cygwin /usr/bin/email

René Berber rene.berber@gmail.com
Wed Jan 1 00:51:57 GMT 2025


On 12/31/2024 5:49 PM, Paul McKinley via Cygwin wrote:

> I accidentally sent the previous reply directly to René, so included below.
> 
> I created the registry entries and rebooted per other instructions from 
> Google search:
> 
> C:\Windows\System32>reg query 
> HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols /s
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
>      Enabled    REG_DWORD    0x1
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server
>      Enabled    REG_DWORD    0x1
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
>      Enabled    REG_DWORD    0x1
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server
>      Enabled    REG_DWORD    0x1
> 
> No joy:
[snip]

Correcting my previous message, STARTTLS is port 587.

I was right, the registry change is not needed, OpenSSL takes care, and 
supports all versions.

Tested again (with Postfix as server) and email works fine over port 
587, doesn't over port 465.  I had previously used "email --verbose" 
which is what causes email to behave as if I've asked for version (i.e. 
-V kind of works, --verbose is taken as --version).

The verbose option is useless, still shows a progress bar instead of the 
actual protocol exchange.

Next step for you is to check which version of TLS is suported by your 
smtp server.  It would be interesting to see if only 1.3 is accepted and 
it doesn't work with eMail.

Using port 587:

$ openssl s_client -starttls smtp -showcerts -connect mail.<server>:587 
-servername <...>
CONNECTED(00000004)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R10
verify return:1
depth=0 CN = *.<server>
verify return:1
---
Certificate chain
  0 s:CN = *.<server>
    i:C = US, O = Let's Encrypt, CN = R10
    a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
    v:NotBefore: Nov 14 19:29:40 2024 GMT; NotAfter: Feb 12 19:29:39 
2025 GMT
[snip]
SSL handshake has read 3467 bytes and written 496 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
[snip]

Same test over the 465 port show that the server doesn't have it enabled:

100000000A000000:error:8000006F:system library:BIO_connect:Connection 
refused:crypto/bio/bio_sock2.c:114:calling connect()
-- 
R.B.



More information about the Cygwin mailing list