Test if SMTP Email Server is SSL ENABLED
Issue: You would use this procedure to test SSL port compatibility. This is usually used for troubleshooting ephesoft email notifications which requires SSL (TLS and unencrypted connections are not supported).
1. Install Openssl utility here – http://slproweb.com/products/Win32OpenSSL.html
2. Run the command:
openssl s_client -connect {ipaddress}:{portnumber}
*If the connection does not support ssl, please contact your email admin to enable or install a smtp server with ssl.
*UPDATE Ephesoft 3.1.2.6+ Supports many more smtp email protocols for notifications. See mail.properties settings:
mail.authentication=false
mail.tls_enabled=false
mail.ssl_enabled=false
mail.tls_enabled=false
mail.ssl_enabled=false
*********** IF NOT SSL, COMMAND WILL DISPLAY SIMILAR TO ***********
C:\OpenSSL-Win32\bin>openssl s_client -connect smtp.gmail.com:587
WARNING: can’t open config file: /usr/local/ssl/openssl.cnf
Loading ‘screen’ into random state – done
CONNECTED(000001AC)
write:errno=10054
—
no peer certificate available
—
No client certificate CA names sent
—
SSL handshake has read 0 bytes and written 307 bytes
—
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
—
*********** IF SSL, COMMAND WILL DISPLAY SIMILAR TO ***********
C:\OpenSSL-Win32\bin>openssl s_client -connect smtp.gmail.com:465
WARNING: can’t open config file: /usr/local/ssl/openssl.cnf
Loading ‘screen’ into random state – done
CONNECTED(0000019C)
depth=1 OU = generated by avast! antivirus for SSL scanning, O = avast! Mail Sca
nner, CN = avast! Mail Scanner Root
verify error:num=19:self signed certificate in certificate chain
verify return:0
—
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
i:/OU=generated by avast! antivirus for SSL scanning/O=avast! Mail Scanner/CN
=avast! Mail Scanner Root
1 s:/OU=generated by avast! antivirus for SSL scanning/O=avast! Mail Scanner/CN
=avast! Mail Scanner Root
i:/OU=generated by avast! antivirus for SSL scanning/O=avast! Mail Scanner/CN
=avast! Mail Scanner Root
—
Server certificate
—–BEGIN CERTIFICATE—–
MIIEBTCCAu2gAwIBAgIEAbRsdDANBgkqhkiG9w0BAQUFADB6MTcwNQYDVQQLFC5n
ZW5lcmF0ZWQgYnkgYXZhc3QhIGFudGl2aXJ1cyBmb3IgU1NMIHNjYW5uaW5nMRww
GgYDVQQKFBNhdmFzdCEgTWFpbCBTY2FubmVyMSEwHwYDVQQDFBhhdmFzdCEgTWFp
bCBTY2FubmVyIFJvb3QwHhcNMTQwNzE1MDg0MDM4WhcNMTUwNDA0MTUxNTU1WjBo
MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91
bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOc210cC5n
bWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZesYLkYc3
Sf6QewfHDWwPKhK+xbBV9B3gUInuk7uGjY6Tu0xGEI3u1LNtFnOCfkwDaaqmkHia
0a96Md/YA9srLTgRn6pLZYG6HUy4pA7OIODNZ7gs5JXMspl2K8XhomAtFu1OQ785
6r64+F0TEUjy9BAGgOueosf49Q0p1xkPcjnvIS2ziSteXUaaIaxlxguoJvfcAVZT
gLlfFlxV+1Qqa3u3tTP0s9mA90G7nl2H1bAvbZe0+jwe+BSKzf/u1+N0y8OSVzNj
YGzlUVkwwkwA7Z5QGnoPX9bKRbIuF1+fUMjZ/jUgUnsQ4LVer2ds3lPz0dwmKpVP
