Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>It seems that the host you are trying to connect to has a buggy TLS implementation. Using the <code>openssl</code> command-line tool, I have discovered the following.</p> <p>First of all, the file <code>imap</code> contains a silly IMAP session:</p> <pre><code>A1 CAPABILITY A2 LOGIN foo bar </code></pre> <p>Then, the command:</p> <pre><code>openssl s_client -ign_eof -crlf -pause -connect 195.137.27.14:993 &lt; imap </code></pre> <p>Fails as follows:</p> <pre><code>CONNECTED(00000003) depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/serialNumber=iGXzgDJpD6t8m5jQNY0xwwcCiwwlXzET/C=GB/O=mail1.firedupgroup.co.uk/OU=GT57369617/OU=See www.rapidssl.com/resources/cps (c)11/OU=Domain Control Validated - RapidSSL(R)/CN=mail1.firedupgroup.co.uk i:/C=US/O=GeoTrust, Inc./CN=RapidSSL CA 1 s:/C=US/O=GeoTrust, Inc./CN=RapidSSL CA i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIE6TCCA9GgAwIBAgIDA+NwMA0GCSqGSIb3DQEBBQUAMDwxCzAJBgNVBAYTAlVT MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEUMBIGA1UEAxMLUmFwaWRTU0wgQ0Ew HhcNMTExMTA2MTQ1MDQwWhcNMTQxMTA4MTUwNTIwWjCB9zEpMCcGA1UEBRMgaUdY emdESnBENnQ4bTVqUU5ZMHh3d2NDaXd3bFh6RVQxCzAJBgNVBAYTAkdCMSEwHwYD VQQKExhtYWlsMS5maXJlZHVwZ3JvdXAuY28udWsxEzARBgNVBAsTCkdUNTczNjk2 MTcxMTAvBgNVBAsTKFNlZSB3d3cucmFwaWRzc2wuY29tL3Jlc291cmNlcy9jcHMg KGMpMTExLzAtBgNVBAsTJkRvbWFpbiBDb250cm9sIFZhbGlkYXRlZCAtIFJhcGlk U1NMKFIpMSEwHwYDVQQDExhtYWlsMS5maXJlZHVwZ3JvdXAuY28udWswggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC80HlFa86b8C4N9NEpu904iluVyYEH rwZaIYNR6cvfHl/QXut+h4080UoIxxFmSsuVI9YBJBf/J6ZnJoFTZsJITuoI89G/ 4/nmcuGPOeJIrlMnWHZE56N5bVNDFDsNeroE2ieQKiJN2IT9lUA7uZHtJuokXlfz Xg6DEWBXokAjPc3VeS2eBDfajY2SLZNdRxGYzyQkaW43pMaz4FR9WKljsRvvvKUI G0Hnsy1vpjCDw3io4C+IY8tClZFVnLthQQEbceD93LS/AUsaZEZWf4pppFviYHze HuiZ6IlYvLzLaYtCurNaJhs2Yf6kNPDbfCFSWbCrfdf86feQxt/JyR4HAgMBAAGj ggE2MIIBMjAfBgNVHSMEGDAWgBRraT1qGEJK3Y8CZTn9NSSGeJEWMDAOBgNVHQ8B Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCMGA1UdEQQc MBqCGG1haWwxLmZpcmVkdXBncm91cC5jby51azBDBgNVHR8EPDA6MDigNqA0hjJo dHRwOi8vcmFwaWRzc2wtY3JsLmdlb3RydXN0LmNvbS9jcmxzL3JhcGlkc3NsLmNy bDAdBgNVHQ4EFgQUC0oWYx2XW3qtt3Xq6mUljQlYb+UwDAYDVR0TAQH/BAIwADBJ BggrBgEFBQcBAQQ9MDswOQYIKwYBBQUHMAKGLWh0dHA6Ly9yYXBpZHNzbC1haWEu Z2VvdHJ1c3QuY29tL3JhcGlkc3NsLmNydDANBgkqhkiG9w0BAQUFAAOCAQEAXX5N