- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've been led to believe that Verizon's SMTP service at smtp:verizon.net:465 only uses SSL, based on the configuration instructions here for Outlook, as well as my own experience when trying to specify TLS over port 465. However, when I tried connecting to the SMTP server via stunnel, it reports that it established a TLSv1.1 connection:
2015.06.28 01:00:04 LOG7[7362]: SSL state (connect): SSLv3 read finished A 2015.06.28 01:00:04 LOG7[7362]: 2 items in the session cache 2015.06.28 01:00:04 LOG7[7362]: 2 client connects (SSL_connect()) 2015.06.28 01:00:04 LOG7[7362]: 2 client connects that finished 2015.06.28 01:00:04 LOG7[7362]: 0 client renegotiations requested 2015.06.28 01:00:04 LOG7[7362]: 0 server connects (SSL_accept()) 2015.06.28 01:00:04 LOG7[7362]: 0 server connects that finished 2015.06.28 01:00:04 LOG7[7362]: 0 server renegotiations requested 2015.06.28 01:00:04 LOG7[7362]: 0 session cache hits 2015.06.28 01:00:04 LOG7[7362]: 0 external session cache hits 2015.06.28 01:00:04 LOG7[7362]: 0 session cache misses 2015.06.28 01:00:04 LOG7[7362]: 0 session cache timeouts 2015.06.28 01:00:04 LOG6[7362]: SSL connected: new session negotiated 2015.06.28 01:00:04 LOG6[7362]: Negotiated TLSv1.1 ciphersuite DHE-RSA-AES256-SHA (256-bit encryption)
Is this a quirk in stunnel, or does Verizon actually use TLSv1.1 exclusively? If so then why does specifying TLS in Outlook directly result in a failure to connect? Given that SSLv3 is insecure, I think it's important to get TLS working for everybody. In the meantime, some clarity on all this would be nice.
Solved! Go to Correct Answer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't know if they still allow SSL v3 or not. But like many the probably negotiate for various levels of security to find what your system accepts. Usually using the most secure that they also accept. Looks like at least tls 1.1 is accepted.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't know if they still allow SSL v3 or not. But like many the probably negotiate for various levels of security to find what your system accepts. Usually using the most secure that they also accept. Looks like at least tls 1.1 is accepted.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Aha, so then I suppose it's a client issue with Outlook. Truth be told putting Verizon's outgoing servers into Postfix also does not directly work, because it assumes port 465 is SSL without even checking, and doesn't support SSLv3 for relays. So I guess what we're seeing is just quirky design decisions then. Thanks for clarifying.