Command to get information about TLS communication for a recipient system
$openssl s_client -starttls smtp -crlf -connect alt1.gmail-smtp-in.l.google.com:25
Sample Session details:
CONNECTED(00000003)
depth=1 /C=US/O=Google Inc/CN=Google Internet Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com
i:/C=US/O=Google Inc/CN=Google Internet Authority
1 s:/C=US/O=Google Inc/CN=Google Internet Authority
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDWjCCAsOgAwIBAgIKFeZKUwADAAA7OTANBgkqhkiG9w0BAQUFADBGMQswCQYD
VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu
dGVybmV0IEF1dGhvcml0eTAeFw0xMTExMTgwMTU5NDFaFw0xMjExMTgwMjA5NDFa
MGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N
b3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRYwFAYDVQQDEw1teC5n
b29nbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI4N/B9MTCltGh
3De61YB1MWaQd+aaluLfDmRmT4Jt1YLaovSBwXbxzQqqJaFhVNa1O0ZCG7VCQQEn
TwWEIGiFQBpnI3S7E3pd0O4WAt1PRyiRVNwbR9a8KFSSMkEdEn/z7+Tg/jjoS47P
N+WUmqeDKNSxYOX2Qq0u/BQjiUHYfQIDAQABo4IBLDCCASgwHQYDVR0OBBYEFONB
VW/z/RjhVc4wlx/JPnQKpLGFMB8GA1UdIwQYMBaAFL/AMOv1QxE+Z7qekfv8atrj
axIkMFsGA1UdHwRUMFIwUKBOoEyGSmh0dHA6Ly93d3cuZ3N0YXRpYy5jb20vR29v
Z2xlSW50ZXJuZXRBdXRob3JpdHkvR29vZ2xlSW50ZXJuZXRBdXRob3JpdHkuY3Js
MGYGCCsGAQUFBwEBBFowWDBWBggrBgEFBQcwAoZKaHR0cDovL3d3dy5nc3RhdGlj
LmNvbS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhv
cml0eS5jcnQwIQYJKwYBBAGCNxQCBBQeEgBXAGUAYgBTAGUAcgB2AGUAcjANBgkq
hkiG9w0BAQUFAAOBgQC37YsqaD5aoQIjoS699o/ZE9G68LQsMvl++Cz0ZrGveGQt
MVDzdx6YkWF4h6R9p1LhccmYpROgQ0/BxDsUgHbW+hItk7iOIBW2KJ7BL3niFFiR
bGiDp3Q4E/8V2iHYmNjL7t9nF+z8ahhd0GrUCfDZ8S9v3iXm0F1cohTaGGh8Mw==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority
---
No client certificate CA names sent
---
SSL handshake has read 1921 bytes and written 341 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : RC4-SHA
Session-ID: 86BB257D4302FC60FC09201DC880463632E9A50D6BD0E9900244B0AF1F387330
Session-ID-ctx:
Master-Key: 0822858DE5C92DCAB252D858950DD9244E0087F67BC3B2EB7FBC919285C299E929BBC34D7160B2476152957A304C6560
Key-Arg : None
Start Time: 1331639432
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
250-mx.google.com at your service, [192.168.10.1]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250 PIPELINING
$openssl s_client -starttls smtp -crlf -connect alt1.gmail-smtp-in.l.google.com:25
Sample Session details:
CONNECTED(00000003)
depth=1 /C=US/O=Google Inc/CN=Google Internet Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com
i:/C=US/O=Google Inc/CN=Google Internet Authority
1 s:/C=US/O=Google Inc/CN=Google Internet Authority
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDWjCCAsOgAwIBAgIKFeZKUwADAAA7OTANBgkqhkiG9w0BAQUFADBGMQswCQYD
VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu
dGVybmV0IEF1dGhvcml0eTAeFw0xMTExMTgwMTU5NDFaFw0xMjExMTgwMjA5NDFa
MGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N
b3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRYwFAYDVQQDEw1teC5n
b29nbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI4N/B9MTCltGh
3De61YB1MWaQd+aaluLfDmRmT4Jt1YLaovSBwXbxzQqqJaFhVNa1O0ZCG7VCQQEn
TwWEIGiFQBpnI3S7E3pd0O4WAt1PRyiRVNwbR9a8KFSSMkEdEn/z7+Tg/jjoS47P
N+WUmqeDKNSxYOX2Qq0u/BQjiUHYfQIDAQABo4IBLDCCASgwHQYDVR0OBBYEFONB
VW/z/RjhVc4wlx/JPnQKpLGFMB8GA1UdIwQYMBaAFL/AMOv1QxE+Z7qekfv8atrj
axIkMFsGA1UdHwRUMFIwUKBOoEyGSmh0dHA6Ly93d3cuZ3N0YXRpYy5jb20vR29v
Z2xlSW50ZXJuZXRBdXRob3JpdHkvR29vZ2xlSW50ZXJuZXRBdXRob3JpdHkuY3Js
MGYGCCsGAQUFBwEBBFowWDBWBggrBgEFBQcwAoZKaHR0cDovL3d3dy5nc3RhdGlj
LmNvbS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhv
cml0eS5jcnQwIQYJKwYBBAGCNxQCBBQeEgBXAGUAYgBTAGUAcgB2AGUAcjANBgkq
hkiG9w0BAQUFAAOBgQC37YsqaD5aoQIjoS699o/ZE9G68LQsMvl++Cz0ZrGveGQt
MVDzdx6YkWF4h6R9p1LhccmYpROgQ0/BxDsUgHbW+hItk7iOIBW2KJ7BL3niFFiR
bGiDp3Q4E/8V2iHYmNjL7t9nF+z8ahhd0GrUCfDZ8S9v3iXm0F1cohTaGGh8Mw==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority
---
No client certificate CA names sent
---
SSL handshake has read 1921 bytes and written 341 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : RC4-SHA
Session-ID: 86BB257D4302FC60FC09201DC880463632E9A50D6BD0E9900244B0AF1F387330
Session-ID-ctx:
Master-Key: 0822858DE5C92DCAB252D858950DD9244E0087F67BC3B2EB7FBC919285C299E929BBC34D7160B2476152957A304C6560
Key-Arg : None
Start Time: 1331639432
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
250-mx.google.com at your service, [192.168.10.1]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250 PIPELINING
You can also use this service to check the TLS capability of mailservers:
ReplyDeletehttp://ssl-tools.net/mailservers