuer=/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2
---
Acceptable client certificate CA names
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
/C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA
/O=RSA Security Inc/OU=RSA Security 2048 V3
/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1
/C=FI/O=Sonera/CN=Sonera Class2 CA
/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)
/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA - G2
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
/C=FR/O=Certplus/CN=Class 2 Primary CA
/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
/C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2
/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Root Certificate Authority 2011
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root
/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority
/C=CH/O=SwissSign AG/CN=SwissSign Silver CA - G2
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority
/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
/C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority
/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Root Certificate Authority - G2
/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2
/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
/C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2
/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Root Certificate Authority 2010
/OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority
/DC=com/DC=microsoft/CN=Microsoft Root Certificate Authority
/CN=NT AUTHORITY
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
---
SSL handshake has read 9009 bytes and written 687 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.1
    Cipher    : AES256-SHA
    Session-ID: 63200000DCFBD154D21788802E4C7F8C19638B89177365157ECCD1CA80729432
    Session-ID-ctx:
    Master-Key: 53EB9A7A84FEB9595A601C11F0AAC93ED20FA527008072D78E8DF70C88ED1E4FE7EE97C7345A0BF8F156E2AF82A3B367
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1435055965
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
250 CHUNKING

Bedeutet es das es nun geht und was ich im openssl einstellen, damit auch die Email real verschickt werden?

 

[GwenDragon]

Mit Einstellungen in OpenSSL hat das nichts zu tun.
Dein Mailserver der weitersendet, brauch andere Einstellungen (entweder global oder für bestimmte Ziel-Domains).

Welchen Mailserver benutzt du für SMTP?

 

[conym18]

Hallo,

ich habe als mailserver "qmail"

 

[conym18]

Wie kann ich global für den qmail die Einstellungen ändern?

 

[GwenDragon]

Bei Qmail kannst du in der Datei /var/qmail/control/tlsserverciphers die gewünschten SSL-Chiffren festlegen:

ALL:!SSLv2:-ECDH:+HIGH:-MEDIUM:!LOW:!EXPORT:!aNULL

Mit den Chiffren bis du wohl besser bestellt, da ALL:-ECDH auch unsichere Chiffren aktiviert hat.

Inwieweit du dann zu jedem externen SMTP-Server raus kommst, weiß ich nicht.

 

[Joe User]

Was soll denn der Bullshit mit dem "-ECDH"?

Eine vernünftige Cipherlist sieht ausserdem eher so aus:

EECDH+AESGCM:EECDH+AES256:EECDH+AES128:EECDH+3DES:EDH+AESGCM:EDH+AES256:EDH+AES128:EDH+3DES:!RC4:!eNULL:!aNULL:!MEDIUM:!LOW:!EXP

 

[GwenDragon]

@Joe User
Warum so kotzbrockig?
Sag doch eher mal, was an der von mir kurzen Liste falsch und gefährlich ist, dann lernt conym18 noch was.

Und du garantierst dem Startposter, dass die Chiffren auf dem ollen qmail von Plesk 10 laufen und auch brav nach außen an jeden SMTP verbinden.

 

[Joe User]

Die Cipher haben nix mit qmüll zu tun und sein openssl kann damit umgehen.

 

[Joe User]

Warum so kotzbrockig?

Weil es nervt, wenn die ohnehin schon magere Sicherheit beim OP grundlos weiter geschwächt wird, ohne ihn trotz besseren Wissens darauf hinzuweisen.


/me der Satz ist scheisse formuliert

 

[GwenDragon]

Dass der OP jetzt weiß wo sein Sicherheitsproblem liegt, bezweifel ich. Das hast du kaum dargelegt.

OK, du kannst ihm besser helfen. Ich werde mich nicht weiter drum kümmern.

 

[Joe User]

Nö, ich kann ihm nicht weiterhelfen, da ich weder QMüll noch Pest supporte.

Entweder der OP verwendet noch ein ungepatchtes openssl-1.0.0a/b oder die Gegenstelle hat seit Jahren keine Windows-Updates (insbesondere die für SChannel) eingespielt. Beides wäre fatal und Letzteres kann ich zumindest für die fünf outlook.com-Hosts mit denen ich Kontakt hatte ausschliessen, weshalb ich derzeit davon ausgehe, dass der OP ein völlig veraltetes System betreibt und daher auch etliche Sicherheitsprobleme hat.

Aber ich lasse mich gerne eines Besseren belehren.


Nachtrag der Connects:

[root@devnoip:~] # echo QUIT | openssl s_client -starttls smtp -connect yamauchi-be.mail.protection.outlook.com:25
CONNECTED(00000003)
depth=3 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=2 CN = Microsoft Internet Authority
verify return:1
depth=1 DC = com, DC = microsoft, DC = corp, DC = redmond, CN = MSIT Machine Auth CA 2
verify return:1
depth=0 C = US, ST = WA, L = Redmond, O = Microsoft, OU = Forefront Online Protection for Exchange, CN = mail.protection.outlook.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=WA/L=Redmond/O=Microsoft/OU=Forefront Online Protection for Exchange/CN=mail.protection.outlook.com
   i:/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2
 1 s:/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2
   i:/CN=Microsoft Internet Authority
 2 s:/CN=Microsoft Internet Authority
   i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHITCCBgmgAwIBAgIKaJVJ8AABAADfvjANBgkqhkiG9w0BAQUFADCBgDETMBEG
CgmSJomT8ixkARkWA2NvbTEZMBcGCgmSJomT8ixkARkWCW1pY3Jvc29mdDEUMBIG
CgmSJomT8ixkARkWBGNvcnAxFzAVBgoJkiaJk/IsZAEZFgdyZWRtb25kMR8wHQYD
VQQDExZNU0lUIE1hY2hpbmUgQXV0aCBDQSAyMB4XDTE0MDUyOTIyMTk0NloXDTE2
MDUxNTIwNTA1NVowgZkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJXQTEQMA4GA1UE
BxMHUmVkbW9uZDESMBAGA1UEChMJTWljcm9zb2Z0MTEwLwYDVQQLEyhGb3JlZnJv
bnQgT25saW5lIFByb3RlY3Rpb24gZm9yIEV4Y2hhbmdlMSQwIgYDVQQDExttYWls
LnByb3RlY3Rpb24ub3V0bG9vay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC//+TcN6C92y7BZE4E9+3VJfxW/QHCbOdk8/W2rZ9NXK+JfgM8t6lD
+Xi9IQflxEnOpuANelypefk5rfpJuiSnGRGMg44xAWQkhhBVynduvDRoddd9ieaC
LIC0rcuyeqpvXnw8MPZdp1nRn12XoOrDhUYBke3JRk9JKys5yOec+g5a65nUxp++
jDtQOHCN60n5MmGZH5a+/EX++ZpyC13SISHEcVLNRDMMHzpmYT3h5JjCe3AhMgTy
qbjavIddv5lAyuGw9UsSpmjdyQ0gLPepfKscZ/5bp6QRT8rOj3d4jTlAbqsjJM6y
PBHxAHXrLiCPC3mn38Eggs7PIAPce47/AgMBAAGjggOAMIIDfDALBgNVHQ8EBAMC
BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMHgGCSqGSIb3DQEJDwRr
MGkwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDALBglghkgBZQMEASow
CwYJYIZIAWUDBAEtMAsGCWCGSAFlAwQBAjALBglghkgBZQMEAQUwBwYFKw4DAgcw
CgYIKoZIhvcNAwcwHQYDVR0OBBYEFOdAD77qj+T7cfw6+hwbEjOKBl9DMB8GA1Ud
IwQYMBaAFOvbEV74CZ7Y1mKc/WKd44RKKOEnMIHuBgNVHR8EgeYwgeMwgeCggd2g
gdqGT2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01T
SVQlMjBNYWNoaW5lJTIwQXV0aCUyMENBJTIwMigxKS5jcmyGTWh0dHA6Ly9jcmwu
bWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NU0lUJTIwTWFjaGluZSUyMEF1
dGglMjBDQSUyMDIoMSkuY3JshjhodHRwOi8vY29ycHBraS9jcmwvTVNJVCUyME1h
Y2hpbmUlMjBBdXRoJTIwQ0ElMjAyKDEpLmNybDCBrQYIKwYBBQUHAQEEgaAwgZ0w
VQYIKwYBBQUHMAKGSWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3Jw
L01TSVQlMjBNYWNoaW5lJTIwQXV0aCUyMENBJTIwMigxKS5jcnQwRAYIKwYBBQUH
MAKGOGh0dHA6Ly9jb3JwcGtpL2FpYS9NU0lUJTIwTWFjaGluZSUyMEF1dGglMjBD
QSUyMDIoMSkuY3J0MD8GCSsGAQQBgjcVBwQyMDAGKCsGAQQBgjcVCIPPiU2t8gKF
oZ8MgvrKfYHh+3SBT4PC7YUIjqnShWMCAWQCAQ0wJwYJKwYBBAGCNxUKBBowGDAK
BggrBgEFBQcDAjAKBggrBgEFBQcDATCBiAYDVR0RBIGAMH6CFSoubWFpbC5lby5v
dXRsb29rLmNvbYIdKi5tYWlsLnByb3RlY3Rpb24ub3V0bG9vay5jb22CG21haWwu
cHJvdGVjdGlvbi5vdXRsb29rLmNvbYILb3V0bG9vay5jb22CHG1haWwubWVzc2Fn
aW5nLm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEFBQADggEBAG0IKQDUPEOjAOv2
RMUAzyveNL590cdIVRNb3qq9kOOAK2HsUJJy8AE6HXEhgAl2kOyeIUKLlO0iYVRe
Viapc0nAcmuGT0AJtNEOaklBBzEAxfMBVsDuo1N9ngGDH4sx0izkM1R6fkN6fjHe
lVWeyne4GnJG//RoiQDIoRcETgLhpr+fd972PupvF13ao+tC3L4MEx6K5KfDY4z9
Fvjz+uPd1Y/6h2PwmxyBR2C5G2hkAsKs7ZD2ZhI5JhI+Sle4JLFDcjhdYVHS/dGo
s5+lCADuoG4gaPkdHplaqHyF5p8kREhlCOlwhEp3c6LXoTjgG75Lu02V1YKy+DZK
v5STRJE=
-----END CERTIFICATE-----
subject=/C=US/ST=WA/L=Redmond/O=Microsoft/OU=Forefront Online Protection for Exchange/CN=mail.protection.outlook.com
issuer=/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2
---
Acceptable client certificate CA names
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
/C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2
/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Root Certificate Authority 2011
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority
/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Root Certificate Authority 2010
/OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority
/DC=com/DC=microsoft/CN=Microsoft Root Certificate Authority
/CN=NT AUTHORITY
---
SSL handshake has read 7649 bytes and written 558 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-SHA384
    Session-ID: 041300009B2B44B88395454F048961EA26877D8CEEBDF637E78FBA840A344C67
    Session-ID-ctx:
    Master-Key: 6C586F71E08D3E96441C1239EC31507B443BAD922AF48367E558253ECC8F672541A3B18E38C327850A2DD5B7B89BD9A1
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1435091520
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
250 CHUNKING
DONE
[root@devnoip:~] # echo QUIT | openssl s_client -starttls smtp -connect yamauchi-be.mail.protection.outlook.com:25
CONNECTED(00000003)
depth=3 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=2 CN = Microsoft Internet Authority
verify return:1
depth=1 DC = com, DC = microsoft, DC = corp, DC = redmond, CN = MSIT Machine Auth CA 2
verify return:1
depth=0 C = US, ST = WA, L = Redmond, O = Microsoft, OU = Forefront Online Protection for Exchange, CN = mail.protection.outlook.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=WA/L=Redmond/O=Microsoft/OU=Forefront Online Protection for Exchange/CN=mail.protection.outlook.com
   i:/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2
 1 s:/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2
   i:/CN=Microsoft Internet Authority
 2 s:/CN=Microsoft Internet Authority
   i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHITCCBgmgAwIBAgIKaJVJ8AABAADfvjANBgkqhkiG9w0BAQUFADCBgDETMBEG
CgmSJomT8ixkARkWA2NvbTEZMBcGCgmSJomT8ixkARkWCW1pY3Jvc29mdDEUMBIG
CgmSJomT8ixkARkWBGNvcnAxFzAVBgoJkiaJk/IsZAEZFgdyZWRtb25kMR8wHQYD
VQQDExZNU0lUIE1hY2hpbmUgQXV0aCBDQSAyMB4XDTE0MDUyOTIyMTk0NloXDTE2
MDUxNTIwNTA1NVowgZkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJXQTEQMA4GA1UE
BxMHUmVkbW9uZDESMBAGA1UEChMJTWljcm9zb2Z0MTEwLwYDVQQLEyhGb3JlZnJv
bnQgT25saW5lIFByb3RlY3Rpb24gZm9yIEV4Y2hhbmdlMSQwIgYDVQQDExttYWls
LnByb3RlY3Rpb24ub3V0bG9vay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC//+TcN6C92y7BZE4E9+3VJfxW/QHCbOdk8/W2rZ9NXK+JfgM8t6lD
+Xi9IQflxEnOpuANelypefk5rfpJuiSnGRGMg44xAWQkhhBVynduvDRoddd9ieaC
LIC0rcuyeqpvXnw8MPZdp1nRn12XoOrDhUYBke3JRk9JKys5yOec+g5a65nUxp++
jDtQOHCN60n5MmGZH5a+/EX++ZpyC13SISHEcVLNRDMMHzpmYT3h5JjCe3AhMgTy
qbjavIddv5lAyuGw9UsSpmjdyQ0gLPepfKscZ/5bp6QRT8rOj3d4jTlAbqsjJM6y
PBHxAHXrLiCPC3mn38Eggs7PIAPce47/AgMBAAGjggOAMIIDfDALBgNVHQ8EBAMC
BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMHgGCSqGSIb3DQEJDwRr
MGkwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDALBglghkgBZQMEASow
CwYJYIZIAWUDBAEtMAsGCWCGSAFlAwQBAjALBglghkgBZQMEAQUwBwYFKw4DAgcw
CgYIKoZIhvcNAwcwHQYDVR0OBBYEFOdAD77qj+T7cfw6+hwbEjOKBl9DMB8GA1Ud
IwQYMBaAFOvbEV74CZ7Y1mKc/WKd44RKKOEnMIHuBgNVHR8EgeYwgeMwgeCggd2g
gdqGT2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01T
SVQlMjBNYWNoaW5lJTIwQXV0aCUyMENBJTIwMigxKS5jcmyGTWh0dHA6Ly9jcmwu
bWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NU0lUJTIwTWFjaGluZSUyMEF1
dGglMjBDQSUyMDIoMSkuY3JshjhodHRwOi8vY29ycHBraS9jcmwvTVNJVCUyME1h
Y2hpbmUlMjBBdXRoJTIwQ0ElMjAyKDEpLmNybDCBrQYIKwYBBQUHAQEEgaAwgZ0w
VQYIKwYBBQUHMAKGSWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3Jw
L01TSVQlMjBNYWNoaW5lJTIwQXV0aCUyMENBJTIwMigxKS5jcnQwRAYIKwYBBQUH
MAKGOGh0dHA6Ly9jb3JwcGtpL2FpYS9NU0lUJTIwTWFjaGluZSUyMEF1dGglMjBD
QSUyMDIoMSkuY3J0MD8GCSsGAQQBgjcVBwQyMDAGKCsGAQQBgjcVCIPPiU2t8gKF
oZ8MgvrKfYHh+3SBT4PC7YUIjqnShWMCAWQCAQ0wJwYJKwYBBAGCNxUKBBowGDAK
BggrBgEFBQcDAjAKBggrBgEFBQcDATCBiAYDVR0RBIGAMH6CFSoubWFpbC5lby5v
dXRsb29rLmNvbYIdKi5tYWlsLnByb3RlY3Rpb24ub3V0bG9vay5jb22CG21haWwu
cHJvdGVjdGlvbi5vdXRsb29rLmNvbYILb3V0bG9vay5jb22CHG1haWwubWVzc2Fn
aW5nLm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEFBQADggEBAG0IKQDUPEOjAOv2
RMUAzyveNL590cdIVRNb3qq9kOOAK2HsUJJy8AE6HXEhgAl2kOyeIUKLlO0iYVRe
Viapc0nAcmuGT0AJtNEOaklBBzEAxfMBVsDuo1N9ngGDH4sx0izkM1R6fkN6fjHe
lVWeyne4GnJG//RoiQDIoRcETgLhpr+fd972PupvF13ao+tC3L4MEx6K5KfDY4z9
Fvjz+uPd1Y/6h2PwmxyBR2C5G2hkAsKs7ZD2ZhI5JhI+Sle4JLFDcjhdYVHS/dGo
s5+lCADuoG4gaPkdHplaqHyF5p8kREhlCOlwhEp3c6LXoTjgG75Lu02V1YKy+DZK
v5STRJE=
-----END CERTIFICATE-----
subject=/C=US/ST=WA/L=Redmond/O=Microsoft/OU=Forefront Online Protection for Exchange/CN=mail.protection.outlook.com
issuer=/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2
---
Acceptable client certificate CA names
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Root Certificate Authority 2011
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
/C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority
/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Root Certificate Authority 2010
/OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority
/DC=com/DC=microsoft/CN=Microsoft Root Certificate Authority
/CN=NT AUTHORITY
---
SSL handshake has read 7605 bytes and written 558 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-SHA384
    Session-ID: 43010000A76C8411F9922B446AC6300A0BEA9213E527FAE5881841142A2B6D85
    Session-ID-ctx:
    Master-Key: B158013C664CD2F0BB45136303311D9846914C74B72812BC565E5FA2C6846526D9EF4B5DE07366191D55DE8DDBEC4DAF
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1435091549
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
250 CHUNKING
DONE
[root@devnoip:~] # echo QUIT | openssl s_client -cipher "EECDH+AESGCM:EECDH+AES256:EECDH+AES128:EECDH+3DES:EDH+AESGCM:EDH+AES256:EDH+AES128:EDH+3DES:\!RC4:\!eNULL:\!aNULL:\!MEDIUM:\!LOW:\!EXP" -starttls smtp -connect yamauchi-be.mail.protection.outlook.com:25
CONNECTED(00000003)
depth=3 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=2 CN = Microsoft Internet Authority
verify return:1
depth=1 DC = com, DC = microsoft, DC = corp, DC = redmond, CN = MSIT Machine Auth CA 2
verify return:1
depth=0 C = US, ST = WA, L = Redmond, O = Microsoft, OU = Forefront Online Protection for Exchange, CN = mail.protection.outlook.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=WA/L=Redmond/O=Microsoft/OU=Forefront Online Protection for Exchange/CN=mail.protection.outlook.com
   i:/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2
 1 s:/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2
   i:/CN=Microsoft Internet Authority
 2 s:/CN=Microsoft Internet Authority
   i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHITCCBgmgAwIBAgIKaJVJ8AABAADfvjANBgkqhkiG9w0BAQUFADCBgDETMBEG
CgmSJomT8ixkARkWA2NvbTEZMBcGCgmSJomT8ixkARkWCW1pY3Jvc29mdDEUMBIG
CgmSJomT8ixkARkWBGNvcnAxFzAVBgoJkiaJk/IsZAEZFgdyZWRtb25kMR8wHQYD
VQQDExZNU0lUIE1hY2hpbmUgQXV0aCBDQSAyMB4XDTE0MDUyOTIyMTk0NloXDTE2
MDUxNTIwNTA1NVowgZkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJXQTEQMA4GA1UE
BxMHUmVkbW9uZDESMBAGA1UEChMJTWljcm9zb2Z0MTEwLwYDVQQLEyhGb3JlZnJv
bnQgT25saW5lIFByb3RlY3Rpb24gZm9yIEV4Y2hhbmdlMSQwIgYDVQQDExttYWls
LnByb3RlY3Rpb24ub3V0bG9vay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC//+TcN6C92y7BZE4E9+3VJfxW/QHCbOdk8/W2rZ9NXK+JfgM8t6lD
+Xi9IQflxEnOpuANelypefk5rfpJuiSnGRGMg44xAWQkhhBVynduvDRoddd9ieaC
LIC0rcuyeqpvXnw8MPZdp1nRn12XoOrDhUYBke3JRk9JKys5yOec+g5a65nUxp++
jDtQOHCN60n5MmGZH5a+/EX++ZpyC13SISHEcVLNRDMMHzpmYT3h5JjCe3AhMgTy
qbjavIddv5lAyuGw9UsSpmjdyQ0gLPepfKscZ/5bp6QRT8rOj3d4jTlAbqsjJM6y
PBHxAHXrLiCPC3mn38Eggs7PIAPce47/AgMBAAGjggOAMIIDfDALBgNVHQ8EBAMC
BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMHgGCSqGSIb3DQEJDwRr
MGkwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDALBglghkgBZQMEASow
CwYJYIZIAWUDBAEtMAsGCWCGSAFlAwQBAjALBglghkgBZQMEAQUwBwYFKw4DAgcw
CgYIKoZIhvcNAwcwHQYDVR0OBBYEFOdAD77qj+T7cfw6+hwbEjOKBl9DMB8GA1Ud
IwQYMBaAFOvbEV74CZ7Y1mKc/WKd44RKKOEnMIHuBgNVHR8EgeYwgeMwgeCggd2g
gdqGT2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01T
SVQlMjBNYWNoaW5lJTIwQXV0aCUyMENBJTIwMigxKS5jcmyGTWh0dHA6Ly9jcmwu
bWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NU0lUJTIwTWFjaGluZSUyMEF1
dGglMjBDQSUyMDIoMSkuY3JshjhodHRwOi8vY29ycHBraS9jcmwvTVNJVCUyME1h
Y2hpbmUlMjBBdXRoJTIwQ0ElMjAyKDEpLmNybDCBrQYIKwYBBQUHAQEEgaAwgZ0w
VQYIKwYBBQUHMAKGSWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3Jw
L01TSVQlMjBNYWNoaW5lJTIwQXV0aCUyMENBJTIwMigxKS5jcnQwRAYIKwYBBQUH
MAKGOGh0dHA6Ly9jb3JwcGtpL2FpYS9NU0lUJTIwTWFjaGluZSUyMEF1dGglMjBD
QSUyMDIoMSkuY3J0MD8GCSsGAQQBgjcVBwQyMDAGKCsGAQQBgjcVCIPPiU2t8gKF
oZ8MgvrKfYHh+3SBT4PC7YUIjqnShWMCAWQCAQ0wJwYJKwYBBAGCNxUKBBowGDAK
BggrBgEFBQcDAjAKBggrBgEFBQcDATCBiAYDVR0RBIGAMH6CFSoubWFpbC5lby5v
dXRsb29rLmNvbYIdKi5tYWlsLnByb3RlY3Rpb24ub3V0bG9vay5jb22CG21haWwu
cHJvdGVjdGlvbi5vdXRsb29rLmNvbYILb3V0bG9vay5jb22CHG1haWwubWVzc2Fn
aW5nLm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEFBQADggEBAG0IKQDUPEOjAOv2
RMUAzyveNL590cdIVRNb3qq9kOOAK2HsUJJy8AE6HXEhgAl2kOyeIUKLlO0iYVRe
Viapc0nAcmuGT0AJtNEOaklBBzEAxfMBVsDuo1N9ngGDH4sx0izkM1R6fkN6fjHe
lVWeyne4GnJG//RoiQDIoRcETgLhpr+fd972PupvF13ao+tC3L4MEx6K5KfDY4z9
Fvjz+uPd1Y/6h2PwmxyBR2C5G2hkAsKs7ZD2ZhI5JhI+Sle4JLFDcjhdYVHS/dGo
s5+lCADuoG4gaPkdHplaqHyF5p8kREhlCOlwhEp3c6LXoTjgG75Lu02V1YKy+DZK
v5STRJE=
-----END CERTIFICATE-----
subject=/C=US/ST=WA/L=Redmond/O=Microsoft/OU=Forefront Online Protection for Exchange/CN=mail.protection.outlook.com
issuer=/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2
---
Acceptable client certificate CA names
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
/C=FR/O=Certplus/CN=Class 2 Primary CA
/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Root Certificate Authority 2011
/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
/C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority
/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2
/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
/C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2
/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
/C=US/O=AffirmTrust/CN=AffirmTrust Commercial
/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Root Certificate Authority 2010
/OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority
/DC=com/DC=microsoft/CN=Microsoft Root Certificate Authority
/CN=NT AUTHORITY
---
SSL handshake has read 7850 bytes and written 478 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-SHA384
    Session-ID: B60800008BB1446A65A6CFDF3E3C04EAB07CF3AF80693BF043B35F8FBCB25B4B
    Session-ID-ctx:
    Master-Key: 49F5E5DA5B599C48570DF81B6B0CC44C912EB5F10584AF2C3C1034A0F2E67853584AC476A5BB42847D3DB60FFA1C8EB1
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1435091725
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
250 CHUNKING
DONE
[root@devnoip:~] # echo QUIT | openssl s_client -cipher "EECDH+AESGCM:EECDH+AES256:EECDH+AES128:EECDH+3DES:EDH+AESGCM:EDH+AES256:EDH+AES128:EDH+3DES:\!RC4:\!eNULL:\!aNULL:\!MEDIUM:\!LOW:\!EXP" -starttls smtp -connect yamauchi-be.mail.protection.outlook.com:25
CONNECTED(00000003)
depth=3 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=2 CN = Microsoft Internet Authority
verify return:1
depth=1 DC = com, DC = microsoft, DC = corp, DC = redmond, CN = MSIT Machine Auth CA 2
verify return:1
depth=0 C = US, ST = WA, L = Redmond, O = Microsoft, OU = Forefront Online Protection for Exchange, CN = mail.protection.outlook.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=WA/L=Redmond/O=Microsoft/OU=Forefront Online Protection for Exchange/CN=mail.protection.outlook.com
   i:/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2
 1 s:/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2
   i:/CN=Microsoft Internet Authority
 2 s:/CN=Microsoft Internet Authority
   i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHITCCBgmgAwIBAgIKaJVJ8AABAADfvjANBgkqhkiG9w0BAQUFADCBgDETMBEG
CgmSJomT8ixkARkWA2NvbTEZMBcGCgmSJomT8ixkARkWCW1pY3Jvc29mdDEUMBIG
CgmSJomT8ixkARkWBGNvcnAxFzAVBgoJkiaJk/IsZAEZFgdyZWRtb25kMR8wHQYD
VQQDExZNU0lUIE1hY2hpbmUgQXV0aCBDQSAyMB4XDTE0MDUyOTIyMTk0NloXDTE2
MDUxNTIwNTA1NVowgZkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJXQTEQMA4GA1UE
BxMHUmVkbW9uZDESMBAGA1UEChMJTWljcm9zb2Z0MTEwLwYDVQQLEyhGb3JlZnJv
bnQgT25saW5lIFByb3RlY3Rpb24gZm9yIEV4Y2hhbmdlMSQwIgYDVQQDExttYWls
LnByb3RlY3Rpb24ub3V0bG9vay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC//+TcN6C92y7BZE4E9+3VJfxW/QHCbOdk8/W2rZ9NXK+JfgM8t6lD
+Xi9IQflxEnOpuANelypefk5rfpJuiSnGRGMg44xAWQkhhBVynduvDRoddd9ieaC
LIC0rcuyeqpvXnw8MPZdp1nRn12XoOrDhUYBke3JRk9JKys5yOec+g5a65nUxp++
jDtQOHCN60n5MmGZH5a+/EX++ZpyC13SISHEcVLNRDMMHzpmYT3h5JjCe3AhMgTy
qbjavIddv5lAyuGw9UsSpmjdyQ0gLPepfKscZ/5bp6QRT8rOj3d4jTlAbqsjJM6y
PBHxAHXrLiCPC3mn38Eggs7PIAPce47/AgMBAAGjggOAMIIDfDALBgNVHQ8EBAMC
BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMHgGCSqGSIb3DQEJDwRr
MGkwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDALBglghkgBZQMEASow
CwYJYIZIAWUDBAEtMAsGCWCGSAFlAwQBAjALBglghkgBZQMEAQUwBwYFKw4DAgcw
CgYIKoZIhvcNAwcwHQYDVR0OBBYEFOdAD77qj+T7cfw6+hwbEjOKBl9DMB8GA1Ud
IwQYMBaAFOvbEV74CZ7Y1mKc/WKd44RKKOEnMIHuBgNVHR8EgeYwgeMwgeCggd2g
gdqGT2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01T
SVQlMjBNYWNoaW5lJTIwQXV0aCUyMENBJTIwMigxKS5jcmyGTWh0dHA6Ly9jcmwu
bWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NU0lUJTIwTWFjaGluZSUyMEF1
dGglMjBDQSUyMDIoMSkuY3JshjhodHRwOi8vY29ycHBraS9jcmwvTVNJVCUyME1h
Y2hpbmUlMjBBdXRoJTIwQ0ElMjAyKDEpLmNybDCBrQYIKwYBBQUHAQEEgaAwgZ0w
VQYIKwYBBQUHMAKGSWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3Jw
L01TSVQlMjBNYWNoaW5lJTIwQXV0aCUyMENBJTIwMigxKS5jcnQwRAYIKwYBBQUH
MAKGOGh0dHA6Ly9jb3JwcGtpL2FpYS9NU0lUJTIwTWFjaGluZSUyMEF1dGglMjBD
QSUyMDIoMSkuY3J0MD8GCSsGAQQBgjcVBwQyMDAGKCsGAQQBgjcVCIPPiU2t8gKF
oZ8MgvrKfYHh+3SBT4PC7YUIjqnShWMCAWQCAQ0wJwYJKwYBBAGCNxUKBBowGDAK
BggrBgEFBQcDAjAKBggrBgEFBQcDATCBiAYDVR0RBIGAMH6CFSoubWFpbC5lby5v
dXRsb29rLmNvbYIdKi5tYWlsLnByb3RlY3Rpb24ub3V0bG9vay5jb22CG21haWwu
cHJvdGVjdGlvbi5vdXRsb29rLmNvbYILb3V0bG9vay5jb22CHG1haWwubWVzc2Fn
aW5nLm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEFBQADggEBAG0IKQDUPEOjAOv2
RMUAzyveNL590cdIVRNb3qq9kOOAK2HsUJJy8AE6HXEhgAl2kOyeIUKLlO0iYVRe
Viapc0nAcmuGT0AJtNEOaklBBzEAxfMBVsDuo1N9ngGDH4sx0izkM1R6fkN6fjHe
lVWeyne4GnJG//RoiQDIoRcETgLhpr+fd972PupvF13ao+tC3L4MEx6K5KfDY4z9
Fvjz+uPd1Y/6h2PwmxyBR2C5G2hkAsKs7ZD2ZhI5JhI+Sle4JLFDcjhdYVHS/dGo
s5+lCADuoG4gaPkdHplaqHyF5p8kREhlCOlwhEp3c6LXoTjgG75Lu02V1YKy+DZK
v5STRJE=
-----END CERTIFICATE-----
subject=/C=US/ST=WA/L=Redmond/O=Microsoft/OU=Forefront Online Protection for Exchange/CN=mail.protection.outlook.com
issuer=/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2
---
Acceptable client certificate CA names
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
/C=US/O=GeoTrust Inc./OU=(c) 2008 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G3
/C=SI/O=ACNLB
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA
/C=HU/L=Budapest/O=NetLock Kft./OU=Tan\xC3\xBAs\xC3\xADtv\xC3\xA1nykiad\xC3\xB3k (Certification Services)/CN=NetLock Arany (Class Gold) F\xC5\x91tan\xC3\xBAs\xC3\xADtv\xC3\xA1ny
/C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G3
/C=SE/O=Carelink/CN=SITHS CA v3
/C=TR/L=Gebze - Kocaeli/O=T\xC3\xBCrkiye Bilimsel ve Teknolojik Ara\xC5\x9Ft\xC4\xB1rma Kurumu - T\xC3\x9CB\xC4\xB0TAK/OU=Ulusal Elektronik ve Kriptoloji Ara\xC5\x9Ft\xC4\xB1rma Enstit\xC3\xBCs\xC3\xBC - UEKAE/OU=Kamu Sertifikasyon Merkezi/CN=T\xC3\x9CB\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1 - S\xC3\xBCr\xC3\xBCm 3
/C=HU/L=Budapest/O=Microsec Ltd./OU=e-Szigno CA/CN=Microsec e-Szigno Root CA
/O=RSA Security Inc/OU=RSA Security 2048 V3
/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
/C=US/O=AffirmTrust/CN=AffirmTrust Networking
/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
/C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2
/C=US/O=GeoTrust Inc./CN=GeoTrust Primary Certification Authority
/C=AT/L=Vienna/ST=Austria/O=ARGE DATEN - Austrian Society for Data Protection/OU=GLOBALTRUST Certification Service/CN=GLOBALTRUST/emailAddress=info@globaltrust.info
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2008 VeriSign, Inc. - For authorized use only/CN=VeriSign Universal Root Certification Authority
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1
/C=FI/O=Sonera/CN=Sonera Class2 CA
/C=ZA/ST=Western Cape/L=Somerset West/O=South African Post Office Limited/OU=SAPO Trust Centre/CN=SAPO Class 3 Root CA/emailAddress=pkiadmin@trustcentre.co.za
/CN=Autoridad de Certificacion Raiz del Estado Venezolano/C=VE/L=Caracas/ST=Distrito Capital/O=Sistema Nacional de Certificacion Electronica/OU=Superintendencia de Servicios de Certificacion Electronica/emailAddress=acraiz@suscerte.gob.ve
/C=GB/O=Trustis Limited/OU=Trustis FPS Root CA
/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
/C=si/O=state-institutions/OU=sigen-ca
/emailAddress=pki@sk.ee/C=EE/O=AS Sertifitseerimiskeskus/CN=Juur-SK
/O=TeliaSonera/CN=TeliaSonera Root CA v1
/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
/C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 Root CA
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)
/C=DE/O=D-Trust GmbH/CN=D-TRUST Root Class 3 CA 2 2009
/C=CH/O=WISeKey/OU=Copyright (c) 2005/OU=OISTE Foundation Endorsed/CN=OISTE WISeKey Global Root GA CA
/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA - G2
/C=ch/O=Swisscom/OU=Digital Certificate Services/CN=Swisscom Root CA 1
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2
/O=Cybertrust, Inc/CN=Cybertrust Global Root
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
/C=PL/O=Unizeto Sp. z o.o./CN=Certum CA
/C=TW/O=Chunghwa Telecom Co., Ltd./OU=ePKI Root Certification Authority
/C=CH/O=admin/OU=Services/OU=Certification Authorities/CN=AdminCA-CD-T01
/C=EU/O=AC Camerfirma SA CIF A82743287/OU=http://www.chambersign.org/CN=Chambers of Commerce Root
/C=US/O=Network Solutions L.L.C./CN=Network Solutions Certificate Authority
/C=FR/O=Certplus/CN=Class 2 Primary CA
/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
/C=KR/O=Government of Korea/OU=GPKI/CN=GPKIRootCA1
/C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Chambers of Commerce Root - 2008
/C=ES/O=Consejo General de la Abogacia NIF:Q-2863006I/CN=Autoridad de Certificacion de la Abogacia
/C=si/O=state-institutions/OU=sigov-ca
/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network
/C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2
/C=DK/O=TDC/CN=TDC OCES CA
/C=US/O=SecureTrust Corporation/CN=SecureTrust CA
/C=HU/L=Budapest/O=Microsec Ltd./CN=Microsec e-Szigno Root CA 2009/emailAddress=info@e-szigno.hu
/C=CN/O=CNNIC/CN=CNNIC ROOT
/CN=EBG Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/O=EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E./C=TR
/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2
/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Root Certificate Authority 2011
/C=US/O=U.S. Government/OU=FPKI/CN=Federal Common Policy CA
/C=CZ/CN=I.CA - Standard Certification Authority, 09/2009/O=Prvn\xC3\xAD certifika\xC4\x8Dn\xC3\xAD autorita, a.s./OU=I.CA - Provider of Certification Services
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
/CN=ACCVRAIZ1/OU=PKIACCV/O=ACCV/C=ES
/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root
/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority
/C=CH/O=SwissSign AG/CN=SwissSign Silver CA - G2
/C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 CA 1
/C=CZ/O=\xC4\x8Cesk\xC3\xA1 po\xC5\xA1ta, s.p. [I\xC4\x8C 47114983]/CN=PostSignum Root QCA 2
/C=BE/O=Certipost s.a./n.v./CN=Certipost E-Trust Primary Normalised CA
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority
/C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Class 2 CA/CN=TC TrustCenter Class 2 CA II
/C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
/C=FR/O=Dhimyotis/CN=Certigna
/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
/C=SI/O=POSTA/OU=POSTArCA
/C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority
/CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=Ankara/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005
/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Root Certificate Authority - G2
/C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig Root R2
/C=ES/O=FNMT-RCM/OU=AC RAIZ FNMT-RCM
/C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign
/C=CH/O=The Federal Authorities of the Swiss Confederation/OU=Services/OU=Certification Authorities/CN=Swiss Government Root CA II
/C=LV/OU=Sertifikacijas pakalpojumu dala/CN=E-ME SSI (RCA)
/C=EE/O=AS Sertifitseerimiskeskus/CN=EE Certification Centre Root CA/emailAddress=pki@sk.ee
/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2
/C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA Root Certification Authority
/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
/C=AT/O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH/OU=A-Trust-nQual-03/CN=A-Trust-nQual-03
/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
/OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign
/DC=rs/DC=posta/DC=ca/CN=Configuration/CN=Services/CN=Public Key Services/CN=AIA/CN=Posta CA Root
/C=HK/O=Hongkong Post/CN=Hongkong Post Root CA 1
/C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2
/C=NO/O=Buypass AS-983163327/CN=Buypass Class 3 Root CA
/C=TR/O=Elektronik Bilgi Guvenligi A.S./CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
/CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=Ankara/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Aral\xC4\xB1k 2007
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2008 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G3
/C=IT/L=Milan/O=Actalis S.p.A./03358520967/CN=Actalis Authentication Root CA
/C=US/O=AffirmTrust/CN=AffirmTrust Commercial
/C=UY/O=ADMINISTRACION NACIONAL DE CORREOS/OU=SERVICIOS ELECTRONICOS/CN=Correo Uruguayo - Root CA
/C=FI/ST=Finland/O=Vaestorekisterikeskus CA/OU=Certification Authority Services/OU=Varmennepalvelut/CN=VRK Gov. Root CA
/C=RO/O=certSIGN/OU=certSIGN ROOT CA
/C=GR/O=Hellenic Academic and Research Institutions Cert. Authority/CN=Hellenic Academic and Research Institutions RootCA 2011
/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Root Certificate Authority 2010
/OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority
/DC=com/DC=microsoft/CN=Microsoft Root Certificate Authority
/CN=NT AUTHORITY
---
SSL handshake has read 18561 bytes and written 478 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-SHA384
    Session-ID: 171B00009E66638476FA33BDC8E849B01A30B30918D46E48D81CA4FFE3AFB04F
    Session-ID-ctx:
    Master-Key: 0BD68ADCFE4791DBA5D63583A4DF85A8824D0DC42921BC51DD335D086F9FB845DD21F1D62AD201C4227E76FF8EA467F1
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1435091815
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
250 CHUNKING
DONE
[root@devnoip:~] # echo QUIT | openssl s_client -cipher "EECDH+AESGCM:EECDH+AES256:EECDH+AES128:EECDH+3DES:EDH+AESGCM:EDH+AES256:EDH+AES128:EDH+3DES:\!RC4:\!eNULL:\!aNULL:\!MEDIUM:\!LOW:\!EXP" -starttls smtp -connect yamauchi-be.mail.protection.outlook.com:25
CONNECTED(00000003)
depth=3 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=2 CN = Microsoft Internet Authority
verify return:1
depth=1 DC = com, DC = microsoft, DC = corp, DC = redmond, CN = MSIT Machine Auth CA 2
verify return:1
depth=0 C = US, ST = WA, L = Redmond, O = Microsoft, OU = Forefront Online Protection for Exchange, CN = mail.protection.outlook.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=WA/L=Redmond/O=Microsoft/OU=Forefront Online Protection for Exchange/CN=mail.protection.outlook.com
   i:/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2
 1 s:/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2
   i:/CN=Microsoft Internet Authority
 2 s:/CN=Microsoft Internet Authority
   i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHITCCBgmgAwIBAgIKaJVJ8AABAADfvjANBgkqhkiG9w0BAQUFADCBgDETMBEG
CgmSJomT8ixkARkWA2NvbTEZMBcGCgmSJomT8ixkARkWCW1pY3Jvc29mdDEUMBIG
CgmSJomT8ixkARkWBGNvcnAxFzAVBgoJkiaJk/IsZAEZFgdyZWRtb25kMR8wHQYD
VQQDExZNU0lUIE1hY2hpbmUgQXV0aCBDQSAyMB4XDTE0MDUyOTIyMTk0NloXDTE2
MDUxNTIwNTA1NVowgZkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJXQTEQMA4GA1UE
BxMHUmVkbW9uZDESMBAGA1UEChMJTWljcm9zb2Z0MTEwLwYDVQQLEyhGb3JlZnJv
bnQgT25saW5lIFByb3RlY3Rpb24gZm9yIEV4Y2hhbmdlMSQwIgYDVQQDExttYWls
LnByb3RlY3Rpb24ub3V0bG9vay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC//+TcN6C92y7BZE4E9+3VJfxW/QHCbOdk8/W2rZ9NXK+JfgM8t6lD
+Xi9IQflxEnOpuANelypefk5rfpJuiSnGRGMg44xAWQkhhBVynduvDRoddd9ieaC
LIC0rcuyeqpvXnw8MPZdp1nRn12XoOrDhUYBke3JRk9JKys5yOec+g5a65nUxp++
jDtQOHCN60n5MmGZH5a+/EX++ZpyC13SISHEcVLNRDMMHzpmYT3h5JjCe3AhMgTy
qbjavIddv5lAyuGw9UsSpmjdyQ0gLPepfKscZ/5bp6QRT8rOj3d4jTlAbqsjJM6y
PBHxAHXrLiCPC3mn38Eggs7PIAPce47/AgMBAAGjggOAMIIDfDALBgNVHQ8EBAMC
BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMHgGCSqGSIb3DQEJDwRr
MGkwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDALBglghkgBZQMEASow
CwYJYIZIAWUDBAEtMAsGCWCGSAFlAwQBAjALBglghkgBZQMEAQUwBwYFKw4DAgcw
CgYIKoZIhvcNAwcwHQYDVR0OBBYEFOdAD77qj+T7cfw6+hwbEjOKBl9DMB8GA1Ud
IwQYMBaAFOvbEV74CZ7Y1mKc/WKd44RKKOEnMIHuBgNVHR8EgeYwgeMwgeCggd2g
gdqGT2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01T
SVQlMjBNYWNoaW5lJTIwQXV0aCUyMENBJTIwMigxKS5jcmyGTWh0dHA6Ly9jcmwu
bWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NU0lUJTIwTWFjaGluZSUyMEF1
dGglMjBDQSUyMDIoMSkuY3JshjhodHRwOi8vY29ycHBraS9jcmwvTVNJVCUyME1h
Y2hpbmUlMjBBdXRoJTIwQ0ElMjAyKDEpLmNybDCBrQYIKwYBBQUHAQEEgaAwgZ0w
VQYIKwYBBQUHMAKGSWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3Jw
L01TSVQlMjBNYWNoaW5lJTIwQXV0aCUyMENBJTIwMigxKS5jcnQwRAYIKwYBBQUH
MAKGOGh0dHA6Ly9jb3JwcGtpL2FpYS9NU0lUJTIwTWFjaGluZSUyMEF1dGglMjBD
QSUyMDIoMSkuY3J0MD8GCSsGAQQBgjcVBwQyMDAGKCsGAQQBgjcVCIPPiU2t8gKF
oZ8MgvrKfYHh+3SBT4PC7YUIjqnShWMCAWQCAQ0wJwYJKwYBBAGCNxUKBBowGDAK
BggrBgEFBQcDAjAKBggrBgEFBQcDATCBiAYDVR0RBIGAMH6CFSoubWFpbC5lby5v
dXRsb29rLmNvbYIdKi5tYWlsLnByb3RlY3Rpb24ub3V0bG9vay5jb22CG21haWwu
cHJvdGVjdGlvbi5vdXRsb29rLmNvbYILb3V0bG9vay5jb22CHG1haWwubWVzc2Fn
aW5nLm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEFBQADggEBAG0IKQDUPEOjAOv2
RMUAzyveNL590cdIVRNb3qq9kOOAK2HsUJJy8AE6HXEhgAl2kOyeIUKLlO0iYVRe
Viapc0nAcmuGT0AJtNEOaklBBzEAxfMBVsDuo1N9ngGDH4sx0izkM1R6fkN6fjHe
lVWeyne4GnJG//RoiQDIoRcETgLhpr+fd972PupvF13ao+tC3L4MEx6K5KfDY4z9
Fvjz+uPd1Y/6h2PwmxyBR2C5G2hkAsKs7ZD2ZhI5JhI+Sle4JLFDcjhdYVHS/dGo
s5+lCADuoG4gaPkdHplaqHyF5p8kREhlCOlwhEp3c6LXoTjgG75Lu02V1YKy+DZK
v5STRJE=
-----END CERTIFICATE-----
subject=/C=US/ST=WA/L=Redmond/O=Microsoft/OU=Forefront Online Protection for Exchange/CN=mail.protection.outlook.com
issuer=/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2
---
Acceptable client certificate CA names
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
/C=HU/L=Budapest/O=NetLock Kft./OU=Tan\xC3\xBAs\xC3\xADtv\xC3\xA1nykiad\xC3\xB3k (Certification Services)/CN=NetLock Arany (Class Gold) F\xC5\x91tan\xC3\xBAs\xC3\xADtv\xC3\xA1ny
/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
/C=US/O=GeoTrust Inc./CN=GeoTrust Primary Certification Authority
/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
/C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2
/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Root Certificate Authority 2011
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority
/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
/C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority
/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Root Certificate Authority - G2
/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
/C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2
/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Root Certificate Authority 2010
/OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority
/DC=com/DC=microsoft/CN=Microsoft Root Certificate Authority
/CN=NT AUTHORITY
---
SSL handshake has read 8636 bytes and written 478 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-SHA384
    Session-ID: A82000000BFA5BE5DA63FCB28A8E4C7304766A3DA7B4F45120F4FA379CB8B117
    Session-ID-ctx:
    Master-Key: 9E1B751ED862AAFF1BC8AAEA6DAA08DDDAD1398BCD550BF2EF07906326965A252C7B27B9A1FC8D20C606A9E71654EB98
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1435091859
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
250 CHUNKING
DONE
[root@devnoip:~] # openssl version
OpenSSL 1.0.1o-freebsd 12 Jun 2015
[root@devnoip:~] #

 

[MadMakz]

Uhm...

Fehler: TLS connect failed

Hallo, ich habe einen Plesk 10.4.4 auf meinem Linux. Hin und wieder erhalte ich beim senden folgenden qmail Hinweis/Fehler: Hi. This is the qmail-send program at XXXXXX.. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've...

serversupportforum.de

Exakt selbes Topic (tls invalid ecpointformat) von TE vor vier Monaten.

 

[Joe User]

Danke MadMakz, wollte ich auch grade drauf hinweisen.
Somit habe ich wohl mit openssl-1.0.0a/b und fehlender Patches recht...