Mobile app version of vmapp.org
Login or Join
Ogunnowo487

: COMODO SSL Analyzer Error -14 I have a hard time understanding Comodo's SSL Analyser error in some cases. If queried on smtp.tiscali.it:465,it returns the image below: However, if querying in

@Ogunnowo487

Posted in: #Https #Security

I have a hard time understanding Comodo's SSL Analyser error in some cases.

If queried on smtp.tiscali.it:465,it returns the image below:



However, if querying in OpenSSL:


Or Digicert:



It seems that it does use SSL protocol there (SMTPS). Why does Comodo return this and what does it mean?

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Ogunnowo487

2 Comments

Sorted by latest first Latest Oldest Best

 

@Bryan171

I'm the author/maintainer of COMODO SSL Analyzer. I've just fixed this bug, so querying smtp.tiscali.it:465 now works as you'd expect.

Details, if you're interested:
Querying smtps://smtp.tiscali.it:465 would've worked without this bugfix.

The issue was this: when the query doesn't specify a protocol, my code refers to /etc/services; for "smtp.tiscali.it:465" this gives the answer "urd" (rather than "smtps"), which I hadn't previously whitelisted as an SSL/TLS protocol.

10% popularity Vote Up Vote Down


 

@Odierno851

The issue here is that Comodo's tool does not return a helpful error message upon test failure. Try a different tool instead.

I've always used Qualys' SSL Labs tool for testing as it is very thorough and clear. Testing your link, it returns the error message "Ports other than 443 not supported". You are using Comodo's HTTP(S) web server tool to test the SMTP protocol, which is not supported.

If you really want to dig deep and inspect email traffic encryption, try checktls.com's tool. Here are the results for the domain you provided in your question, which confirms TLS for SMTP traffic on port 465 is in fact encrypted:

seconds test stage and result
[000.001] Connected to server
[000.084] <-- 220 www4.checktls.com ESMTP Sendmail 8.14.7/8.14.7; Thu, 17 Aug 2017 03:39:24 -0400
[000.085] We are allowed to connect
[000.085] --> EHLO checktls.com
[000.085] <-- 250-www4.checktls.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
250-STARTTLS
250-DELIVERBY
250 HELP
[000.086] We can use this server
[000.086] TLS is an option on this server
[000.086] --> STARTTLS
[000.086] <-- 220 2.0.0 Ready to start TLS
[000.087] STARTTLS command works on this server
[000.107] SSLVersion in use: TLSv1.2
[000.107] Cipher in use: AES256-SHA256
[000.107] Connection converted to SSL
[000.110]

Certificate 1 of 4 in chain:
serialNumber= c9:fa:14:5e:b4:99:e5:d4
subject= /OU=Domain Control Validated/CN=*.checktls.com
issuer= /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
[000.112]

Certificate 2 of 4 in chain:
serialNumber= 7
subject= /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
issuer= /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2

[000.113]

Certificate 3 of 4 in chain:
serialNumber= 1b:e7:15
subject= /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
issuer= /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority

[000.114]

Certificate 4 of 4 in chain:
serialNumber= 0
subject= /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
issuer= /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority

[000.114] Cert VALIDATED:
[000.114] Cert Hostname DOES NOT VERIFY (127.0.0.1 != *.checktls.com | DNS:*.checktls.com | DNS:checktls.com)
[000.114] (see RFC-2818 section 3.1 paragraph 4 for info on wildcard ("*") matching)
[000.114] So email is encrypted but the host is not verified
[000.115] ~~> EHLO checktls.com
[000.117] <~~ 250-www4.checktls.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-DELIVERBY
250 HELP
[000.117] TLS successfully started on this server
[000.118] ~~> MAIL FROM:<test@checktls.com>
[000.125] <~~ 250 2.1.0 <test@checktls.com>... Sender ok
[000.125] Sender is OK
[000.125] ~~> RCPT TO:<postmaster@smtp.tiscali.it>
[000.473] <~~ 250 2.1.5 <postmaster@smtp.tiscali.it>... Recipient ok
[000.473] Recipient OK, email address proofed
[000.473] ~~> QUIT
[000.474] <~~ 221 2.0.0 www4.checktls.com closing connection

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme