[postfix-users] Postfix TLS Forward Secrecy
Jochen via postfix-users
postfix-users at de.postfix.org
Mi Aug 14 21:34:30 CEST 2013
Am 14.08.2013 21:30, schrieb Jochen via postfix-users:
> Ja, tut es:
>
> New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
> Server public key is 2048 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
> Protocol : TLSv1
> Cipher : DHE-RSA-AES256-SHA
> Session-ID:
> 6EC94F3CA64ADA85F4A8D20D050F6FBEC4722641E57E979C8129DDA3E950CCB0
> Session-ID-ctx:
> Master-Key:
> F94381AE6383791AC9AA46853B2B495C2845C7A4C24E2DAD0680949FD5920D50FFB046253A6757F27D3D2098E28BE554
> Key-Arg : None
> Start Time: 1376508549
> Timeout : 300 (sec)
> Verify return code: 0 (ok)
Das gleiche mit Google:
openssl s_client -CAfile /etc/ssl/certs/ca-certificates.crt -starttls
smtp -connect gmail-smtp-in.l.google.com:25
CONNECTED(00000003)
depth=2 /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
verify return:1
depth=1 /C=US/O=Google Inc/CN=Google Internet Authority
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com
i:/C=US/O=Google Inc/CN=Google Internet Authority
1 s:/C=US/O=Google Inc/CN=Google Internet Authority
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGEjCCBXugAwIBAgIKYYOxwgABAACQ/TANBgkqhkiG9w0BAQUFADBGMQswCQYD
VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu
dGVybmV0IEF1dGhvcml0eTAeFw0xMzA3MTEyMTIxMTBaFw0xMzEwMzEyMzU5NTla
MGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N
b3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRYwFAYDVQQDEw1teC5n
b29nbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEG/sM2J
UW+0hSdSbRfF2XGrVDLNnxj4j+X4ChTc1VBZKCou6GFcKLZ1Y+4c7SO9CyGWd8O0
9/sYUzntGPetRHxBIQ/a5zkZCxGCRTD7sVyqe8iz02FcvBzfwwXA3Qoi64WLH3sz
LOzTrBFN7A6nhwZ4SbYE4KiNMAo7oATAAVNsEnVjsbmPXRiFBgoBuHwjOistLCkx
TiqNCt3ANdiMVpFS66+prPSYqIuvsOAxQTcvS1BP8tfDeqHT4M/6GQT+mNKy99u2
EZ2RL5UWHs2BMBr4w+iqFVS20mZ3tSRpvLjHPyIvNmBRe8YZlqgDzbqA9WFTzQci
8S3txoTI+1iv1QIDAQABo4IDYDCCA1wwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMIICJgYDVR0RBIICHTCCAhmCF2FsdDEuYXNwbXgubC5nb29nbGUuY29t
gh9hbHQxLmdtYWlsLXNtdHAtaW4ubC5nb29nbGUuY29tgh1hbHQxLmdtci1zbXRw
LWluLmwuZ29vZ2xlLmNvbYIXYWx0Mi5hc3BteC5sLmdvb2dsZS5jb22CH2FsdDIu
Z21haWwtc210cC1pbi5sLmdvb2dsZS5jb22CHWFsdDIuZ21yLXNtdHAtaW4ubC5n
b29nbGUuY29tghdhbHQzLmFzcG14LmwuZ29vZ2xlLmNvbYIfYWx0My5nbWFpbC1z
bXRwLWluLmwuZ29vZ2xlLmNvbYIdYWx0My5nbXItc210cC1pbi5sLmdvb2dsZS5j
b22CF2FsdDQuYXNwbXgubC5nb29nbGUuY29tgh9hbHQ0LmdtYWlsLXNtdHAtaW4u
bC5nb29nbGUuY29tgh1hbHQ0Lmdtci1zbXRwLWluLmwuZ29vZ2xlLmNvbYISYXNw
bXgubC5nb29nbGUuY29tghVhc3BteDIuZ29vZ2xlbWFpbC5jb22CFWFzcG14My5n
b29nbGVtYWlsLmNvbYIVYXNwbXg0Lmdvb2dsZW1haWwuY29tghVhc3BteDUuZ29v
Z2xlbWFpbC5jb22CGmdtYWlsLXNtdHAtaW4ubC5nb29nbGUuY29tghhnbXItc210
cC1pbi5sLmdvb2dsZS5jb22CDW14Lmdvb2dsZS5jb20wHQYDVR0OBBYEFNjU/XQW
5IynCioKnw/ii83QIqnUMB8GA1UdIwQYMBaAFL/AMOv1QxE+Z7qekfv8atrjaxIk
MFsGA1UdHwRUMFIwUKBOoEyGSmh0dHA6Ly93d3cuZ3N0YXRpYy5jb20vR29vZ2xl
SW50ZXJuZXRBdXRob3JpdHkvR29vZ2xlSW50ZXJuZXRBdXRob3JpdHkuY3JsMGYG
CCsGAQUFBwEBBFowWDBWBggrBgEFBQcwAoZKaHR0cDovL3d3dy5nc3RhdGljLmNv
bS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0
eS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQUFAAOBgQAk/8C13JtnP2mV
VCigtfleDHNY4MupgY5ITvvNtttYGPoqUAl3ZhKWEfAvhUwOnJ0ECjdhKok2m67O
a0e6zAa8ANuIhH9uYtio74OkTCE1+QU8QT6e3oenGZKNseeL/U5AxVPnvK6cJ3Dh
Gft4y/WWkCEyKD+4i+3+hAMZmNSqpQ==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority
---
No client certificate CA names sent
---
SSL handshake has read 2617 bytes and written 470 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-SHA
Session-ID:
CC17F6427BC56855403F2545047C03282941A12741B2C03C1EC68F2A352177EA
Session-ID-ctx:
Master-Key:
14C9F2BBFDCC52FBD2EF136FDE6794136B2408C136B2CC1940EE057CE9467B764224F71506AA33C22AA4C7DA784076C4
Key-Arg : None
Start Time: 1376508750
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
250 ENHANCEDSTATUSCODES
DONE
--
Mit besten Grüßen
Jochen Fahrner
Mehr Informationen über die Mailingliste postfix-users