| delorie.com/archives/browse.cgi | search |
| DMARC-Filter: | OpenDMARC Filter v1.4.2 delorie.com 502FndpE4039576 |
| Authentication-Results: | delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com |
| Authentication-Results: | delorie.com; spf=pass smtp.mailfrom=cygwin.com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 delorie.com 502FndpE4039576 |
| Authentication-Results: | delorie.com; |
| dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=hmNzVlVY | |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 sourceware.org 7C5583858D34 |
| DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; |
| s=default; t=1735832978; | |
| bh=qLlGYBgWxBrkV4RDt1C4oPXxdYhPQTkKRW9b59Oa6nA=; | |
| h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe: | |
| List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: | |
| From; | |
| b=hmNzVlVY5Tl7g+QBQ9VaBD2to4WRI06JDssdrqZh38RgQzBSlOqqw0ZSqaoBdUuW5 | |
| +s/aeJA+a7r5JFSSzvZcTe8EjgRSG05f08Bo6P3ssGwRSfkZFJVxksg5QKVo3t0+lW | |
| lOCitMZWA6qPdS4S+H/GFw2jvbLBPU79s8TuuuaU= | |
| X-Original-To: | cygwin AT cygwin DOT com |
| Delivered-To: | cygwin AT cygwin DOT com |
| DMARC-Filter: | OpenDMARC Filter v1.4.2 sourceware.org BF1CD3858D1E |
| ARC-Filter: | OpenARC Filter v1.0.0 sourceware.org BF1CD3858D1E |
| ARC-Seal: | i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735832918; cv=none; |
| b=q1ZNClRq6+DUfY5hMqtGQl7MprVx/MUqpu53JaY3r+AO83xUlU1GP0qXmDagKX9/D3yYaPl1a5OF3BwdzWTy334fBlEPw2enl6mI8/rsNruB6Ob52QlwpuYHMmqLbxA/Kujm6Svp0v7O1RKvAoNfxrM/lDAKVJ/P+or/evgY6m0= | |
| ARC-Message-Signature: | i=1; a=rsa-sha256; d=sourceware.org; s=key; |
| t=1735832918; c=relaxed/simple; | |
| bh=EX94byU0LBR9KLRDneAykILMT2+RVHrlZT/2NqYW2QI=; | |
| h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From; | |
| b=kKzvK4JAPqjlchf7/tNQePbQNoBlEBGR1jEX2f8nm8tZf1OYc3squFpfaD9T8xyqEhIuXob8hHMFAs7B3CswNL9czB5XWW7aqbNW88ndVBTL5TCU6kAGCoSPQxaJH2J/wt98f6o5NWmCN9l5yY4J5Nc5LH+/RgUh5QOf97cPowM= | |
| ARC-Authentication-Results: | i=1; server2.sourceware.org |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 sourceware.org BF1CD3858D1E |
| Message-ID: | <9a281e75-c99f-4b9b-9a08-43b50958fc4d@ariesinternet.com> |
| Date: | Thu, 2 Jan 2025 10:48:37 -0500 |
| MIME-Version: | 1.0 |
| User-Agent: | Mozilla Thunderbird |
| Subject: | Re: cygwin /usr/bin/email |
| To: | cygwin AT cygwin DOT com |
| References: | <df8bd7d9-af0a-47aa-a234-2bd0e3d68b42 AT ariesinternet DOT com> |
| <ce6c3673-ac82-4790-be59-becf7e4b1719 AT gmail DOT com> | |
| <131e8d1d-003b-4b52-880b-e045716db423 AT ariesinternet DOT com> | |
| <3acfba1b-3b95-48de-aaf8-ad4d645d3b1d AT ariesinternet DOT com> | |
| <5332276a-a158-44b4-a900-3e5c0778770b AT gmail DOT com> | |
| In-Reply-To: | <5332276a-a158-44b4-a900-3e5c0778770b@gmail.com> |
| X-AntiAbuse: | This header was added to track abuse, |
| please include it with any abuse report | |
| X-AntiAbuse: | Primary Hostname - vps106844.inmotionhosting.com |
| X-AntiAbuse: | Original Domain - cygwin.com |
| X-AntiAbuse: | Originator/Caller UID/GID - [47 12] / [47 12] |
| X-AntiAbuse: | Sender Address Domain - ariesinternet.com |
| X-Get-Message-Sender-Via: | vps106844.inmotionhosting.com: authenticated_id: |
| cygwin DOT forums AT ariesinternet DOT com | |
| X-Authenticated-Sender: | vps106844.inmotionhosting.com: cygwin DOT forums AT ariesinternet DOT com |
| X-Content-Filtered-By: | Mailman/MimeDel 2.1.30 |
| X-BeenThere: | cygwin AT cygwin DOT com |
| X-Mailman-Version: | 2.1.30 |
| List-Id: | General Cygwin discussions and problem reports <cygwin.cygwin.com> |
| List-Unsubscribe: | <https://cygwin.com/mailman/options/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe> | |
| List-Archive: | <https://cygwin.com/pipermail/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-request AT cygwin DOT com?subject=help> |
| List-Subscribe: | <https://cygwin.com/mailman/listinfo/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=subscribe> | |
| From: | Paul McKinley via Cygwin <cygwin AT cygwin DOT com> |
| Reply-To: | Paul McKinley <Cygwin_Forums AT ariesinternet DOT com> |
| Errors-To: | cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com |
| Sender: | "Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com> |
| X-MIME-Autoconverted: | from base64 to 8bit by delorie.com id 502FndpE4039576 |
Hi, Reneé, thanks so much for your help! The command reports version 1.3, nothing else. Would it have listed additional versions, possibly in different paragraphs if supported? I use current version of Mozilla Thunderbird for an email client, no issues with smtp sending there and connecting to the same email server so I know that side's working, but it's using the Thunderbird ssl stack, not openssl from cygwin. Is TLS 1.3 not supported in cygwin email yet? The error I get is the timeout while trying to read from SMTP server so it seems something's going wrong in the handshake sequence. Greeting the SMTP server... email: FATAL: Smtp error: Timeout(10) while trying to read from SMTP server <snip> --- SSL handshake has read 3669 bytes and written 455 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- On port 465 it connects but doesn't do STARTTLS. CONNECTED(00000005) Didn't find STARTTLS in server response, trying anyway... 100000000A000000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:ssl/record/rec_layer_s3.c:322: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 382 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) On 12/31/2024 7:51 PM, René Berber wrote: > On 12/31/2024 5:49 PM, Paul McKinley via Cygwin wrote: > >> I accidentally sent the previous reply directly to René, so included >> below. >> >> I created the registry entries and rebooted per other instructions >> from Google search: >> >> C:\Windows\System32>reg query >> HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols >> /s >> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS >> 1.0 >> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS >> 1.0\Client >>     Enabled   REG_DWORD   0x1 >> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS >> 1.0\Server >>     Enabled   REG_DWORD   0x1 >> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS >> 1.1 >> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS >> 1.1\Client >>     Enabled   REG_DWORD   0x1 >> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS >> 1.1\Server >>     Enabled   REG_DWORD   0x1 >> >> No joy: > [snip] > > Correcting my previous message, STARTTLS is port 587. > > I was right, the registry change is not needed, OpenSSL takes care, > and supports all versions. > > Tested again (with Postfix as server) and email works fine over port > 587, doesn't over port 465. I had previously used "email --verbose" > which is what causes email to behave as if I've asked for version > (i.e. -V kind of works, --verbose is taken as --version). > > The verbose option is useless, still shows a progress bar instead of > the actual protocol exchange. > > Next step for you is to check which version of TLS is suported by your > smtp server. It would be interesting to see if only 1.3 is accepted > and it doesn't work with eMail. > > Using port 587: > > $ openssl s_client -starttls smtp -showcerts -connect > mail.<server>:587 -servername <...> > CONNECTED(00000004) > depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 > verify return:1 > depth=1 C = US, O = Let's Encrypt, CN = R10 > verify return:1 > depth=0 CN = *.<server> > verify return:1 > --- > Certificate chain >  0 s:CN = *.<server> >   i:C = US, O = Let's Encrypt, CN = R10 >   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 >   v:NotBefore: Nov 14 19:29:40 2024 GMT; NotAfter: Feb 12 19:29:39 > 2025 GMT > [snip] > SSL handshake has read 3467 bytes and written 496 bytes > Verification: OK > --- > New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 > [snip] > > Same test over the 465 port show that the server doesn't have it enabled: > > 100000000A000000:error:8000006F:system library:BIO_connect:Connection > refused:crypto/bio/bio_sock2.c:114:calling connect() -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |