Detect + Report SMTP Status Code 421

[dilyanpalauzov]

$ git describe
v3.0-732-g13f0388
$ ./testssl.sh -t smtp mx1.open.ch:25
 …
 Testing cipher categories 

 NULL ciphers (no encryption)                      not offered (OK)
 Anonymous NULL Ciphers (no authentication)        not offered (OK)
 Export ciphers (w/o ADH+NULL)                     not offered (OK)
 LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export)      not offered (OK)
 Triple DES Ciphers / IDEA                         not offered
 Obsoleted CBC ciphers (AES, ARIA etc.)            offered
 Strong encryption (AEAD ciphers) with no FS       offered (OK)
 Forward Secrecy strong encryption (AEAD ciphers)  offered (OK)

 Testing server's cipher preferences 

 Has server cipher order?      Oops: STARTTLS handshake failed (code: 2)
Fixme: something weird happened around line 6669

Fatal error: repeated STARTTLS problems, giving up (2)

[drwetter]

Hi Dalyan,

mail servers are in my eyes always suspected to block requests -- maybe you know, wink. ;-) A handy option for debugging such problems yourself is --debug <NR>.

I'll take this a a feature request to report the status code 421 back to the user.

Cheers, Dirk

[dilyanpalauzov]

May I ask first to print the information about the certificates and then validate the ciphers? Currently, when the MTA returns at some moment 421, testssl.sh does not print information about the certificates, like expirity, issuer, intermediate certs.

[drwetter]

You may ask of course but sorry: the order is not going to change bc you would just prefer your order. Use the command line or modify the code.