Re: [TLS] Request for mail testserver with TLS accepting renegotiation

Matt McCutchen <> Wed, 27 July 2011 00:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AC88621F84DE for <>; Tue, 26 Jul 2011 17:05:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id tFgwpn2sVGBH for <>; Tue, 26 Jul 2011 17:05:25 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 47FA821F84A1 for <>; Tue, 26 Jul 2011 17:05:25 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id 074E359806C; Tue, 26 Jul 2011 17:05:25 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws;; h=subject:from :to:cc:in-reply-to:references:content-type:date:message-id :mime-version:content-transfer-encoding; q=dns; s=; b=ZsoioKSfl+APjYpnOcUVWl2swe7wYwu8QBbknS3XAUF DYnWMDWa2eDGdHi+PVqX6+/HtKUn6flRz/vbiaSa3gb50snBplnuDP/FmyNISp9C o1Ror3l6boTDPHZbKHl0cLqWaB2roq0jTvQ4S5eG2eUJQeBqM8UMDvIEn99dBwGs =
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;; h= subject:from:to:cc:in-reply-to:references:content-type:date :message-id:mime-version:content-transfer-encoding; s=; bh=lUd7UFr+B9o4ikM7NkWjwNr4rkU=; b=A+TVsJmZ+B f87zYB8ZZOCelK4Cc6VBGYKA39zf6Ri/c9wqd5advNSfrQUVrtIL4dL1WRtJhZK+ GwfSYZWJiD/W4yvqm+2zvnXPmdkZNXHuVbnLSF9Z6BL16A5TqB8skGdD4DG0LcOK n1UzU4JNlS+GS4O3ducULfPYj5ACqC+j0=
Received: from [] ( []) (using SSLv3 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: by (Postfix) with ESMTPSA id 82CD1598069; Tue, 26 Jul 2011 17:05:24 -0700 (PDT)
From: Matt McCutchen <>
To: "Yngve N. Pettersen" <>
In-Reply-To: <op.vy83d3iqkvaitl@lessa-ii.oslo.os>
References: <op.vy83d3iqkvaitl@lessa-ii.oslo.os>
Content-Type: text/plain; charset="UTF-8"
Date: Tue, 26 Jul 2011 20:05:22 -0400
Message-ID: <1311725122.7071.23.camel@localhost>
Mime-Version: 1.0
X-Mailer: Evolution 2.32.3
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] Request for mail testserver with TLS accepting renegotiation
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 27 Jul 2011 00:05:25 -0000

On Wed, 2011-07-27 at 01:55 +0200, Yngve N. Pettersen wrote:
> I have recently upgraded my TLS Prober to test email servers (IMAP, POP,  
> SMTP).
> However, I am uncertain about whether the test for testing client  
> initiated renegotiation works properly, particularly since a test of  
> 300000+ servers failed to detect a single email server that accepted it  
> (or requested it).
> It might of course be that all email servers have this functionality  
> disabled, but for now I am assuming something is wrong about how the test  
> itself works.
> If anyone have an email server that is configured to accept client  
> initiated renegotiation that I could test, I would appreciate it.

Is your test in any way specific to email protocols?  If you just run
"openssl s_server" interactively, it seems to accept all
client-initiated renegotiation by default (at least when renegotiation
indication is used).