DMARC-Filter:	OpenDMARC Filter v1.4.2 delorie.com 5010qmI13059121
Authentication-Results:	delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results:	delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter:	OpenDKIM Filter v2.11.0 delorie.com 5010qmI13059121
Authentication-Results:	delorie.com;
	dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=lhod+f1s
X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org EDFF03858CDA
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1735692766;
	bh=EGLjHITpRkYDMbaIIliO58tBp9vnsenK3nNddKeL08U=;
	h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe:
	List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	From;
	b=lhod+f1sKFAL1swaUnWVmNq6laLZXinDBjLk6o0p5ZNJxjTfsD4BC1zWfasYVOOVP
	jbkF5UlQARZrnjU8A6yerzwE5G0Sk+SqY/UHE2PtnSi+i+tVArr3ULJ0+sF55hJJqu
	VFR/HvHqh8QM/GfYvCkKm5eQki5f4QKYNzkOiVGo=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.2 sourceware.org E5EF73858D1E
ARC-Filter:	OpenARC Filter v1.0.0 sourceware.org E5EF73858D1E
ARC-Seal:	i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735692723; cv=none;
	b=AAZvDlseeKXQvcX0ZEt4pmVjvUhkLDDQibwLuNyAdUU6MUGonYhR4wg8u6LufemLrEIE4hOFRz3QL1NPyRAtKpjXGhAf9+dgZihtrnqV+Ezw2QashgKxx4LH0hYgDgNPQ7LmwuGXhzzmHu/aeKQwuV9AzFhlL2q9ehA5KBFxB4s=
ARC-Message-Signature:	i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1735692723; c=relaxed/simple;
	bh=t9hJveIDyqEgEj5h9XIBxqLgDFeE5FuearL6p6Vef4I=;
	h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From;
	b=BiHEN9OL/MFYrGb1/+8a2G+2eI/EFeweZ18An1+urf/JoVvfYN9memw/Ml57k076fLdNf7yl53474W6ogjtR/WC7QsgQFOk9g29PnxPFakA5HioSuqEAL1Z+hEifRnHwMv68KNbxXH8lLNq2TP1DFqSualrjZ3C5uXS64DoH1XU=
ARC-Authentication-Results:	i=1; server2.sourceware.org
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org E5EF73858D1E
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20230601; t=1735692721; x=1736297521;
	h=content-transfer-encoding:in-reply-to:from:content-language
	:references:to:subject:user-agent:mime-version:date:message-id
	:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
	bh=LFtjTMKcBXhJEp1hxoRdDCSCLzDuwmlS48H2cxhIzQw=;
	b=Wz1d/c6SecsTSMn7jmIU8sGUQMXibkpzmzOJ9az2j0f+LJiyZhxE8MV6vAbUIDK4UM
	vOa5XJEot5NAHSBu+3b+YFMQ95TXp7uicakQVzlUX0t+NQgHS0tHhusMSWTdMhSe0Y1y
	ckJo5ENT8RIZ1WkLJ8WBcSCGdg2g7jJxpT1X99sB69kMrxYuBt1nuCK1qoGucScEuieb
	d94Qs39J+wYIPnGFZW1zTJNElPUPxSsd9V6qegtmplgj/p0XNVHM+Tdok042vyQfwQ60
	RrtwDAhYRupcD+IQlRyDNoC1YQHOu5HEIgljDY9xNBjwQadmG5mq5hclQFaGoi8EAogn
	xatQ==
X-Gm-Message-State:	AOJu0Yz3usawDf5+lKyN7ToUV2x61ofqt5C2nYIdPEf4uCv+2YUC7etb
	uIgDbgaQRxlK6+/MT9lrPbIrdcFADUTd1sSD8ZBxI2ExpHNZaEtb7r1GSg==
X-Gm-Gg:	ASbGncvPIyWZ6Xg1rKxGyF3TmNEzLidFQ5HMhQBsVyh9ABQd46gdy2R0yPzkKbSRFph
	7QjisQAl3wpBm3BLSUvrRNT87v+ziw+RJXCA29oIaQLrsK6jzNtUDVtNyZBlMcdLHr5Ymt82OjV
	TTLV7nSmRDDEfxIdEfrjvDtqJR7+h9VRfpmjzXbabiLqK0vjZX0jVaTDsu+SzuFCz3WlzGtVxKl
	Vx8VpAo9jQmGouXqNE7yFt62naeayc9Hbx3BGfHYXswy/9/rphDlmWEAjGr+CDamprA0q495tn6
	W9U=
X-Google-Smtp-Source:	AGHT+IGkorFKZlLB49wdaLqVTlVKh5ncfPNIjyTHhpXHnkQgNdpykBNkjaSLb1ifjrnPG6EYdW4E2A==
X-Received:	by 2002:a05:6871:28e:b0:287:4904:7125 with SMTP id
	586e51a60fabf-2a7fb08cef3mr21828187fac.14.1735692720968;
	Tue, 31 Dec 2024 16:52:00 -0800 (PST)
Message-ID:	<5332276a-a158-44b4-a900-3e5c0778770b@gmail.com>
Date:	Tue, 31 Dec 2024 18:51:57 -0600
MIME-Version:	1.0
User-Agent:	Mozilla Thunderbird
Subject:	Re: cygwin /usr/bin/email
To:	"cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com>
References:	<df8bd7d9-af0a-47aa-a234-2bd0e3d68b42 AT ariesinternet DOT com>
	<ce6c3673-ac82-4790-be59-becf7e4b1719 AT gmail DOT com>
	<131e8d1d-003b-4b52-880b-e045716db423 AT ariesinternet DOT com>
	<3acfba1b-3b95-48de-aaf8-ad4d645d3b1d AT ariesinternet DOT com>
In-Reply-To:	<3acfba1b-3b95-48de-aaf8-ad4d645d3b1d@ariesinternet.com>
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.30
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe:	<https://cygwin.com/mailman/options/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	=?utf-8?q?Ren=C3=A9_Berber_via_Cygwin?= <cygwin AT cygwin DOT com>
Reply-To:	=?UTF-8?Q?Ren=C3=A9_Berber?= <rene DOT berber AT gmail DOT com>
Errors-To:	cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com
Sender:	"Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com>
X-MIME-Autoconverted:	from base64 to 8bit by delorie.com id 5010qmI13059121

On 12/31/2024 5:49 PM, Paul McKinley via Cygwin wrote:

> I accidentally sent the previous reply directly to René, so included below.
> 
> I created the registry entries and rebooted per other instructions from 
> Google search:
> 
> C:\Windows\System32>reg query 
> HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols /s
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
>      Enabled    REG_DWORD    0x1
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server
>      Enabled    REG_DWORD    0x1
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
>      Enabled    REG_DWORD    0x1
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server
>      Enabled    REG_DWORD    0x1
> 
> No joy:
[snip]

Correcting my previous message, STARTTLS is port 587.

I was right, the registry change is not needed, OpenSSL takes care, and 
supports all versions.

Tested again (with Postfix as server) and email works fine over port 
587, doesn't over port 465.  I had previously used "email --verbose" 
which is what causes email to behave as if I've asked for version (i.e. 
-V kind of works, --verbose is taken as --version).

The verbose option is useless, still shows a progress bar instead of the 
actual protocol exchange.

Next step for you is to check which version of TLS is suported by your 
smtp server.  It would be interesting to see if only 1.3 is accepted and 
it doesn't work with eMail.

Using port 587:

$ openssl s_client -starttls smtp -showcerts -connect mail.<server>:587 
-servername <...>
CONNECTED(00000004)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R10
verify return:1
depth=0 CN = *.<server>
verify return:1
---
Certificate chain
  0 s:CN = *.<server>
    i:C = US, O = Let's Encrypt, CN = R10
    a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
    v:NotBefore: Nov 14 19:29:40 2024 GMT; NotAfter: Feb 12 19:29:39 
2025 GMT
[snip]
SSL handshake has read 3467 bytes and written 496 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
[snip]

Same test over the 465 port show that the server doesn't have it enabled:

100000000A000000:error:8000006F:system library:BIO_connect:Connection 
refused:crypto/bio/bio_sock2.c:114:calling connect()
-- 
R.B.


-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -