DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 502FndpE4039576 Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 502FndpE4039576 Authentication-Results: delorie.com; dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=hmNzVlVY X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 7C5583858D34 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1735832978; bh=qLlGYBgWxBrkV4RDt1C4oPXxdYhPQTkKRW9b59Oa6nA=; h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=hmNzVlVY5Tl7g+QBQ9VaBD2to4WRI06JDssdrqZh38RgQzBSlOqqw0ZSqaoBdUuW5 +s/aeJA+a7r5JFSSzvZcTe8EjgRSG05f08Bo6P3ssGwRSfkZFJVxksg5QKVo3t0+lW lOCitMZWA6qPdS4S+H/GFw2jvbLBPU79s8TuuuaU= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org BF1CD3858D1E ARC-Filter: OpenARC Filter v1.0.0 sourceware.org BF1CD3858D1E ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735832918; cv=none; b=q1ZNClRq6+DUfY5hMqtGQl7MprVx/MUqpu53JaY3r+AO83xUlU1GP0qXmDagKX9/D3yYaPl1a5OF3BwdzWTy334fBlEPw2enl6mI8/rsNruB6Ob52QlwpuYHMmqLbxA/Kujm6Svp0v7O1RKvAoNfxrM/lDAKVJ/P+or/evgY6m0= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735832918; c=relaxed/simple; bh=EX94byU0LBR9KLRDneAykILMT2+RVHrlZT/2NqYW2QI=; h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From; b=kKzvK4JAPqjlchf7/tNQePbQNoBlEBGR1jEX2f8nm8tZf1OYc3squFpfaD9T8xyqEhIuXob8hHMFAs7B3CswNL9czB5XWW7aqbNW88ndVBTL5TCU6kAGCoSPQxaJH2J/wt98f6o5NWmCN9l5yY4J5Nc5LH+/RgUh5QOf97cPowM= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org BF1CD3858D1E Message-ID: <9a281e75-c99f-4b9b-9a08-43b50958fc4d@ariesinternet.com> Date: Thu, 2 Jan 2025 10:48:37 -0500 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: cygwin /usr/bin/email To: cygwin AT cygwin DOT com References:

<131e8d1d-003b-4b52-880b-e045716db423 AT ariesinternet DOT com> <3acfba1b-3b95-48de-aaf8-ad4d645d3b1d AT ariesinternet DOT com> <5332276a-a158-44b4-a900-3e5c0778770b AT gmail DOT com> Content-Language: en-US In-Reply-To: <5332276a-a158-44b4-a900-3e5c0778770b@gmail.com> X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - vps106844.inmotionhosting.com X-AntiAbuse: Original Domain - cygwin.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - ariesinternet.com X-Get-Message-Sender-Via: vps106844.inmotionhosting.com: authenticated_id: cygwin DOT forums AT ariesinternet DOT com X-Authenticated-Sender: vps106844.inmotionhosting.com: cygwin DOT forums AT ariesinternet DOT com X-Content-Filtered-By: Mailman/MimeDel 2.1.30 X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.30 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Paul McKinley via Cygwin Reply-To: Paul McKinley Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com Sender: "Cygwin" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 502FndpE4039576 Hi, Reneé, thanks so much for your help! The command reports version 1.3, nothing else. Would it have listed additional versions, possibly in different paragraphs if supported? I use current version of Mozilla Thunderbird for an email client, no issues with smtp sending there and connecting to the same email server so I know that side's working, but it's using the Thunderbird ssl stack, not openssl from cygwin. Is TLS 1.3 not supported in cygwin email yet? The error I get is the timeout while trying to read from SMTP server so it seems something's going wrong in the handshake sequence. Greeting the SMTP server... email: FATAL: Smtp error: Timeout(10) while trying to read from SMTP server --- SSL handshake has read 3669 bytes and written 455 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- On port 465 it connects but doesn't do STARTTLS. CONNECTED(00000005) Didn't find STARTTLS in server response, trying anyway... 100000000A000000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:ssl/record/rec_layer_s3.c:322: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 382 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) On 12/31/2024 7:51 PM, René Berber wrote: > On 12/31/2024 5:49 PM, Paul McKinley via Cygwin wrote: > >> I accidentally sent the previous reply directly to René, so included >> below. >> >> I created the registry entries and rebooted per other instructions >> from Google search: >> >> C:\Windows\System32>reg query >> HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols >> /s >> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS >> 1.0 >> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS >> 1.0\Client >> Enabled REG_DWORD 0x1 >> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS >> 1.0\Server >> Enabled REG_DWORD 0x1 >> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS >> 1.1 >> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS >> 1.1\Client >> Enabled REG_DWORD 0x1 >> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS >> 1.1\Server >> Enabled REG_DWORD 0x1 >> >> No joy: > [snip] > > Correcting my previous message, STARTTLS is port 587. > > I was right, the registry change is not needed, OpenSSL takes care, > and supports all versions. > > Tested again (with Postfix as server) and email works fine over port > 587, doesn't over port 465. I had previously used "email --verbose" > which is what causes email to behave as if I've asked for version > (i.e. -V kind of works, --verbose is taken as --version). > > The verbose option is useless, still shows a progress bar instead of > the actual protocol exchange. > > Next step for you is to check which version of TLS is suported by your > smtp server. It would be interesting to see if only 1.3 is accepted > and it doesn't work with eMail. > > Using port 587: > > $ openssl s_client -starttls smtp -showcerts -connect > mail.:587 -servername <...> > CONNECTED(00000004) > depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 > verify return:1 > depth=1 C = US, O = Let's Encrypt, CN = R10 > verify return:1 > depth=0 CN = *. > verify return:1 > --- > Certificate chain > 0 s:CN = *. > i:C = US, O = Let's Encrypt, CN = R10 > a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 > v:NotBefore: Nov 14 19:29:40 2024 GMT; NotAfter: Feb 12 19:29:39 > 2025 GMT > [snip] > SSL handshake has read 3467 bytes and written 496 bytes > Verification: OK > --- > New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 > [snip] > > Same test over the 465 port show that the server doesn't have it enabled: > > 100000000A000000:error:8000006F:system library:BIO_connect:Connection > refused:crypto/bio/bio_sock2.c:114:calling connect() -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple