Subj : Re: =?ISO-8859-1?Q?SSL_negotiation_fai?= =?ISO-8859-1?Q?led_-_erg=E4nzt
To   : Gunter
From : Thomas Hochstein
Date : Sat Feb 15 2025 13:52:45

From: Thomas Hochstein <thh@thh.name>

Gunter schrieb:

> Wenn es dumm läuft dann haben die TLSv1.2 abgeschaltet und unterstützen
> jetzt nur noch TLSv1.3.

Das haben sie nicht:

| thh@thangorodrim:~$ openssl s_client -connect mx.freenet.de:993 -tls1_2 -brief
| CONNECTION ESTABLISHED
| Protocol version: TLSv1.2
| Ciphersuite: ECDHE-ECDSA-AES256-GCM-SHA384
| Peer certificate: C = DE, ST = Hamburg, L = Hamburg, O = freenet.de GmbH, CN = *.freenet.de
| Hash used: SHA512
| Verification: OK
| Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
| Server Temp Key: X25519, 253 bits
| * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
[...]
| thh@thangorodrim:~$ openssl s_client -connect mx.freenet.de:465 -tls1_2 -brief
| CONNECTION ESTABLISHED
| Protocol version: TLSv1.2
| Ciphersuite: ECDHE-ECDSA-AES256-GCM-SHA384
| Requested Signature Algorithms: RSA+SHA256:0x09+0x08:0x04+0x08:ECDSA+SHA256:0x07+0x08:RSA+SHA384:0x0A+0x08:0x05+0x08:ECDSA+SHA384:0x08+0x08:RSA+SHA512:0x0B+0x08:0x06+0x08:ECDSA+SHA512:RSA+SHA1:ECDSA+SHA1
| Peer certificate: C = DE, ST = Hamburg, L = Hamburg, O = freenet.de GmbH, CN = *.freenet.de
| Hash used: SHA512
| Verification: OK
| Supported Elliptic Curve Point Formats: uncompressed
| Server Temp Key: X25519, 253 bits
| 220 sub3.mail.fnrz.de ESMTP Exim 4.96 Sat, 15 Feb 2025 13:00:05 +0100
[...]

Sie bieten (nur noch) TLS 1.2 und 1.3 an.

-thh

--- 
 * Origin: rbb sglnx - the fidonet nntp junction (2:221/10)

.