$ openssl s_client -starttls smtp -crlf -ssl3 -connect mx01.t-online.de:25 CONNECTED(00000003) depth=2 C = DE, O = Deutsche Telekom AG, OU = T-TeleSec Trust Center, CN = Deutsche Telekom Root CA 2 verify error:num=19:self signed certificate in certificate chain verify return:0 --- Certificate chain 0 s:/C=DE/O=Deutsche Telekom AG/OU=P&I AM/DCS/ST=Hessen/L=Darmstadt/emailAddress=certadmin_pi@telekom.de/CN=mx.t-online.de i:/C=DE/O=T-Systems International GmbH/OU=T-Systems Trust Center/ST=NRW/postalCode=57250/L=Netphen/street=Untere Industriestr. 20/CN=TeleSec ServerPass DE-1 1 s:/C=DE/O=T-Systems International GmbH/OU=T-Systems Trust Center/ST=NRW/postalCode=57250/L=Netphen/street=Untere Industriestr. 20/CN=TeleSec ServerPass DE-1 i:/C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2 2 s:/C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2 i:/C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2 --- Server certificate -----BEGIN CERTIFICATE----- MIIHlzCCBn+gAwIBAgIJAPpnQBPSOhrUMA0GCSqGSIb3DQEBBQUAMIHJMQswCQYD VQQGEwJERTElMCMGA1UEChMcVC1TeXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEf MB0GA1UECxMWVC1TeXN0ZW1zIFRydXN0IENlbnRlcjEMMAoGA1UECBMDTlJXMQ4w DAYDVQQREwU1NzI1MDEQMA4GA1UEBxMHTmV0cGhlbjEgMB4GA1UECRMXVW50ZXJl IEluZHVzdHJpZXN0ci4gMjAxIDAeBgNVBAMTF1RlbGVTZWMgU2VydmVyUGFzcyBE RS0xMB4XDTE0MDQxNzA5MjE1N1oXDTE2MDQyMjIzNTk1OVowgaYxCzAJBgNVBAYT AkRFMRwwGgYDVQQKExNEZXV0c2NoZSBUZWxla29tIEFHMRMwEQYDVQQLDApQJkkg QU0vRENTMQ8wDQYDVQQIEwZIZXNzZW4xEjAQBgNVBAcTCURhcm1zdGFkdDEmMCQG CSqGSIb3DQEJARYXY2VydGFkbWluX3BpQHRlbGVrb20uZGUxFzAVBgNVBAMTDm14 LnQtb25saW5lLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5gn hnvtwyVttlE26moSOI34XjLANq+zpi+VZWxKzm6d2N/Ezp3ANBqmN+5okL4Y1C/y 64QJBxWgolNHpgXphkzOfNp2e6qsAiy1MbiCHvdcpIl+Zaq+WCEUhkaDhc77i8BP YNcU0cNQnohYNFuLFskC+0FFAvr0R3C/F3PSYvZv1tjyLiRqCY/or+CaihhNB4h1 fJipEIvBIRnCyKQbPhcZuYnKm8ibe8u8kLu5xm8GCazCmJX0bfun4NsIKX4iSBZc N6bbG7pT0Fysu9UsSYfxvbfkpYt3a5lHCqzpBHrKGwXyz6g6cdOaqfTzsnQ0uPE0 s1bw8NOCIs11li7slwIDAQABo4IDoTCCA50wHwYDVR0jBBgwFoAUYk8TzjZnhM0Z /KBPGYvvFVQBMhwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMC BggrBgEFBQcDATAdBgNVHQ4EFgQUPxe4PeGyteNEhdKuEq+o6wia+iswWQYDVR0g BFIwUDBEBgkrBgEEAb1HDQIwNzA1BggrBgEFBQcCARYpaHR0cDovL3d3dy50ZWxl c2VjLmRlL3NlcnZlcnBhc3MvY3BzLmh0bWwwCAYGZ4EMAQICMIIBIQYDVR0fBIIB GDCCARQwRaBDoEGGP2h0dHA6Ly9jcmwuc2VydmVycGFzcy50ZWxlc2VjLmRlL3Js L1RlbGVTZWNfU2VydmVyUGFzc19ERS0xLmNybDCByqCBx6CBxIaBwWxkYXA6Ly9s ZGFwLnNlcnZlcnBhc3MudGVsZXNlYy5kZS9jbj1UZWxlU2VjJTIwU2VydmVyUGFz cyUyMERFLTEsb3U9VC1TeXN0ZW1zJTIwVHJ1c3QlMjBDZW50ZXIsbz1ULVN5c3Rl bXMlMjBJbnRlcm5hdGlvbmFsJTIwR21iSCxjPWRlP2NlcnRpZmljYXRlUmV2b2Nh dGlvbmxpc3Q/YmFzZT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25saXN0PSowggE5Bggr BgEFBQcBAQSCASswggEnMDMGCCsGAQUFBzABhidodHRwOi8vb2NzcC5zZXJ2ZXJw YXNzLnRlbGVzZWMuZGUvb2NzcHIwTAYIKwYBBQUHMAKGQGh0dHA6Ly9jcmwuc2Vy dmVycGFzcy50ZWxlc2VjLmRlL2NydC9UZWxlU2VjX1NlcnZlclBhc3NfREUtMS5j ZXIwgaEGCCsGAQUFBzAChoGUbGRhcDovL2xkYXAuc2VydmVycGFzcy50ZWxlc2Vj LmRlL2NuPVRlbGVTZWMlMjBTZXJ2ZXJQYXNzJTIwREUtMSxvdT1ULVN5c3RlbXMl MjBUcnVzdCUyMENlbnRlcixvPVQtU3lzdGVtcyUyMEludGVybmF0aW9uYWwlMjBH bWJILGM9ZGU/Y0FDZXJ0aWZpY2F0ZTAMBgNVHRMBAf8EAjAAMGEGA1UdEQRaMFiC Dm14LnQtb25saW5lLmRlghBteDAwLnQtb25saW5lLmRlghBteDAxLnQtb25saW5l LmRlghBteDAyLnQtb25saW5lLmRlghBteDAzLnQtb25saW5lLmRlMA0GCSqGSIb3 DQEBBQUAA4IBAQCFgsTR28C4dp/tQ5CD1rYF5dZ9okd0m1yEH5ulHWtxGtW7Tbx+ sKb8fcOWhBrLtVxr0EyfEOSriupXZEVmRFbyiYJASUQRhGddmD1npkEEQsW440Yk s4n40WvQxuqrcN4/LEpJTvCJ3HKxHMutESBn3VqX5JnJzTw31KCjylSrf6FLw+qg 6cHSGkqq20erdNBWHnNFswznMLfXB+TNxb0JfKj78hQz6/xxrWDoXgDfU0gDzLWF BNGr2I1QokLHinZDJo3K7dGq2jdzN6QkRwt0BDCA+4MJcKVSSQ/3LaeWHs0AuuEq sfgPi501oeBIbrGeeDTktW5MQ1K5wk3RlRcS -----END CERTIFICATE----- subject=/C=DE/O=Deutsche Telekom AG/OU=P&I AM/DCS/ST=Hessen/L=Darmstadt/emailAddress=certadmin_pi@telekom.de/CN=mx.t-online.de issuer=/C=DE/O=T-Systems International GmbH/OU=T-Systems Trust Center/ST=NRW/postalCode=57250/L=Netphen/street=Untere Industriestr. 20/CN=TeleSec ServerPass DE-1 --- No client certificate CA names sent --- SSL handshake has read 5391 bytes and written 355 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher : ECDHE-RSA-AES256-SHA Session-ID: 1C7B14E808D2F71B7860D3C28A45B44EC4F41A581AEBE6B147AD24C92E02DE68 Session-ID-ctx: Master-Key: 33CA21D39DF4ED0FABFACE49DD9481EA9BA1D24D1F31E5B263E8E7CE6A99450E8506C26E2634B47B3649B26590C8D45A Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1413453510 Timeout : 7200 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- 250 HELP