EYNlVqiu8LIn39JODWCUbqZQOHOSquC+VxTyLRaUjrkrnU0oCDqKTs/C6qGBqiqC 7gaZKn2k+KjTMu2rTtgO/BHve6y9kKz7oLgXqfjZp6965O+x4BV5/GyVbwmV5gyU dRZ5U83Vhwut5MxbiMyxnZHtuz9jGMC08O3Gc84N1Ox18FwOE8HpQIHOO99ISxOi 8TgVe/NJvd4f/nn7GPTyVDQpGOJ2dqHYUNpAMMVXKmCeNq+u0nXXZFXUkkkVxmrC aINtUJuelF6V4vxtyERwReviAct9vcIrg3011p7NYbZ5fVA8thSYcnacfe1jyp5Z XSPY6tC26zmbIPmHHg== -----END CERTIFICATE----- subject=/serialNumber=iGXzgDJpD6t8m5jQNY0xwwcCiwwlXzET/C=GB/O=mail1.firedupgroup.co.uk/OU=GT57369617/OU=See www.rapidssl.com/resources/cps (c)11/OU=Domain Control Validated - RapidSSL(R)/CN=mail1.firedupgroup.co.uk issuer=/C=US/O=GeoTrust, Inc./CN=RapidSSL CA --- No client certificate CA names sent --- SSL handshake has read 3300 bytes and written 439 bytes --- New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DES-CBC3-SHA Session-ID: 9F1200004D888506211A976BF1CC755C873789D8256936638BF9C9E66DAA9438 Session-ID-ctx: Master-Key: A67DE8C76371B8034AA60447ECB97ED631E55E4E713F64FAA49D2DBAC07A6339719F4C4DD4E1FD2BC5E41EDCC2CF22FE Key-Arg : None Start Time: 1332595025 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) --- * OK firedupgroup.co.uk IMAP4rev1 MDaemon 9.6.2 ready closed </code></pre> <p>But the command:</p> <pre><code>openssl s_client -bugs -ign_eof -crlf -pause -connect 195.137.27.14:993 &lt; imap </code></pre> <p>Succeeds:</p> <pre><code>CONNECTED(00000003) depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/serialNumber=iGXzgDJpD6t8m5jQNY0xwwcCiwwlXzET/C=GB/O=mail1.firedupgroup.co.uk/OU=GT57369617/OU=See www.rapidssl.com/resources/cps (c)11/OU=Domain Control Validated - RapidSSL(R)/CN=mail1.firedupgroup.co.uk i:/C=US/O=GeoTrust, Inc./CN=RapidSSL CA 1 s:/C=US/O=GeoTrust, Inc./CN=RapidSSL CA i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIE6TCCA9GgAwIBAgIDA+NwMA0GCSqGSIb3DQEBBQUAMDwxCzAJBgNVBAYTAlVT MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEUMBIGA1UEAxMLUmFwaWRTU0wgQ0Ew HhcNMTExMTA2MTQ1MDQwWhcNMTQxMTA4MTUwNTIwWjCB9zEpMCcGA1UEBRMgaUdY emdESnBENnQ4bTVqUU5ZMHh3d2NDaXd3bFh6RVQxCzAJBgNVBAYTAkdCMSEwHwYD VQQKExhtYWlsMS5maXJlZHVwZ3JvdXAuY28udWsxEzARBgNVBAsTCkdUNTczNjk2 MTcxMTAvBgNVBAsTKFNlZSB3d3cucmFwaWRzc2wuY29tL3Jlc291cmNlcy9jcHMg KGMpMTExLzAtBgNVBAsTJkRvbWFpbiBDb250cm9sIFZhbGlkYXRlZCAtIFJhcGlk U1NMKFIpMSEwHwYDVQQDExhtYWlsMS5maXJlZHVwZ3JvdXAuY28udWswggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC80HlFa86b8C4N9NEpu904iluVyYEH