[ctw] Re: Timeouts after enabling TLS
- From: Cory Rau <cory@xxxxxxxxxxxx>
- To: ctw@xxxxxxxxxxxxx
- Date: Wed, 1 Apr 2009 07:06:10 -0400
On Mar 31, 2009, at 2:15 PM, Tom Shaw wrote:
At 7:06 PM -0400 3/30/09, Cory Rau wrote:
Since I enabled TLS and confirmed that it seemed to be working
nicely, I've noted that there are a large number of "connection
timed out after 180 seconds" type errors in the ASSP logs. I'm
using the self-signed certs included with ASSP. Could this be the
problem? My intention was to get a legit cert from godaddy or
somewhere. I first noticed this because one of our subsidiaries
using Exchange and a godaddy cert was having intermittent
difficulty sending to the parent company. As I looked deeper, it
looks as though we've been timing out to a number of servers that I
know are legit.
Cory
This can only happen if the per strictly checks your certs. Some
do; some don't. Try a self signed one for your host or purchase one.
Tom
Well, seems I may have FUBARed the SSL setup. I installed a self-
signed cert and I get this in the logs:
Apr-1-09 06:59:31 10.100.0.11 <> client on port 25 issued STARTTLS -
converting to SSL
...but nothing in the headers of the e-mail indicates that TLS was
used. This is a departure from when I was getting those timeouts.
Switching back to the ASSP-supplied certs yields the same result.
In the interim, I'd installed IO::Socket::SSL 1.24 but I'm not sure if
that's related or not. Hmmm...back to the drawing board, I suppose.
Unfortunately, I don't know where to look as I don't see any errors in
the transaction.
Cory
Circle The Wagons
manage: //www.freelists.org/list/ctw
post: mailto:ctw@xxxxxxxxxxxxx
unsubscribe: mailto:ctw-request@xxxxxxxxxxxxx?subject=unsubscribe
search: //www.freelists.org/archives/ctw
faq: //www.freelists.org/wiki/the_faq
Other related posts:
