[Help-gnutls] Re: GnuTLS 1.5.1 for Windows

[Ralf Angeli]

* Simon Josefsson (2006-09-26) writes:

> No, you'll need to start gnutls-cli, wait for the server to respond
> ("220 smtp08...") then type:
>
> starttls
>
> wait for the server to ack the request to start TLS ("220 OpenSSL...")
> and then type C-d to invoke the TLS layer.  Once it finishes, you are
> talking to the server under the encrypted layer.  If you could then
> type:
>
> EHLO foo
>
> at that point, and show me the output, I'll know that the TLS layer
> actually works properly.

Doesn't seem like it works.  I get the following output.  `C-d' was
typed after the line with "220 OpenSSL...".  After I inserted "EHLO
foo <RET>" about 20 seconds passed and then the indicated error was
thrown.

c:\foo>gnutls-cli --port 25 --starttls smtp.web.de
gnutls-cli --port 25 --starttls smtp.web.de
Resolving 'smtp.web.de'...
Connecting to '217.72.192.157:25'...

- Simple Client Mode:

220 smtp07.web.de ESMTP WEB.DE V4.107#114 Tue, 26 Sep 2006 19:05:24 +0200
starttls
220 OpenSSL/0.9.7beta go ahead
*** Starting TLS handshake
- Certificate type: X.509
 - Got a certificate list of 1 certificates.

 - Certificate[0] info:
 # The hostname in the certificate matches 'smtp.web.de'.
 # valid since: Tue Feb  15:51:50 Westeurop\344ische Normalzeit 2007
 # expires at: Wed Feb  15:51:50 Westeurop\344ische Normalzeit 2007
 # fingerprint: D1:7A:1B:CB:4E:96:CD:DC:E2:D0:39:41:D5:F7:CC:B6
 # Subject's DN: C=DE,ST=Baden-Wuerttemberg,L=Karlsruhe,O=WEB.DE GmbH,CN=smtp.web.de
 # Issuer's DN: C=ZA,ST=Western Cape,L=Cape Town,O=Thawte Consulting cc,OU=Certification Services Division,CN=Thawte Premium Server CA,EMAIL=premium-server at thawte.com


- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS 1.0
- Key Exchange: RSA
- Cipher: AES 256 CBC
- MAC: SHA
- Compression: NULL
EHLO foo
*** gnutls_bye() error: A record packet with illegal version was received.

c:\foo>
Process shell finished



-- 
Ralf