Haraka icon indicating copy to clipboard operation
Haraka copied to clipboard
verified publisher icon haraka

rejectUnauthorized=true always fails the client

Open tugrul opened this issue 6 years ago • 0 comments

I tried on two different machines. Host 1 has purchased ssl certificate. Host 2 has letsencrypt ssl certificate.

also I tried secureProtocol=TLS_method option but nothing changed.

system info

host 1:

Haraka | Haraka.js — Version: 2.8.18
 --- | :---
Node | v8.12.0
OS | Linux rank 3.2.0-4-amd64 #1 SMP Debian 3.2.65-1+deb7u1 x86_64 GNU/Linux
openssl | OpenSSL 1.0.2o  27 Mar 2018

host 2:

Haraka | Haraka.js — Version: 2.8.24
 --- | :---
Node | v10.16.2
OS | Linux flash 4.19.0-5-cloud-amd64 #1 SMP Debian 4.19.37-5+deb10u1 (2019-07-19) x86_64 GNU/Linux
openssl | OpenSSL 1.1.1c  28 May 2019

Expected behavior

Start tls session.

Observed behavior

Both servers same issue:

[000.591] |   | We can use this server
-- | -- | --
[000.591] |   | TLS is an option on this server
[000.591] | --> | STARTTLS
[000.676] | <-- | 220 Go ahead.
[000.677] |   | STARTTLS command works on this server
[000.860] |   | Cannot convert to SSL (reason: SSL connect attempt failed error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure)

Steps to reproduce

  1. change rejectUnauthorized=false to rejectUnauthorized= true in tls.ini file
  2. change requestCert =false to requestCert = true in tls.ini file

tugrul avatar Aug 15 '19 11:08 tugrul