Mailing List CGatePro@mail.stalker.com Message #100594
From: Tamas Levente <levi@tamisoft.com>
Subject: TLS problem with huge acceptable client certs
Date: Thu, 02 Sep 2010 07:31:37 -0700
To: <CGatePro>
X-Mailer: CommuniGate Pro Pronto 3.8
Hi,
we are experiencing a problem that seems to be realted to a fact that CGP (5.3.8 and possibly all before that) only reads in 16k of cert on TLS negotiation. I attached the CGP log and the console openssl connection results, you can see CGP after read in 16k of data decides that the certificate is broken and wants to proceed with cleartext, but the remote side is still pushing the remaining part of the certificate hence the weird reply to our QUIT.
 
It should be easy to fix it, just read the cert to EOF or certsize , without size limit, or if you are affraid that it might get hacked, choose a little bigger buffer size, 64k-128k must do it. you can test it with postmaster@hoti.hu address.
 
15:43:27.110 5 SMTP-088085() started
15:43:27.110 5 SMTP-088085(hoti.hu) processing
15:43:27.113 5 SMTP-088085(hoti.hu) 1 relay(s) found:mail.hoti.hu
15:43:27.113 4 SMTP-088085(hoti.hu) connecting [193.23.138.91]:65535 -> [195.70.35.118]:25
15:43:27.563 5 SMTP-088085(hoti.hu) inp: 220 mail2.netforum.hu ESMTP mail server ready. Wed, 25 Aug 2010 15:43:27 +0200
15:43:27.563 4 SMTP-088085(hoti.hu) connected to mail.hoti.hu [195.70.35.118]:25, ESMTP
15:43:27.563 5 SMTP-088085(hoti.hu) out: EHLO mail.tamisoft.com\r\n
15:43:27.564 5 SMTP-088085(hoti.hu ) inp: 250-mail2.netforum.hu Hello mail.tamisoft.com [193.23.138.91]
15:43:27.564 5 SMTP-088085(hoti.hu) inp: 250-SIZE 15120000
15:43:27.564 5 SMTP-088085(hoti.hu) inp: 250-8BITMIME
15:43:27.564 5 SMTP-088085(hoti.hu) inp: 250-PIPELINING
15:43:27.564 5 SMTP-088085(hoti.hu) inp: 250-AUTH PLAIN LOGIN
15:43:27.564 5 SMTP-088085(hoti.hu) inp: 250-STARTTLS
15:43:27.564 5 SMTP-088085(hoti.hu) inp: 250 HELP
15:43:27.564 4 SMTP-088085(hoti.hu) Connected. SIZE TLS AUTH
15:43:27.564 5 SMTP-088085(hoti.hu) out: STARTTLS\r\n
15:43:27.633 5 SMTP-088085(hoti.hu) inp: 220 TLS go ahead
15:43:27.633 5 SMTP-088085( hoti.hu) TLS out 22: (53) 01 00 00 31 03 00 42 33 38 34 30 30 30 30 31 33 45 30 37 44 31 39 36 39 30 45 39 35 30 43 45 44 42 36 45 42 42 45 00 00 0A 00 0A 00 05 00 04 00 03 00 06 01 00
15:43:27.634 5 SMTP-088085(hoti.hu) TLS inp 22: (74) 02 00 00 46 03 00 4C 75 1D FF E5 3A AC 7F D3 B7 80 88 DB 4F E4 F4 F1 BB 02 77 2F 46 3B 96 BB 91 BD 27 C6 87 56 39 20 A0 DC 76 70 D3 B6 59 FA 4A A2 0C 1A 7F 9C F2 6F 12 8B BB C9 C5 DE EA 3E 24 E7 F5 B4 35 B4 0C 6E 00 0A 00
15:43:27.634 2 TLS-069570 session created for SMTP-088085, v.0, method=DES3_SHA
15:43:27.634 4 SMTP-088085(hoti.hu) TLSv0 handshake: 'server_hello' processed; method=DES3_SHA, residual=0
15:43:27.634 5 SMTP-088085(hoti.hu) TLS inp 22: (447) 0B 00 01 BB 00 01 B8 00 01 B5 30 82 01 B1 30 82 01 1A 02 09 00 85 1D 4E 22 27 C7 17 DF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 1D 31 1B 30 19 06 03 55 04 03 13 12 6D 61 69 6C 2D 61 2E 6E 65 74 66 6F 72 75 6D 2E 68 75 30 1E 17 0D 30 39 30 37 30 31 32 32 32 32 32 34 5A 17 0D 31 39 30 36 32 39 32 32 32 32 32 34 5A 30 1D 31 1B 30 19 06 03 55 04 03 13 12 6D 61 69 6C 2D 61 2E 6E 65 74 66 6F 72 75 6D 2E 68 75 30 81 9F 30 0D 06 09 2A 86 48
15:43:27.634 4 SMTP-088085(hoti.hu) TLSv0 inp(443): certificate
15:43:27.634 4 SMTP-088085(hoti.hu) TLS 1024-bit certificate read
15:43:27.637 5 SMTP-088085(hoti.hu) TLS inp 22: (16384) 0D 00 4B D6 02 01 02 4B D1 00 B7 30 81 B4 31 0B 30 09 06 03 55 04 06 13 02 42 52 31 13 30 11 06 03 55 04 0A 13 0A 49 43 50 2D 42 72 61 73 69 6C 31 3D 30 3B 06 03 55 04 0B 13 34 49 6E 73 74 69 74 75 74 6F 20 4E 61 63 69 6F 6E 61 6C 20 64 65 20 54 65 63 6E 6F 6C 6F 67 69 61 20 64 61 20 49 6E 66 6F 72 6D 61 63 61 6F 20 2D 20 49 54 49 31 11 30 0F 06 03 55 04 07 13 08 42 72 61 73 69 6C 69 61 31 0B 30 09 06 03 55 04 08 13 02 44 46 31 31 30 2F 06
15:43:27.637 3 SMTP-088085(hoti.hu) TLSv0 handshake: input record length 19414/16384 is incorrect
15:43:27.837 5 SMTP-088085( hoti.hu) TLS out 21: (2) 02 32
15:43:27.837 2 TLS-069570 session closed by SMTP-088085, refCount=1
15:43:27.837 3 SMTP-088085(hoti.hu) failed to establish a secure connection with [195.70.35.118]:25. Error Code=not a TLS handshake-type record
15:43:27.837 4 SMTP-088085(hoti.hu) [12883883] sending
15:43:27.837 5 SMTP-088085(hoti.hu) out: MAIL FROM:<levi@mail.tamisoft.com> SIZE=502\r\n
15:43:27.837 5 SMTP-088085(hoti.hu) inp: \003U\004\006\019\002PL1\0310\029\006\003U\004
15:43:27.837 1 SMTP-088085(hoti.hu) [12883883] return-path rejected, got:\003U\004\006\019\002PL1\0310\029\006\003U\004
15:43:27.837 5 SMTP-088085(hoti.hu) out: QUIT\r\n
15:43:27.837 5 SMTP-088085(hoti.hu) inp: \019\022TP Internet Sp. z o.o.1$0"\006\003U\004\011\019\027Centrum Certyfikacji Signet1\0310\029\006\003U\004\003\019\022CC Signet - CA Klasa 1
15:43:27.837 4 SMTP-088085(hoti.hu) closing connection
15:43:27.837 4 SMTP-088085(hoti.hu) releasing stream
 
This is how it looks like from CLI:
openssl s_client -connect 195.70.35.118:25 -starttls smtp
CONNECTED(00000003)
depth=0 CN = mail-a.netforum.hu
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = mail-a.netforum.hu
verify return:1
---
Certificate chain
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIBsTCCARoCCQCFHU4iJ8cX3zANBgkqhkiG9w0BAQUFADAdMRswGQYDVQQDExJt
YWlsLWEubmV0Zm9ydW0uaHUwHhcNMDkwNzAxMjIyMjI0WhcNMTkwNjI5MjIyMjI0
WjAdMRswGQYDVQQDExJtYWlsLWEubmV0Zm9ydW0uaHUwgZ8wDQYJKoZIhvcNAQEB
BQADgY0AMIGJAoGBALRsu1r3jkKxNkuEiHLRLt6zK5dXkWy+mv1OrZAF8ExiMLTb
rExi70sgRuH149DdiQ/v95V75JGxwWZo+J8uzPWCdoybNWbSSOMgItlMkX+y93EF
gIlXnvYxL14q6O+9AFj7Qte3PJW1v6ZYFqO5FyaJnGW/nHxK59bPyq2IwrPLAgMB
AAEwDQYJKoZIhvcNAQEFBQADgYEAHsqSt+9Qa1jyU5jL7IhOXvlLcumUvyuf5w3O
6o4T976hx1jiaQBM0wjIbI9yig+PB0crHOCkQHTcfOV+rJksQ9lEMOrjq2IWaZ/U
5UDAuUTdhmSmI0VWXv1n7lgjOU0iM0nFSChB4BBvdPA0qvI0Z+5QMcN16sJtMwQ7
Cox1wJI=
-----END CERTIFICATE-----
subject=/CN=mail-a.netforum.hu
---
Acceptable client certificate CA names
/C=BR/O=ICP-Brasil/OU=Instituto Nacional de Tecnologia da Informacao - ITI/L=Brasilia/ST=DF/CN=Autoridade Certificadora Raiz Brasileira
/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org
/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root
/C=DE/ST=Hessen/L=Fulda/O=Debconf/CN=Debconf CA/emailAddress=joerg@debian.org
/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
/C=US/ST=DC/L=Washington/O=ABA.ECOM, INC./CN=ABA.ECOM Root CA/emailAddress=admin@digsigtrust.com
/C=US/O=AOL Time Warner Inc./OU=America Online Inc./CN=AOL Time Warner Root Certification Authority 1
/C=US/O=AOL Time Warner Inc./OU=America Online Inc./CN=AOL Time Warner Root Certification Authority 2
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root
/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Public CA Root
/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Qualified CA Root
/C=US/O=America Online Inc./CN=America Online Root Certification Authority 1
/C=US/O=America Online Inc./CN=America Online Root Certification Authority 2
/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Certification Authority
/C=EU/O=AC Camerfirma SA CIF A82743287/OU=http://www.chambersign.org/CN=Chambers of Commerce Root
/C=EU/O=AC Camerfirma SA CIF A82743287/OU=http://www.chambersign.org/CN=Global Chambersign Root
/C=FR/O=Certplus/CN=Class 2 Primary CA
/C=PL/O=Unizeto Sp. z o.o./CN=Certum CA
/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=Secure Certificate Services
/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=Trusted Certificate Services
/C=US/O=Digital Signature Trust/OU=DST ACES/CN=DST ACES CA X6
/O=Digital Signature Trust Co./CN=DST Root CA X3
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
/C=US/O=Digital Signature Trust Co./OU=DSTCA E1
/C=us/ST=Utah/L=Salt Lake City/O=Digital Signature Trust Co./OU=DSTCA X1/CN=DST RootCA X1/emailAddress=ca@digsigtrust.com
/C=US/O=Digital Signature Trust Co./OU=DSTCA E2
/C=us/ST=Utah/L=Salt Lake City/O=Digital Signature Trust Co./OU=DSTCA X2/CN=DST RootCA X2/emailAddress=ca@digsigtrust.com
/O=Entrust.net/OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.)/OU=(c) 2000 Entrust.net Limited/CN=Entrust.net Client Certification Authority
/O=Entrust.net/OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.)/OU=(c) 2000 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority
/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)
/C=US/O=Entrust.net/OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab./OU=(c) 1999 Entrust.net Limited/CN= Entrust.net Client Certification Authority
/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority
/C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority
/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
/C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1
/C=US/O=Equifax Secure Inc./CN=Equifax Secure eBusiness CA-1
/C=US/O=Equifax Secure/OU=Equifax Secure eBusiness CA-2
/C=ES/L=C/ Muntaner 244 Barcelona/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068/emailAddress=ca@firmaprofesional.com
/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root
/C=US/O=GTE Corporation/CN=GTE CyberTrust Root
/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2
/C=US/O=GeoTrust Inc./CN=GeoTrust Primary Certification Authority
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA 2
/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
/C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./O=ips@mail.ips.es C.I.F. B-60929452/OU=IPS CA CLASE1 Certification Authority/CN=IPS CA CLASE1 Certification Authority/emailAddress=ips@mail.ips.es
/C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./O=ips@mail.ips.es C.I.F. B-60929452/OU=IPS CA CLASE3 Certification Authority/CN=IPS CA CLASE3 Certification Authority/emailAddress=ips@mail.ips.es
/C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./O=ips@mail.ips.es C.I.F. B-60929452/OU=IPS CA CLASEA1 Certification Authority/CN=IPS CA CLASEA1 Certification Authority/emailAddress=ips@mail.ips.es
/C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./O=ips@mail.ips.es C.I.F. B-60929452/OU=IPS CA CLASEA3 Certification Authority/CN=IPS CA CLASEA3 Certification Authority/emailAddress= ips@mail.ips.es
/C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./O=ips@mail.ips.es C.I.F. B-60929452/OU=IPS CA Chained CAs Certification Authority/CN=IPS CA Chained CAs Certification Authority/emailAddress=ips@mail.ips.es
/C=ES/ST=BARCELONA/L=BARCELONA/O=IPS Seguridad CA/OU=Certificaciones/CN=IPS SERVIDORES/emailAddress=ips@mail.ips.es
/C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./O=ips@mail.ips.es C.I.F. B-60929452/OU=IPS CA Timestamping Certification Authority/CN=IPS CA Timestamping Certification Authority/emailAddress= ips@mail.ips.es
/C=HU/L=Budapest/O=NetLock Halozatbiztonsagi Kft./OU=Tanusitvanykiadok/CN=NetLock Uzleti (Class B) Tanusitvanykiado
/C=HU/L=Budapest/O=NetLock Halozatbiztonsagi Kft./OU=Tanusitvanykiadok/CN=NetLock Expressz (Class C) Tanusitvanykiado
/C=HU/ST=Hungary/L=Budapest/O=NetLock Halozatbiztonsagi Kft./OU=Tanusitvanykiadok/CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado
/C=HU/L=Budapest/O=NetLock Halozatbiztonsagi Kft./OU=Tanusitvanykiadok/CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado/emailAddress=info@netlock.hu
/C=BM/O=QuoVadis Limited/OU=Root Certification Authority/CN=QuoVadis Root Certification Authority
/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2
/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3
/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 3 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
/O=RSA Security Inc/OU=RSA Security 1024 V3
/O=RSA Security Inc/OU=RSA Security 2048 V3
/C=US/O=SecureTrust Corporation/CN=SecureTrust CA
/C=US/O=SecureTrust Corporation/CN=Secure Global CA
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1
/C=FI/O=Sonera/CN=Sonera Class1 CA
/C=FI/O=Sonera/CN=Sonera Class2 CA
/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA
/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority
/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
/C=IL/ST=Israel/L=Eilat/O=StartCom Ltd./OU=CA Authority Dep./CN=Free SSL Certification Authority/emailAddress=admin@startcom.org
/C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2
/C=CH/O=SwissSign AG/CN=SwissSign Platinum CA - G2
/C=CH/O=SwissSign AG/CN=SwissSign Silver CA - G2
/C=ch/O=Swisscom/OU=Digital Certificate Services/CN=Swisscom Root CA 1
/C=DE/ST=Hamburg/L=Hamburg/O=TC TrustCenter for Security in Data Networks GmbH/OU=TC TrustCenter Class 2 CA/emailAddress=certificate@trustcenter.de
/C=DE/ST=Hamburg/L=Hamburg/O=TC TrustCenter for Security in Data Networks GmbH/OU=TC TrustCenter Class 3 CA/emailAddress=certificate@trustcenter.de
/C=DK/O=TDC Internet/OU=TDC Internet Root CA
/C=DK/O=TDC/CN=TDC OCES CA
/CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=ANKARA/O=(c) 2005 T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E.
/CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=Ankara/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005
/C=TW/O=Government Root Certification Authority
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services Division/CN=Thawte Personal Basic CA/emailAddress=personal-basic@thawte.com
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services Division/CN=Thawte Personal Freemail CA/emailAddress=personal-freemail@thawte.com
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services Division/CN=Thawte Personal Premium CA/emailAddress=personal-premium@thawte.com
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Server CA/emailAddress=server-certs@thawte.com
/C=ZA/ST=Western Cape/L=Durbanville/O=Thawte/OU=Thawte Certification/CN=Thawte Timestamping CA
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU= http://www.usertrust.com/CN=UTN-USERFirst-Network Applications
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN - DATACorp SGC
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Client Authentication and Email
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 1 Policy Validation Authority/CN= http://www.valicert.com//emailAddress=info@valicert.com
/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
/C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority
/C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 1 Public Primary Certification Authority - G3
/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority
/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 2 Public Primary Certification Authority - G3
/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G3
/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 4 Public Primary Certification Authority - G3
/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)00/CN=VeriSign Time Stamping Authority CA
/C=US/O=VISA/OU=Visa International Service Association/CN=GP Root 2
/C=US/O=VISA/OU=Visa International Service Association/CN=Visa eCommerce Root
/C=US/O=Wells Fargo/OU=Wells Fargo Certification Authority/CN=Wells Fargo Root Certificate Authority
/C=US/OU=www.xrampsecurity.com/O=XRamp Security Services Inc/CN=XRamp Global Certification Authority
/O=beTRUSTed/OU=beTRUSTed Root CAs/CN=beTRUSTed Root CA-Baltimore Implementation
/C=WW/O=beTRUSTed/CN=beTRUSTed Root CAs/CN=beTRUSTed Root CA
/O=beTRUSTed/OU=beTRUSTed Root CAs/CN=beTRUSTed Root CA - Entrust Implementation
/O=beTRUSTed/OU=beTRUSTed Root CAs/CN=beTRUSTed Root CA - RSA Implementation
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
/C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet - CA Klasa 1
/C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet - CA Klasa 2
/C=PL/O=TP Internet Sp. z o.o./CN=CC Signet - CA Klasa 3/serialNumber=Numer wpisu: 4
/C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet - OCSP Klasa 2
/C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet - OCSP Klasa 3
/C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet - PCA Klasa 2
/C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet - PCA Klasa 3
/C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet - RootCA
/C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet - TSA Klasa 1
/C=US/ST=Indiana/L=Indianapolis/O=Software in the Public Interest/OU=hostmaster/CN=Certification Authority/emailAddress=hostmaster@spi-inc.org
/C=US/ST=Indiana/L=Indianapolis/O=Software in the Public Interest/OU=hostmaster/CN=Certificate Authority/emailAddress=hostmaster@spi-inc.org
/C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2
/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Certification Authority
/C=NL/O=DigiNotar/CN=DigiNotar Root CA/emailAddress=info@diginotar.nl
/C=US/O=Network Solutions L.L.C./CN=Network Solutions Certificate Authority
/C=US/O=Wells Fargo WellsSecure/OU=Wells Fargo Bank NA/CN=WellsSecure Public Root Certificate Authority
---
SSL handshake has read 21021 bytes and written 486 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 038238157B5D6594A668AF9F40769393C542E30D7B62AEB5F0B2B600252C9724
Session-ID-ctx:
Master-Key: BD5A789FF0D8F81C552EE73DDC480AA4EEA311F707254CD605291167E10F21B6B551D9E6979C40814251767985B0461E
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1282744555
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
250 HELP
 
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster