Am 25.10.2021 um 10:09 schrieb Walter H.:
kannst Dir das Zwischenzertifikat, welches Du mitschickst, mal ansehen?
openssl s_client -starttls smtp -connect mail1.glasgasperlmair.at:25
Bringt folgende Ausgabe:
CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = mail1.glasgasperlmair.at verify return:1 --- Certificate chain 0 s:CN = mail1.glasgasperlmair.at i:C = US, O = Let's Encrypt, CN = R3 1 s:C = US, O = Let's Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1 i:O = Digital Signature Trust Co., CN = DST Root CA X3 --- Server certificate -----BEGIN CERTIFICATE----- ..................................... (hab ich rausgeschnitten, damit Nachricht nicht so lang ist) -----END CERTIFICATE----- subject=CN = mail1.glasgasperlmair.at
issuer=C = US, O = Let's Encrypt, CN = R3
--- No client certificate CA names sent Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:ECDSA+SHA1:RSA+SHA224:RSA+SHA1 Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 5593 bytes and written 808 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 4096 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- 250 CHUNKING --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: ACEDFFDE7C8E9CE76B54BF923D425B14650C5CA534FB20962DAF2BECB6F5FA3F Session-ID-ctx: Resumption PSK: 64DDB3FA7E7CA53B1B9AC72F6F977843385E291FA6C3692CD9045212F99AE91BFA52A759665BDAF97536A993D6CF8C93 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - e5 98 43 58 1a d4 17 9a-f6 61 a8 4b 0d b8 4f bb ..CX.....a.K..O. 0010 - 8c a6 00 2e 96 e0 94 ad-a2 b8 20 e1 95 ba 31 2e .......... ...1. 0020 - 74 fc 8c c4 1b b4 8d 8f-46 fb 64 53 fd ad 6e b0 t.......F.dS..n. 0030 - 4f 8c 99 31 cd 9f 35 87-ea 51 3f af 99 35 55 f6 O..1..5..Q?..5U. 0040 - bc 31 bd 3a c0 56 40 6c-3e 25 cb 51 cf e3 8e ea .1.:.V@l>%.Q.... 0050 - f6 04 b0 42 e9 b2 12 e8-1e 23 1c 33 73 82 06 7d ...B.....#.3s..} 0060 - 96 8a 0e 7b 70 69 75 31-4b 20 16 60 66 45 38 67 ...{piu1K .`fE8g 0070 - a3 79 64 0d 5f 62 0d 9d-81 bf 0c 88 9d f5 c4 1d .yd._b.......... 0080 - 96 66 35 d9 28 e9 cd b7-5f 00 1f d4 12 5b de f9 .f5.(..._....[.. 0090 - 61 1f 46 31 e4 d3 dd e4-1e 16 25 7a 03 cd af 85 a.F1......%z.... 00a0 - 20 4e af ee 4d 92 40 0a-10 aa 5b 8b df d8 4c 49 N..M.@...[...LI 00b0 - 13 e3 c4 88 6b e4 af 1e-eb d9 4c 69 b3 78 88 be ....k.....Li.x.. 00c0 - 51 74 b6 43 aa 3a e1 1b-89 a6 f8 09 65 16 33 0b Qt.C.:......e.3.
Start Time: 1635152892 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK
On 25.10.2021 09:10, Andreas Wass - Glas Gasperlmair wrote:
Oct 25 08:59:14 mail postfix/submission/smtpd[33873]: warning: TLS library problem: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../ssl/record/rec_layer_s3.c:1543:SSL alert number 46: