openssl smtp AUTH LOGIN fail for one (local) user

Question

With Gentoo Linux, I have postfix-3.8.2, dovecot-2.3.20-r1, openssl-3.0.11

I got an error when I try to AUTH LOGIN with one user. Works with another.

40E7638A7B7F0000:error:0A00010A:SSL routines:can_renegotiate:wrong ssl version:../openssl-3.0.11/ssl/ssl_lib.c:2304:

username and password are ok, confirmed with testsaslauthd -u username -p password -s smtp. No problem with AUTH PLAIN for the same user. But even if username or password were wrong, I would not get this error but just a 535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6

###username_coded_base64### and ###password_coded_base64### produced by :

echo -ne "string" | base64

or

perl -MMIME::Base64 -e 'print encode_base64("string")'

which give the same result.

$ openssl s_client -starttls smtp -crlf -connect FQDN:587
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = FQDN
verify return:1
---
Certificate chain
 0 s:CN = FQDN
   i:C = US, O = Let's Encrypt, CN = R3
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Sep 26 03:00:36 2023 GMT; NotAfter: Dec 25 03:00:35 2023 GMT
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Sep  4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIE7TCCA9WgAwIBAgISA6GvLCEKVS9+RNvZNymTIl16MA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzA5MjYwMzAwMzZaFw0yMzEyMjUwMzAwMzVaMBoxGDAWBgNVBAMT
D3ZwczEubm92YXp1ci5mcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AI6DXoP11WieupLydcJiUJYwE/H5fS3+T9M0PnzW7j+7jbwVbHOh4sPxbig9/gJZ
CZWqL3f4QYGu2OXTzD6jrAmdjl17OFYgsLfDXTXgLoYrKb/95Lek+5Q2QiDoVxBx
0xeGgvd4jc3ihBtzZwTOb209yC8+00qqVho7uVZe+zDiGSybc6yBi9UuM5yeaj5Y
EptxZmvgqSC7gwl9DnNuGXfMIrRcqrsyPEV/JMkPPKnwo7umhkpXpB1QRrcJO0tf
wyrRJFm9Cp62OI/LtvtqH8MdWPyWPERwM7XdxoRiYU+VePpUxegA/0V6mT0gfr06
qiDnxSjz97buB7XqGB+6ZEECAwEAAaOCAhMwggIPMA4GA1UdDwEB/wQEAwIFoDAd
BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNV
HQ4EFgQUplSF4vOfLTLy6EbpKMTT6EVPsEQwHwYDVR0jBBgwFoAUFC6zF7dYVsuu
UAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8v
cjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9y
Zy8wGgYDVR0RBBMwEYIPdnBzMS5ub3ZhenVyLmZyMBMGA1UdIAQMMAowCAYGZ4EM
AQIBMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAtz77JN+cTbp18jnFulj0bF38
Qs96nzXEnh0JgSXttJkAAAGKz6VipwAABAMASDBGAiEA/n4OH8fL5xuIFx/hvgZ/
NjtwN/oRIQjo6QzTlniypYECIQC2l4lAdwhY2dvLfbRL9vDOCFZdUwSO0UIAJvvJ
RdHZKAB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABis+lYq4A
AAQDAEgwRgIhAOKymfv/CuzT7+jv6sA2eJOeNd5cZrCflmQgdmMm9ZWlAiEA6mWn
H6ILgIAaNspGUJdQryrEBz1w2zVsXgznZswWq1MwDQYJKoZIhvcNAQELBQADggEB
ABZERQGFaOBNaCM6ZHGN5hB/xcn/7c2d7Z9fGS+MPdoWgeVl2e1kc/pagvryxYwS
Z6FPTflBtQESgsZ5W6THJ7OOdvFvZFo0qGqfw7o5GZiplBae1kk57p4gDkzOHeVI
yqPdmtttjGHcXm4iXgyjBzD/WuHjUffEOUWEqLYXRl2X8QAosCDhgbGbkY/u9uW0
W/B5mmMNYmeV9qfKCoP+5LK0aELk5GIuXzi+u68FFPYiEALXWGoY4bBT+Pu2Xw4K
O0vqCq2Y/f+u+E7qLfei6NSkEdc4TNBefMuT2+Brwd3f+V8NcVsRs3g4nUCw6eI/
sKo/Vfqpd5Qk8SyzchJgsUY=
-----END CERTIFICATE-----
subject=CN = FQDN
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4749 bytes and written 434 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
250 CHUNKING
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 1C5FD97F04F96D1D4CD5B1E13DC7B84FC479DDDE840C331D0B3D6464CEB93A38
    Session-ID-ctx: 
    Resumption PSK: BD41DB00EF6DE7C29D57244C93C1FAB69B72F3CD8A45FF2319099930E97049258B21EE4AEE698A6BED856C60D309E656
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 38 1a 60 de 9d fe f2 e9-95 6f 35 d6 6a 4d 3e 8e   8.`......o5.jM>.
    0010 - bb 63 d9 81 ca f8 c8 3e-b7 5f 7e 44 3c 4d 4b 74   .c.....>._~D<MKt
    0020 - bd 38 94 88 4f 28 73 b9-6f 2f 34 a8 c0 ee 08 7f   .8..O(s.o/4.....
    0030 - 4a 87 99 a6 37 b1 c5 55-c1 90 3a 27 de 66 c8 3a   J...7..U..:'.f.:
    0040 - 28 db 86 3b e1 86 58 9f-63 eb 05 78 6e 91 da 11   (..;..X.c..xn...
    0050 - 42 99 a6 b3 94 5d 07 89-9f ae 2c df ea 18 1f e9   B....]....,.....
    0060 - 2f 17 0b 8a 42 ef 05 e0-0c 9a a6 a0 65 a7 ee 08   /...B.......e...
    0070 - 68 23 9e 52 96 1c 51 f4-71 40 10 e4 54 a8 ce 4b   h#[email protected]
    0080 - 41 a7 1e 88 46 d7 aa 81-ac b9 b9 47 76 73 c9 7e   A...F......Gvs.~
    0090 - 48 b0 0f 5a fb 90 5e de-22 32 89 6f 68 ac 08 7c   H..Z..^."2.oh..|
    00a0 - 90 dc e6 65 c2 89 38 29-87 7c 07 73 01 95 fa be   ...e..8).|.s....
    00b0 - ee e9 97 36 a2 5e da ec-e7 00 8a 41 03 1a 44 3e   ...6.^.....A..D>
    00c0 - 31 66 57 45 1c c8 4f 1d-0a a2 ec b3 7e cf 68 82   1fWE..O.....~.h.

    Start Time: 1698621383
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
AUTH LOGIN
334 VXNlcm5hbWU6
###username_coded_base64###
334 UGFzc3dvcmQ6
###password_coded_base64###
RENEGOTIATING
4017FB2AFC7E0000:error:0A00010A:SSL routines:can_renegotiate:wrong ssl version:../openssl-3.0.11/ssl/ssl_lib.c:2304:

Why RENEGOTIATING?

Answer 1

I got an error when I try to AUTH LOGIN with one user. Works with another. ...
Why RENEGOTIATING?

Probably the base64 encoded password for this particular user start with "R". This will be interpreted by s_client as a request to initiated renegotiation. From the documentation:

CONNECTED COMMANDS (BASIC)
...
When used interactively (which means neither -quiet nor -ign_eof have been given), and neither of -adv or -nocommands are given then “Basic” command mode is entered. In this mode certain commands are recognized which perform special operations. These commands are a letter which must appear at the start of a line. All further data after the initial letter on the line is ignored. The commands are listed below.
...
R
Renegotiate the SSL session (TLSv1.2 and below only).

Thus, you need to add -nocommands to you command line

$ openssl s_client -starttls smtp -nocommands -crlf -connect FQDN:587 

Answer 2

If you have to manage this protocol with OpenSSL 1.0.2, then -nocommands does not exist.

The solution I found is to put a blank space before login or passwd beginning with Rxxx.