I am trying to troubleshoot the connection between me and the iCloud servers at smtp.mail.me.com. It works for Mail.app, but I need to know what's going on (so I can replicate this within my iOS app). I can do the TLS connection by hand using openssl (openssl s_client -starttls smtp -crlf -connect smtp.mail.me.com:587), but I get a 535 response (Failed Authentication), even though I know (100%) that the credentials are correct, and I have even tried them with the @icloud.com, @mac.com and @me.com versions of my username.
I can get this setup to work (via openssl) with gmail, so I'm pretty sure I know what I'm doing on that score.
The system used to work, but stopped working with icloud.com sometime in the past couple of months. Was there a change in how iCloud.com negotiates the TLS handshake? Does it require something other than base64 encoding of the credentials? Additional encryption of the credentials within the SSL system, or something goofy like that? I tried to use Wireshark to trace what happens when Mail.app sends an email, but of course it's all encrypted, so that's not much help.
Here's the openssl session:
openssl s_client -starttls smtp -crlf -connect smtp.mail.me.com:587
CONNECTED(00000003)
depth=2 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=*.mail.me.com
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at http://ift.tt/1mUWorJ (c)10/CN=VeriSign Class 3 Secure Server CA - G3
1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at http://ift.tt/1mUWorJ (c)10/CN=VeriSign Class 3 Secure Server CA - G3
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFC......certificate characters....50bq4=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=*.mail.me.com
issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at http://ift.tt/1mUWorJ (c)10/CN=VeriSign Class 3 Secure Server CA - G3
---
No client certificate CA names sent
---
SSL handshake has read 4717 bytes and written 491 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES128-SHA
Session-ID: 15987251B4A0B361AC3690B88A2A972C57747B5CAD15B613D92F6CE97284789F
Session-ID-ctx:
Master-Key: [long string here]
Key-Arg : None
Start Time: 1417991368
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
250 SIZE 28311552
ehlo testing
250-st11p00mm-asmtp002.mac.com
250-8BITMIME
250-PIPELINING
250-CHUNKING
250-DSN
250-ENHANCEDSTATUSCODES
250-EXPN
250-HELP
250-XADR
250-XSTA
250-XCIR
250-XGEN
250-XLOOP 2CE0B8913D00E705D3D542BA5DF0FCE8
250-AUTH PLAIN LOGIN ATOKEN
250-AUTH=LOGIN PLAIN
250-NO-SOLICITING
250 SIZE 28311552
AUTH PLAIN
334
[base-64 credentials entered here]
535 5.7.8 Bad username or password (Authentication failed).
Aucun commentaire:
Enregistrer un commentaire