gmail :587 +TLS again!

Discussion in 'Linux Networking' started by no.top.post, Mar 4, 2013.

  1. no.top.post

    no.top.post Guest

    I normally ignore "buy youself a new one, like mine" advice.
    Besides, I can't believe that current gmail won't work on a 2009 OS.
    So I tried to follow the stunnel route, but found: --
    *** TLS not available: requires Net::SSLeay. Exiting
    # locate SSLeay == ..some manS
    # which SSLeay == none

    So back to this route, which seemed too complex previously:---
    From: Ivan Shmakov <>
    Newsgroups: comp.mail.misc,comp.internet.services.google,comp.os.linux.networking
    Subject: Re: What linux clients do gmail:smtp TLS/SSL
    Date: Fri, 08 Feb 2013 09:48:58 +0000
    ....
    FWIW, I use Gnus/Emacs on my GNU/Linux system for both Usenet
    and email, including sending via Google Mail's :587 (RFC 6409.)
    ....
    ===== start Ivan's good example log ===
    Consider, for instance, the following example session:

    $ gnutls-cli --starttls --port=submission -- smtp.gmail.com
    |<1>| Note that the security level of the Diffie-Hellman key exchange has been lowered to 512 bits and this may allow decryption of the session data
    Processed 152 CA certificate(s).
    Resolving 'smtp.gmail.com'...
    Connecting to '2a00:1450:4010:c04::6d:587'...

    - Simple Client Mode:

    220 mx.google.com ESMTP pz15sm16403877lab.3 - gsmtp
    EHLO MX.EXAMPLE.NET <-C: EHLO
    250-mx.google.com at your service, [2XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX]
    250-SIZE 35882577
    250-8BITMIME
    250-STARTTLS
    250 ENHANCEDSTATUSCODES
    STARTTLS <-C
    220 2.0.0 Ready to start TLS

    [There, one sends EOF (C-d) for gnutls-cli(1) to start TLS.] <--* !

    *** Starting TLS handshake
    - Peer's certificate is trusted
    - The hostname in the certificate matches 'smtp.gmail.com'.
    - Session ID: 28:0B:94:74:7F:4A:5D:B7:72:DA:C6:EA:50:63:B8:6B:B9:C7:F7:02:61:60:8B:0E:81:63:45:CE:24:31:9C:30
    .....
    ===== end Ivan's good example log === My best log looks similar:-

    # gnutls-cli --starttls --port 587 smtp.gmail.com
    Resolving 'smtp.gmail.com'...
    Connecting to '173.194.67.108:587'...

    - Simple Client Mode:

    220 mx.google.com ESMTP fg6sm17705779wib.10 - gsmtp
    EHLO gmail.com
    250-mx.google.com at your service, [41.174.10.205]
    250-SIZE 35882577
    250-8BITMIME
    250-STARTTLS
    250 ENHANCEDSTATUSCODES
    STARTTLS
    220 2.0.0 Ready to start TLS
    *** Starting TLS handshake
    - Certificate type: X.509
    - Got a certificate list of 2 certificates.

    - Certificate[0] info:
    # The hostname in the certificate matches 'smtp.gmail.com'.
    # valid since: Wed Sep 12 13:57:50 SAST 2012
    # expires at: Fri Jun 7 21:43:27 SAST 2013
    # fingerprint: 96:AC:76:52:9F:17:E4:1D:28:07:80:3A:8E:00:A8:41
    # Subject's DN: C=US,ST=California,L=Mountain View,O=Google Inc,CN=smtp.gmail.com
    # Issuer's DN: C=US,O=Google Inc,CN=Google Internet Authority

    - Certificate[1] info:
    # valid since: Mon Jun 8 22:43:27 SAST 2009
    # expires at: Fri Jun 7 21:43:27 SAST 2013
    # fingerprint: 33:A0:EA:98:0E:3D:6E:26:1D:77:2D:82:DF:66:00:7D
    # Subject's DN: C=US,O=Google Inc,CN=Google Internet Authority
    # Issuer's DN: C=US,O=Equifax,OU=Equifax Secure Certificate Authority

    - Peer's certificate issuer is unknown
    - Peer's certificate is NOT trusted
    - Version: TLS1.1
    - Key Exchange: RSA
    - Cipher: ARCFOUR-128
    - MAC: SHA1
    - Compression: NULL
    ^C
    ============ > EXIT

    OMG what IS this all about CertificateS ?!
     
    no.top.post, Mar 4, 2013
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.