Кто-то живет к криокамере?

$ openssl s_client -starttls smtp -crlf -connect mx1.fss.ru:25
CONNECTED(00000003)
Didn't find STARTTLS in server response, trying anyway...
40479A0B1F710000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:354:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 111 bytes and written 345 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

openssl s_client -starttls smtp -crlf -connect mx1.fss.ru:25
CONNECTED(00000003)
depth=0 C = US, ST = California, L = San Bruno, O = "IronPort Systems, Inc.", CN = IronPort Appliance Demo Certificate
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = California, L = San Bruno, O = "IronPort Systems, Inc.", CN = IronPort Appliance Demo Certificate
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 C = US, ST = California, L = San Bruno, O = "IronPort Systems, Inc.", CN = IronPort Appliance Demo Certificate
verify error:num=10:certificate has expired
notAfter=May  1 22:57:58 2016 GMT
verify return:1
depth=0 C = US, ST = California, L = San Bruno, O = "IronPort Systems, Inc.", CN = IronPort Appliance Demo Certificate
notAfter=May  1 22:57:58 2016 GMT
verify return:1
---
Certificate chain
 0 s:C = US, ST = California, L = San Bruno, O = "IronPort Systems, Inc.", CN = IronPort Appliance Demo Certificate
   i:C = US, ST = California, L = San Bruno, O = "IronPort Systems, Inc.", CN = IronPort Appliance Demo Certificate
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDfTCCAuagAwIBAgIBATANBgkqhkiG9w0BAQQFADCBhTELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVNhbiBCcnVubzEfMB0GA1UE
ChMWSXJvblBvcnQgU3lzdGVtcywgSW5jLjEsMCoGA1UEAxMjSXJvblBvcnQgQXBw
bGlhbmNlIERlbW8gQ2VydGlmaWNhdGUwHhcNMDYwNTAxMjI1NzU4WhcNMTYwNTAx
MjI1NzU4WjCBhTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQ
BgNVBAcTCVNhbiBCcnVubzEfMB0GA1UEChMWSXJvblBvcnQgU3lzdGVtcywgSW5j
LjEsMCoGA1UEAxMjSXJvblBvcnQgQXBwbGlhbmNlIERlbW8gQ2VydGlmaWNhdGUw
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALebxVos+JhWxNgAHKNZ7jtrtgsK
dx94/76c/316FW5nS2Y1M6ZvhOE2rblbs9riDcPMkiDrt6Cdd/GU4WdGYoG/SWxr
+0FqAiGLqyo45xUSmwg/hE/+LX3v1XM/bW0+SPUsyiXCFObafOFieHkaV+Rj9f3r
6f62Xsx6AlGyKQfjAgMBAAGjgfowgfcwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0E
HxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNeVBunw
o9Zl9hGQvMJMuuY0qg7IMIGcBgNVHSMEgZQwgZGhgYukgYgwgYUxCzAJBgNVBAYT
AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTYW4gQnJ1bm8xHzAd
BgNVBAoTFklyb25Qb3J0IFN5c3RlbXMsIEluYy4xLDAqBgNVBAMTI0lyb25Qb3J0
IEFwcGxpYW5jZSBEZW1vIENlcnRpZmljYXRlggEAMA0GCSqGSIb3DQEBBAUAA4GB
AKtUIDqKx1BnIB0cqRNcU4sPsy1gUhp2ieynoep2LEILGEiYTb08hmyvDUFzBn+P
Unv/RfHrD8XX4w/4ptV6e+jzwlqf63JBG3JZ4dGCp/jEX//SJtevmenctZRD4hyI
ATAp5F6VvERCk7YfvFRmPUua15wLUyDMFFdr46IUMrxg
-----END CERTIFICATE-----
subject=C = US, ST = California, L = San Bruno, O = "IronPort Systems, Inc.", CN = IronPort Appliance Demo Certificate

issuer=C = US, ST = California, L = San Bruno, O = "IronPort Systems, Inc.", CN = IronPort Appliance Demo Certificate

---
No client certificate CA names sent
Peer signing digest: MD5-SHA1
Peer signature type: RSA
Server Temp Key: DH, 1024 bits
---
SSL handshake has read 1755 bytes and written 545 bytes
Verification error: certificate has expired
---
New, SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 6EC8BEE9FD8E967F0314CBCC9AF73E2644E966C5123EDFD8DEAB535801A8D8B8
    Session-ID-ctx:
    Master-Key: 02315525C3091FFE5419D977EA4901D7358A8F54B4291E01B345250C7C1643B8EB40446B683F157A597582777F8FB718
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket:
    0000 - 89 22 cc 49 f0 08 5c 4a-4c 73 21 7b 09 27 19 e8   .".I..\JLs!{.'..
    0010 - d0 03 65 82 d6 dc e1 71-ad 70 47 4e b7 1c 0f 92   ..e....q.pGN....
    0020 - bd 93 66 8e df a3 13 d1-86 4c e6 08 77 9b 9e 00   ..f......L..w...
    0030 - 63 46 48 25 c9 94 b8 8d-07 49 a8 2b 39 61 83 f9   cFH%.....I.+9a..
    0040 - 3a 87 60 36 f7 c3 3d 98-1b b6 43 5f 85 be 2b 54   :.`6..=...C_..+T
    0050 - a3 0b 55 c5 8f 9d 10 88-b6 f5 5f b8 2a 3f 41 2c   ..U......._.*?A,
    0060 - fc 99 ec bf 92 9e c6 cc-c5 84 ea 03 57 7d 97 20   ............W}.
    0070 - 36 ce 15 30 1b dd 96 74-91 41 84 a8 30 cc e5 7f   6..0...t.A..0...
    0080 - eb a3 9a c0 8a 42 85 79-21 fe 2d 2c d6 f0 8e be   .....B.y!.-,....
    0090 - e1 a8 5a e8 8f a0 bb 66-21 ae e5 af 64 3a 75 91   ..Z....f!...d:u.
    00a0 - 00 7e c9 c7 dd bc 63 b3-9b 95 69 30 5b 09 15 f4   .~....c...i0[...
    00b0 - 44 21 72 28 c8 ed 12 62-aa a6 57 4d ae fb e2 e8   D!r(...b..WM....

    Start Time: 1748428438
    Timeout   : 7200 (sec)
    Verify return code: 10 (certificate has expired)
    Extended master secret: no
---
250 STARTTLS

host mx1.fss.ru
mx1.fss.ru has address 193.148.44.180

depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R4
verify return:1
depth=1 C = US, O = Google Trust Services, CN = WE2
verify return:1
depth=0 CN = mx.google.com
verify return:1
---
Certificate chain
 0 s:CN = mx.google.com
   i:C = US, O = Google Trust Services, CN = WE2
 1 s:C = US, O = Google Trust Services, CN = WE2
   i:C = US, O = Google Trust Services LLC, CN = GTS Root R4
 2 s:C = US, O = Google Trust Services LLC, CN = GTS Root R4
   i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA

$ openssl s_client -starttls smtp -crlf -connect mx1.fss.ru:25
CONNECTED(00000003)
Didn't find STARTTLS in server response, trying anyway...
140241371616576:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 111 bytes and written 335 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

140709922219328:error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:../ssl/statem/statem_lib.c:1957:

$ telnet mx1.fss.ru 25
Trying 193.148.44.180...
Connected to mx1.fss.ru.
Escape character is '^]'.
220 ****************
EHLO qwe
250-mx1.fss.ru
250-8BITMIME
250 SIZE 10485760
MAIL FROM: test@test.ru
553 #5.1.8 Domain of sender address <test@test.ru> does not exist
MAIL FROM: test@google.com
250 sender <test@google.com> ok
RCPT TO: test@fss.ru
250 recipient <test@fss.ru> ok
data
354 go ahead
qweqwe
.
250 ok:  Message 449639378 accepted
quit
221 mx1.fss.ru
Connection closed by foreign host.

~$ telnet mx1.fss.ru 25
Trying 193.148.44.180...
Connected to mx1.fss.ru.
Escape character is '^]'.
220 ****************
EHLO user.gov.ru
250-mx1.fss.ru
250-8BITMIME
250-SIZE 52428800
250 STARTTLS
quit
221 mx1.fss.ru
[/quit]

Sun Feb  9 21:47:04 UTC 2025
patches/packages/openssl-1.1.1zb_p2-i586-1_slack15.0.txz:  Upgraded.
  Apply patch to fix a low severity security issue:
  Fix timing side-channel in ECDSA signature computation.
  There is a timing signal of around 300 nanoseconds when the top word of
  the inverted ECDSA nonce value is zero. This can happen with significant
  probability only for some of the supported elliptic curves. In particular
  the NIST P-521 curve is affected. To be able to measure this leak, the
  attacker process must either be located in the same physical computer or
  must have a very fast network connection with low latency.
  This CVE was fixed by the second 1.1.1zb release that is only available to
  subscribers to OpenSSL's premium extended support. The patch was prepared
  by backporting from the OpenSSL-3.0 repo.
  Thanks to Ken Zalewski for the patch!
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-13176
  (* Security fix *)

 ~$ openssl s_client -starttls smtp -crlf -connect mx2.fss.ru:25
CONNECTED(00000003)
Didn't find STARTTLS in server response, trying anyway...
409CD9DF487F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 123 bytes and written 345 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

 ~$ telnet mx2.fss.ru 25
Trying 193.148.44.179...
Connected to mx2.fss.ru.
Escape character is '^]'.
220 dummy.smtp.ru ESMTP Sendmail/blackhole
EHLO home.user
250 OK
quit
220 OK

Connecting to 193.148.44.180
CONNECTED(00000003)
Didn't find STARTTLS in server response, trying anyway...
402711BB497F0000:error:0A00010B:SSL routines:tls_validate_record_header:wrong version number:ssl/record/methods/tlsany_meth.c:84:
---
no peer certificate available
---
No client certificate CA names sent
Negotiated TLS1.3 group: <NULL>
---
SSL handshake has read 111 bytes and written 357 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Protocol: TLSv1.3
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA

 7  185.140.151.241 (185.140.151.241)  12.237 ms 185.140.151.243 (185.140.151.243)  7.816 ms 185.140.151.241 (185.140.151.241)  7.684 ms
 8  188.128.72.242 (188.128.72.242)  7.644 ms  7.594 ms  7.551 ms
 9  mx2.fss.ru (193.148.44.179)  7.513 ms  7.473 ms  7.434 ms

$ telnet mx1.fss.ru 25
Trying 193.148.44.180...
Connected to mx1.fss.ru.
Escape character is '^]'.
220 ****************
ehlo qwe
250-mx1.fss.ru
250-8BITMIME
250 SIZE 10485760
starttls
500 #5.5.1 command not recognized

# traceroute --back -I mx1.fss.ru
traceroute to mx1.fss.ru (193.148.44.180), 30 hops max, 60 byte packets
 6  * * *
 7  185.140.151.243 (185.140.151.243) '-8'  27.959 ms  30.369 ms  32.533 ms
 8  188.128.72.242 (188.128.72.242) '-9'  33.522 ms  35.064 ms  36.634 ms
 9  * * *^C

traceroute -T -p 25...
...
 7  185.140.151.243 (185.140.151.243)  9.964 ms  5.497 ms  6.374 ms
 8  188.128.72.242 (188.128.72.242)  7.116 ms  9.651 ms  9.625 ms
 9  mx1.fss.ru (193.148.44.180)  9.610 ms  9.768 ms  10.451 ms
...
 7  185.140.151.241 (185.140.151.241)  6.162 ms  5.396 ms  5.357 ms
 8  188.128.72.242 (188.128.72.242)  4.514 ms  4.275 ms  4.993 ms
 9  mx2.fss.ru (193.148.44.179)  6.949 ms  5.728 ms  4.690 ms