[MlMt] Trouble connecting to iCloud (certificate validation)

[Benny Kjær Nielsen]

On 21 Aug 2015, at 8:30, Benny Kjær Nielsen wrote:

> On 21 Aug 2015, at 5:11, Bill Cole wrote:
>
>> Wait... What?! REALLY? There are servers answering on port 465 with a 
>> plaintext SMTP banner? That is irredeemably broken. I could 
>> understand trying to tighten up port 465 by disabling SSLv2 and SSLv3 
>> specifically (maybe even TLSv1.0) and weak ciphers, but configuring 
>> it like it's port 587 is beyond the pale.
>
> Now you made me question my own sanity :-) With the help of MailMate I 
> found the email thread which is the basis of my claim. A user couldn't 
> make MailMate work with port 465 and I found out that his server used 
> STARTTLS. I introduced code to handle this and then it worked for him. 
> Unfortunately, this server is no longer responding 
> (`mail.fbi.h-da.de`) so there is no smoking gun. (This was more than 4 
> years ago.)

For the record (and my sanity), here is a smoking gun: 
`west.exch022.serverdata.net` on port 465.

~~~
> telnet  west.exch022.serverdata.net 465
Trying 64.78.22.105...
Connected to west.exch022.serverdata.net.
Escape character is '^]'.
220 west.exch022.serverdata.net Microsoft ESMTP MAIL Service ready at 
Wed, 16 Sep 2015 01:49:57 -0700
~~~

~~~
> openssl s_client -connect west.exch022.serverdata.net:465
CONNECTED(00000003)
8997:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown 
protocol:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/ssl/s23_clnt.c:618:
~~~

In the next update of MailMate I've reintroduced (better) code for 
automatically handling this special case.

-- 
Benny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20150916/4aa2297b/attachment.html>