rwZaIYNR6cvfHl/QXut+h4080UoIxxFmSsuVI9YBJBf/J6ZnJoFTZsJITuoI89G/ 4/nmcuGPOeJIrlMnWHZE56N5bVNDFDsNeroE2ieQKiJN2IT9lUA7uZHtJuokXlfz Xg6DEWBXokAjPc3VeS2eBDfajY2SLZNdRxGYzyQkaW43pMaz4FR9WKljsRvvvKUI G0Hnsy1vpjCDw3io4C+IY8tClZFVnLthQQEbceD93LS/AUsaZEZWf4pppFviYHze HuiZ6IlYvLzLaYtCurNaJhs2Yf6kNPDbfCFSWbCrfdf86feQxt/JyR4HAgMBAAGj ggE2MIIBMjAfBgNVHSMEGDAWgBRraT1qGEJK3Y8CZTn9NSSGeJEWMDAOBgNVHQ8B Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCMGA1UdEQQc MBqCGG1haWwxLmZpcmVkdXBncm91cC5jby51azBDBgNVHR8EPDA6MDigNqA0hjJo dHRwOi8vcmFwaWRzc2wtY3JsLmdlb3RydXN0LmNvbS9jcmxzL3JhcGlkc3NsLmNy bDAdBgNVHQ4EFgQUC0oWYx2XW3qtt3Xq6mUljQlYb+UwDAYDVR0TAQH/BAIwADBJ BggrBgEFBQcBAQQ9MDswOQYIKwYBBQUHMAKGLWh0dHA6Ly9yYXBpZHNzbC1haWEu Z2VvdHJ1c3QuY29tL3JhcGlkc3NsLmNydDANBgkqhkiG9w0BAQUFAAOCAQEAXX5N EYNlVqiu8LIn39JODWCUbqZQOHOSquC+VxTyLRaUjrkrnU0oCDqKTs/C6qGBqiqC 7gaZKn2k+KjTMu2rTtgO/BHve6y9kKz7oLgXqfjZp6965O+x4BV5/GyVbwmV5gyU dRZ5U83Vhwut5MxbiMyxnZHtuz9jGMC08O3Gc84N1Ox18FwOE8HpQIHOO99ISxOi 8TgVe/NJvd4f/nn7GPTyVDQpGOJ2dqHYUNpAMMVXKmCeNq+u0nXXZFXUkkkVxmrC aINtUJuelF6V4vxtyERwReviAct9vcIrg3011p7NYbZ5fVA8thSYcnacfe1jyp5Z XSPY6tC26zmbIPmHHg== -----END CERTIFICATE----- subject=/serialNumber=iGXzgDJpD6t8m5jQNY0xwwcCiwwlXzET/C=GB/O=mail1.firedupgroup.co.uk/OU=GT57369617/OU=See www.rapidssl.com/resources/cps (c)11/OU=Domain Control Validated - RapidSSL(R)/CN=mail1.firedupgroup.co.uk issuer=/C=US/O=GeoTrust, Inc./CN=RapidSSL CA --- No client certificate CA names sent --- SSL handshake has read 3300 bytes and written 423 bytes --- New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DES-CBC3-SHA Session-ID: 261200008CB526A49A014E97D510AA7FDA08DDAC797B8B78B3ABEEF4A64B3228 Session-ID-ctx: Master-Key: 457E9FFB43C77E028211A0FDB9915FCB374A55445ED15498E2C5AFDBEA52C9A413CC8D79EE29ECA823E038A93363B9D6 Key-Arg : None Start Time: 1332595088 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) --- * OK firedupgroup.co.uk IMAP4rev1 MDaemon 9.6.2 ready * CAPABILITY IMAP4rev1 NAMESPACE AUTH=CRAM-MD5 AUTH=LOGIN AUTH=PLAIN IDLE ACL UNSELECT UIDPLUS A1 OK CAPABILITY completed A2 NO LOGIN failed </code></pre> <p>Which means you need to enable OpenSSL's bug workarounds, as described in the <a href="http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html" rel="nofollow"><code>SSL_CTX_set_options(3)</code></a> manual page.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload