scheissekonfiguriert.de

25. März 2026

turbo smtp

2026-03-25T09:57:47.908158+01:00 smtp sm-mta[57933]: ruleset=tls_server, arg1=SOFTWARE, relay=mail.turbo-smtp.com, reject=403 4.7.0 TLS handshake failed.

Was ist da los? Mal schauen.

$ openssl s_client -connect mail.turbo-smtp.com:25 -starttls smtp
Connecting to 185.228.39.89
CONNECTED(00000003)
40B7CD43577F0000:error:0A000102:SSL routines:ssl_choose_client_version:unsupported protocol:ssl/statem/statem_lib.c:2379:

Okay, probieren wirs mal mit einem ganz ganz alten openssl:

$ nix run nixpkgs/nixos-22.05#openssl -- s_client -connect mail.turbo-smtp.com:25 -starttls smtp
CONNECTED(00000003)
depth=2 C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
verify error:num=28:certificate rejected
verify return:1
depth=2 C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
verify error:num=19:self signed certificate in certificate chain
verify return:1
depth=2 C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
verify error:num=26:unsupported certificate purpose
verify return:1
depth=2 C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
verify return:1
depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certificates.godaddy.com/repository, CN = Go Daddy Secure Certification Authority, serialNumber = 07969287
verify return:1
depth=0 O = serversmtp.com, OU = Domain Control Validated, CN = serversmtp.com
verify error:num=10:certificate has expired
notAfter=Sep 25 19:50:13 2012 GMT
verify return:1
depth=0 O = serversmtp.com, OU = Domain Control Validated, CN = serversmtp.com
notAfter=Sep 25 19:50:13 2012 GMT
verify return:1

Ein seit 13½ Jahren abgelaufenes Zertifikat.

---
No client certificate CA names sent
Peer signing digest: MD5-SHA1
Peer signature type: RSA
Server Temp Key: DH, 1024 bits
---
SSL handshake has read 5741 bytes and written 552 bytes
Verification error: certificate has expired
---
New, SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
     Protocol  : TLSv1
     Cipher    : DHE-RSA-AES256-SHA

😲

© 2013 — 2026 WofFS CC-BY-SA powered by Hakyll
lies weiter auf normalkaputt.de!