ajgFWc1g37ZRAgMBAAGjgaQwgaEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMBkGA1UdEQQSMBCCDnNtdHAuZ21haWwuY29tMB0GA1UdDgQWBBSanZBvY+Rn
j0HquJmae9AJvwiCzTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFFvkKdHy6Ewl
K0UCr5sK5w/0RJ4PMBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0B
AQUFAAOCAQEAZP7chosyKeuZznPCuR85uYBGWwFCl4Xbz/scx95FvFrZ1uzOEsTp
HWN6OnbBC5pJHUD3+IJsCgo+u/CLmDWab9tBTpXuL7jSnsdu4i9UndVjIOooBnkB
5kE5gvNS1Z4SeU3XdsdTS2lxT1rPrnRwQmkaHin0LCs40JnNJDBo+WXR1p+iwOF6
g4oIuxFIo7PfK4CcAhAxeJuQshNQsTydXIPKouezheliWUx7LxCsuBu9guNHVGHV
qerdkIKOK60YbB0NKEytG9tXujnSFYgaRFkTiNTstjoJq6OzHQWfzPhZ5ZbkHnzN
OAUt9BRdP2MC78h/EHhJrMrOWjATUyHUaQ==
—–END CERTIFICATE—–
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
issuer=/OU=generated by avast! antivirus for SSL scanning/O=avast! Mail Scanner/
CN=avast! Mail Scanner Root
—
No client certificate CA names sent
—
SSL handshake has read 2698 bytes and written 433 bytes
—
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 95F9D6152B96EDCE0BBC721830941CC23756A27ED627BAC6B70C5D790517125BSession-ID-ctx:
Master-Key: DF1081AA4103C9E8C6532395C2392BF352C11ECED60DD8DB04064BEE4C827380
99284ABDBE17126641A51788D2555C02
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 – 70 20 b6 25 e8 3c a4 a6-11 e3 a0 7f 52 52 f6 38 p .%.<……RR.8
0010 – 2f a9 9e 7c d2 51 42 c9-8b ea 64 71 e6 0b 4a 27 /..|.QB…dq..J’
0020 – 6b f9 51 2d 74 05 a0 c8-31 0b 2d 00 7c ce 9e d2 k.Q-t…1.-.|…
0030 – 20 93 f5 1f f4 81 c8 e0-47 87 a2 7e a3 a1 ec 8f …….G..~….
0040 – 28 d2 ee c9 25 40 59 2b-4f da 49 be 83 c2 25 c6 (…%@Y+O.I…%.
0050 – c2 29 75 6f ac 0c e1 10-a5 c0 e3 12 77 a9 8e 09 .)uo……..w…
0060 – f2 84 3f 3f 1d 60 54 ca-f3 ff f1 4b f0 0e 57 6f ..??.`T….K..Wo
0070 – dc dd 48 8a 8e 2d a3 f0-f7 f4 d6 36 4a d2 13 98 ..H..-…..6J…
0080 – fc dd 37 2e 28 89 bb 2a-6f 7c df 90 e5 43 12 6e ..7.(..*o|…C.n
0090 – 85 50 67 84 60 a0 6a 3c-58 d2 a9 39 80 57 f7 39 .Pg.`.j<X..9.W.9Start Time: 1410213946
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
—
220 mx.google.com ESMTP dc4sm7174768obb.18 – gsmtp
WARNING: can’t open config file: /usr/local/ssl/openssl.cnf
Loading ‘screen’ into random state – done
CONNECTED(0000019C)
depth=1 OU = generated by avast! antivirus for SSL scanning, O = avast! Mail Sca
nner, CN = avast! Mail Scanner Root
verify error:num=19:self signed certificate in certificate chain
verify return:0
—
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
i:/OU=generated by avast! antivirus for SSL scanning/O=avast! Mail Scanner/CN
=avast! Mail Scanner Root
1 s:/OU=generated by avast! antivirus for SSL scanning/O=avast! Mail Scanner/CN
=avast! Mail Scanner Root
i:/OU=generated by avast! antivirus for SSL scanning/O=avast! Mail Scanner/CN
=avast! Mail Scanner Root
—
Server certificate
—–BEGIN CERTIFICATE—–
MIIEBTCCAu2gAwIBAgIEAbRsdDANBgkqhkiG9w0BAQUFADB6MTcwNQYDVQQLFC5n
ZW5lcmF0ZWQgYnkgYXZhc3QhIGFudGl2aXJ1cyBmb3IgU1NMIHNjYW5uaW5nMRww
GgYDVQQKFBNhdmFzdCEgTWFpbCBTY2FubmVyMSEwHwYDVQQDFBhhdmFzdCEgTWFp
bCBTY2FubmVyIFJvb3QwHhcNMTQwNzE1MDg0MDM4WhcNMTUwNDA0MTUxNTU1WjBo
MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91
bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOc210cC5n
bWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZesYLkYc3
Sf6QewfHDWwPKhK+xbBV9B3gUInuk7uGjY6Tu0xGEI3u1LNtFnOCfkwDaaqmkHia
0a96Md/YA9srLTgRn6pLZYG6HUy4pA7OIODNZ7gs5JXMspl2K8XhomAtFu1OQ785
6r64+F0TEUjy9BAGgOueosf49Q0p1xkPcjnvIS2ziSteXUaaIaxlxguoJvfcAVZT
gLlfFlxV+1Qqa3u3tTP0s9mA90G7nl2H1bAvbZe0+jwe+BSKzf/u1+N0y8OSVzNj
YGzlUVkwwkwA7Z5QGnoPX9bKRbIuF1+fUMjZ/jUgUnsQ4LVer2ds3lPz0dwmKpVP
ajgFWc1g37ZRAgMBAAGjgaQwgaEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMBkGA1UdEQQSMBCCDnNtdHAuZ21haWwuY29tMB0GA1UdDgQWBBSanZBvY+Rn
j0HquJmae9AJvwiCzTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFFvkKdHy6Ewl
K0UCr5sK5w/0RJ4PMBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0B
AQUFAAOCAQEAZP7chosyKeuZznPCuR85uYBGWwFCl4Xbz/scx95FvFrZ1uzOEsTp
HWN6OnbBC5pJHUD3+IJsCgo+u/CLmDWab9tBTpXuL7jSnsdu4i9UndVjIOooBnkB
5kE5gvNS1Z4SeU3XdsdTS2lxT1rPrnRwQmkaHin0LCs40JnNJDBo+WXR1p+iwOF6
g4oIuxFIo7PfK4CcAhAxeJuQshNQsTydXIPKouezheliWUx7LxCsuBu9guNHVGHV
qerdkIKOK60YbB0NKEytG9tXujnSFYgaRFkTiNTstjoJq6OzHQWfzPhZ5ZbkHnzN
OAUt9BRdP2MC78h/EHhJrMrOWjATUyHUaQ==
—–END CERTIFICATE—–
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
issuer=/OU=generated by avast! antivirus for SSL scanning/O=avast! Mail Scanner/
CN=avast! Mail Scanner Root
—
No client certificate CA names sent
—
SSL handshake has read 2698 bytes and written 433 bytes
—
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 95F9D6152B96EDCE0BBC721830941CC23756A27ED627BAC6B70C5D790517125BSession-ID-ctx:
Master-Key: DF1081AA4103C9E8C6532395C2392BF352C11ECED60DD8DB04064BEE4C827380
99284ABDBE17126641A51788D2555C02
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 – 70 20 b6 25 e8 3c a4 a6-11 e3 a0 7f 52 52 f6 38 p .%.<……RR.8
0010 – 2f a9 9e 7c d2 51 42 c9-8b ea 64 71 e6 0b 4a 27 /..|.QB…dq..J’
0020 – 6b f9 51 2d 74 05 a0 c8-31 0b 2d 00 7c ce 9e d2 k.Q-t…1.-.|…
0030 – 20 93 f5 1f f4 81 c8 e0-47 87 a2 7e a3 a1 ec 8f …….G..~….
0040 – 28 d2 ee c9 25 40 59 2b-4f da 49 be 83 c2 25 c6 (…%@Y+O.I…%.
0050 – c2 29 75 6f ac 0c e1 10-a5 c0 e3 12 77 a9 8e 09 .)uo……..w…
0060 – f2 84 3f 3f 1d 60 54 ca-f3 ff f1 4b f0 0e 57 6f ..??.`T….K..Wo
0070 – dc dd 48 8a 8e 2d a3 f0-f7 f4 d6 36 4a d2 13 98 ..H..-…..6J…
0080 – fc dd 37 2e 28 89 bb 2a-6f 7c df 90 e5 43 12 6e ..7.(..*o|…C.n
0090 – 85 50 67 84 60 a0 6a 3c-58 d2 a9 39 80 57 f7 39 .Pg.`.j<X..9.W.9Start Time: 1410213946
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
—
220 mx.google.com ESMTP dc4sm7174768obb.18 – gsmtp