Check for SMTP / Dovecot TLS from command line with OpenSSL

Check for SMTP TLS from command line with OpenSSL

run
root@mx:~ # openssl s_client -connect mx.mbctux.com:25 -starttls smtp |less
---
Certificate chain
0 s:/CN=mx.mbctux.com
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgISA3VjP7Yml8uoD7VdEtW90cthMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODExMjIxMjIzMDlaFw0x
OTAyMjAxMjIzMDlaMBgxFjAUBgNVBAMTDW14Lm1iY3R1eC5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAXf1AjzuEFdVg6t3184dwrXMF0jxKjWS/
b5/+Z8URFD7xG1tGZe/IRIY+5z+cfPAB0DNBXmlygQER/3xKrZPD8rz8VzTpbImQ
C8easXhxZAU4UWpYxcKOINp9QJjw+Uxe7tCmhlG2Gafa+Ip61xc1HfI/zSWdMq2o
G8D5+uMUF7iaJg+3dUo/I/gY84MamW5udllN4+3SM08zeCO+S+x5UzjdmY13xDL1
SdQNo/VNuqEbaW3IJqPG07XASikp1qOtVDD38XHK7/T+ouNBL263r7S7ntEETDdg
M5IeFZoJUoLCJPtUVbwjQhhiisGkPMfn+a8lhtH6vZx2q2yxr87nAgMBAAGjggKA
MIICfDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMekHrmS9p7Fwxo7FlTx6Bv8lMv4
MB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMw
YTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9y
ZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9y
Zy8wNAYDVR0RBC0wK4IKbWJjdHV4LmNvbYINbXgubWJjdHV4LmNvbYIOd3d3Lm1i
Y3R1eC5jb20wTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAm
BggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEGBgorBgEE
AdZ5AgQCBIH3BIH0APIAdwB0ftqDMa0zEJEhnM4lT0Jwwr/9XkIgCMY3NXnmEHvM
VgAAAWc7lq1OAAAEAwBIMEYCIQD+mqGD49ndDORQlcCxuQ1uEMCzM/hm08SvbpZP
skkiqQIhAM5YvE5HJruuHG1LnzA7KXcKDZv+F06tvlDdcrMCCKRMAHcAKTxRllTI
OWW6qlD8WAfUt2+/WHopctykwwz05UVH9HgAAAFnO5as4wAABAMASDBGAiEAjT6S
NlCSwtCdaPk0w+oSeXokuEwMBziK7eE4UpJPGPUCIQCJ2N7n4kUczZeXWpjYrRiC
DdUDIy0oGj5VZN1AoBZfszANBgkqhkiG9w0BAQsFAAOCAQEAQo1b/OXOjFaGAXhD
:250 SMTPUTF8
trtnJg==
-----END CERTIFICATE-----
subject=/CN=mx.mbctux.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3436 bytes and written 335 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 1F32D91B2491AE5AF92C871FD20D41CA4CD62B2C5BD3540A96BB52F1DD438920
Session-ID-ctx:
Master-Key: 618A574D47D12DEBED5492EC9D644935EB63A7CABC9CC9897041CD16EDE3E011E77C93305F7DA1F4BB9628F506D79C9A
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 95 dc 24 2c 13 5e bb af-cd 56 1e cb 2d ec bb eb ..$,.^...V..-...
0010 - 5c 3a f2 4b f0 24 23 ce-69 7f dd 58 bb 1b b3 55 \:.K.$#.i..X...U
0020 - 0b 2d 8a 7c f9 80 8c 04-f5 9b e9 09 88 2f 12 c7 .-.|........./..
0030 - 9f 25 00 8f 44 5b 0a ee-9b ad e7 6c 1e ed 54 b0 .%..D[.....l..T.
0040 - 4b 92 1e 3b 18 c9 c9 9e-14 10 14 a8 4d 98 14 f5 K..;........M...
0050 - bc 72 8a e5 b2 7a 9a d5-fe a2 00 3e 4c 9c 6a dd .r...z.....>L.j.
0060 - 23 be d4 75 61 c4 28 79-79 51 c2 68 9d 37 7d 14 #..ua.(yyQ.h.7}.
0070 - cf c2 16 7c a8 24 fc 6f-c9 ea 5c c6 b7 cb ea a0 ...|.$.o..\.....
0080 - 67 71 c9 a8 8d e2 49 4b-5d fb d6 18 ff ce 39 2c gq....IK].....9,
0090 - 2a 80 60 f3 7a fa 67 37-ec eb f2 74 b2 de 8d af *.`.z.g7...t....
00a0 - 75 71 75 3e 35 12 dc 01-f1 c4 8c e6 fd a3 4a 8d uqu>5.........J.

Start Time: 1542893514
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---

Check for Dovecot TLS from command line with OpenSSL

root@mx:~# openssl s_client -connect mx.mbctux.com:pop3s|less

CONNECTED(00000003)
---
Certificate chain
0 s:/CN=mx.mbctux.com
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgISA3VjP7Yml8uoD7VdEtW90cthMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODExMjIxMjIzMDlaFw0x
OTAyMjAxMjIzMDlaMBgxFjAUBgNVBAMTDW14Lm1iY3R1eC5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAXf1AjzuEFdVg6t3184dwrXMF0jxKjWS/
b5/+Z8URFD7xG1tGZe/IRIY+5z+cfPAB0DNBXmlygQER/3xKrZPD8rz8VzTpbImQ
C8easXhxZAU4UWpYxcKOINp9QJjw+Uxe7tCmhlG2Gafa+Ip61xc1HfI/zSWdMq2o
G8D5+uMUF7iaJg+3dUo/I/gY84MamW5udllN4+3SM08zeCO+S+x5UzjdmY13xDL1
SdQNo/VNuqEbaW3IJqPG07XASikp1qOtVDD38XHK7/T+ouNBL263r7S7ntEETDdg
M5IeFZoJUoLCJPtUVbwjQhhiisGkPMfn+a8lhtH6vZx2q2yxr87nAgMBAAGjggKA
MIICfDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMekHrmS9p7Fwxo7FlTx6Bv8lMv4
MB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMw
YTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9y
ZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9y
Zy8wNAYDVR0RBC0wK4IKbWJjdHV4LmNvbYINbXgubWJjdHV4LmNvbYIOd3d3Lm1i
Y3R1eC5jb20wTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAm
BggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEGBgorBgEE
AdZ5AgQCBIH3BIH0APIAdwB0ftqDMa0zEJEhnM4lT0Jwwr/9XkIgCMY3NXnmEHvM
VgAAAWc7lq1OAAAEAwBIMEYCIQD+mqGD49ndDORQlcCxuQ1uEMCzM/hm08SvbpZP
skkiqQIhAM5YvE5HJruuHG1LnzA7KXcKDZv+F06tvlDdcrMCCKRMAHcAKTxRllTI
OWW6qlD8WAfUt2+/WHopctykwwz05UVH9HgAAAFnO5as4wAABAMASDBGAiEAjT6S
NlCSwtCdaPk0w+oSeXokuEwMBziK7eE4UpJPGPUCIQCJ2N7n4kUczZeXWpjYrRiC
DdUDIy0oGj5VZN1AoBZfszANBgkqhkiG9w0BAQsFAAOCAQEAQo1b/OXOjFaGAXhD
39gHo/u2lXUlC/6zf+msL4I1PeNJSU51xIo9PKLIW1YUJGUxeI37sELQW4WZPi97
gD6XqpZrF4UaKQ1031PcagNuWQftDL2utHhCToY4q6fIWYW6q8K+hRqDm7aqFOaV
trtnJg==
-----END CERTIFICATE-----
subject=/CN=mx.mbctux.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 2078 bytes and written 326 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-CHACHA20-POLY1305
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-CHACHA20-POLY1305
Session-ID: F61669A6BAD65DBCBC734AE499F140B4A8AB002E2C18D42B5FAEB2F386F29490
Session-ID-ctx:
Master-Key: 4E4033D914B33AEE69077C8B9EE27E8D097F659B7CB80F71166F4A065809D13CAB2DE05545DE1142E2BFB007F9616611
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 7b 66 70 61 b1 6d f6 89-84 c6 0d 9c 5c ed 95 4d {fpa.m......\..M
0010 - de f3 1b 85 a0 58 c9 d6-2f 32 f6 dd 0c de ca af .....X../2......
0020 - 51 37 72 1a d2 bb f5 cf-90 a8 47 fd 9c 85 05 6e Q7r.......G....n
0030 - 86 40 69 a6 e6 91 da cd-9b 9a c5 2d b5 aa 04 cf .@i........-....

Start Time: 1542893810
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: yes
---
+OK Dovecot ready.


 

هرگونه نشر و کپی برداری بدون ذکر منبع و نام نویسنده دارای اشکال اخلاقی می باشد.
مطالب و دوره های آموزشی مرتبط
مطالب و دوره های آموزشی مرتبط
مطالب و دوره های آموزشی مرتبط

 

برچسب ها: sysadmin, Debian, Debian GNU/Linux, openssl, Mail Server, TLS, Postfix, Dovecot

 

Copyright © 2019 itstorage.co