What is a difference between SSL enabled and required configuration set on a SMTP protocol settings.

  • 7010257
  • 06-Mar-2012
  • 18-Oct-2013

Environment

Novell GroupWise 2012
Novell GroupWise 8

Situation

You configured your GWIA to use certificates and want to secure SMTP communication. Now you need to consider what impact would have this settings in regard of communication with other Internet SMTP hosts.  

Resolution

There is big difference in initial handshake between two SMTP hosts when SSL is set into Enabled or Required on one host site. 
If the SSL setting is set to Enabled, then first initial handshake happens in clear text format and two hosts negotiate what SMTP features they support. If both parties agree, can support SSL, the communication channel is upgraded to use SSL and since that point all data exchanges is encoded.
However, if the SSL settings is configured with Required option, then already the first initial handshake is expected to happen in encrypted way. Such strong setting on your GWIA might have negative impact on a communication with other hosts in Internet. If any SMTP host in Internet that does not have the same configuration setting alike your GWIA tries to open a communication channel with your GWIA (tries to deliver a mail) it comes with clear text HELO command, your GWIA will refuse to communicate with such a host as it expects already encrypted format right in the beginning.
In other way, if your GWIA tries to contact any Internet host, it starts with encrypted initial HELO greeting that great majority of Internet hosts would not understand expecting clear text format. Usually they would complain about invalid syntax error. Majority of SMTP hosts in Internet are configured with SSL Enabled kind of feature and expect first to negotiate whether or not to use encrypted communication channel in clear text format. 
 
Here are examples how it works with those settings on a Linux server running GWIA from a terminal window.
 
1. SSL Enabled configuration.

gw8-lnx:~ # telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 rum.com Ready
C: EHLO nico
S: 250-rum.com
S: 250-AUTH LOGIN
S: 250-8BITMIME
S: 250-SIZE
S: 250-DSN
S: 250 STARTTLS
C: STARTTLS
S: 220 Ready to start TLS
 
In this example you see that GWIA announces "250 STARTTLS" feature so if opening host or a client wants to start using TLS, GWIA will stat using it.
Bellow is another telnet session example that would simulate Internet SMTP host configured with SSL Required format which your GWIA would not understand in a beginning of initial handshake. For such a simulation you can use openssl Linux command: 

gw8-lnx:/build-99138 # openssl s_client -connect localhost:25 -debug -showcerts
CONNECTED(00000003)
write to 0x80bcfc8 [0x80bd738] (145 bytes => 145 (0x91))
0000 - 80 8f 01 03 01 00 66 00-00 00 20 00 00 39 00 00   ......f... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0   8..5............
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00   ..3..2../.....f.
0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00   .............c..
0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40   b..a...........@
0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00   ..e..d..`.......
0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 00 00   ................
0070 - ff 6b 7f 25 e1 eb 3e 65-1a f6 a5 10 9f 51 78 42   .k.%..>e.....QxB
0080 - 97 80 a3 dd ce 88 24 4d-04 24 8e c0 1a 14 fe 41   ......$M.$.....A
0090 - dd                                                .
read from 0x80bcfc8 [0x80c2c98] (7 bytes => 7 (0x7))
0000 - 32 32 30 20 72 75 6d                              220 rum
15306:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:572:

GWIA dropped a session as seeen in a last line as a client started a session with encrypted initial greeting. Similar would happen if your GWIA is configured with SSL Required setting and will try to contact other host with SSL Enabled configuration.
 
2. SSL Enabled configuration.
 
After you change GWIA SSL configuration settings into Required, then the same openssl command line invokes expected GWIA answer to a such encrypted initial greeting and sending its certificate to the client / Internet host:

gw8-lnx:~ # openssl s_client -connect localhost:25 -debug -showcerts > required.txt
depth=0 /C=NL/ST=South Holland/L=Rotterdam/O=Novell/OU=NTS/CN=gw8-lnx
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=NL/ST=South Holland/L=Rotterdam/O=Novell/OU=NTS/CN=gw8-lnx
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=NL/ST=South Holland/L=Rotterdam/O=Novell/OU=NTS/CN=gw8-lnx
verify error:num=21:unable to verify the first certificate
verify return:1
quit
read:errno=0
gw8-lnx:~ # openssl s_client -connect localhost:25 -debug -showcerts CONNECTED(00000003)
write to 0x80bcfe0 [0x80bdb40] (145 bytes => 145 (0x91))
0000 - 80 8f 01 03 01 00 66 00-00 00 20 00 00 39 00 00   ......f... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0   8..5............
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00   ..3..2../.....f.
0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00   .............c..
0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40   b..a...........@
0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00   ..e..d..`.......
0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 00 00   ................
0070 - ff 8d 4b 42 6e 42 7d f1-ff 76 6b 83 dd 67 8f 2a   ..KBnB}..vk..g.*
0080 - c6 ad 63 77 02 a7 fe 69-ec d7 d7 60 0a 81 34 b0   ..cw...i...`..4.
0090 - 87                                                .
read from 0x80bcfe0 [0x80c30a0] (7 bytes => 7 (0x7))
0000 - 16 03 01 00 31 02                                 ....1.
0007 - <SPACES/NULS>
read from 0x80bcfe0 [0x80c30a7] (47 bytes => 47 (0x2F))
0000 - 00 2d 03 01 4f 56 07 ae-e0 e3 2b d4 d6 2e 76 b1   .-..OV....+...v.
0010 - ad 67 9e 8b f4 a4 9f 4b-84 6b 0b f3 11 a3 80 ef   .g.....K.k......
0020 - 42 33 b8 97 00 00 35 00-00 05 ff 01 00 01         B3....5.......
002f - <SPACES/NULS>
read from 0x80bcfe0 [0x80c30a0] (5 bytes => 5 (0x5))
0000 - 16 03 01 04 f1                                    .....
read from 0x80bcfe0 [0x80c30a5] (1265 bytes => 1265 (0x4F1))
0000 - 0b 00 04 ed 00 04 ea 00-04 e7 30 82 04 e3 30 82   ..........0...0.
0010 - 03 cb a0 03 02 01 02 02-24 02 1c 11 ff a4 d5 20   ........$......
0020 - 26 70 e4 7c 9b 9f a1 f8-1e f6 4e 14 fc 75 0c ec   &p.|......N..u..
0030 - 9f cf b1 9e c8 ad 68 02-02 10 4f 1e bf 30 0d 06   ......h...O..0..
0040 - 09 2a 86 48 86 f7 0d 01-01 04 05 00 30 2e 31 1a   .*.H........0.1.
0050 - 30 18 06 03 55 04 0b 13-11 4f 72 67 61 6e 69 7a   0...U....Organiz
0060 - 61 74 69 6f 6e 61 6c 20-43 41 31 10 30 0e 06 03   ational CA1.0...
0070 - 55 04 0a 13 07 47 57 38-2d 4c 4e 58 30 1e 17 0d   U....GW8-LNX0...
0080 - 31 32 30 32 32 34 31 35-31 34 30 30 5a 17 0d 31   120224151400Z..1
0090 - 34 30 32 32 34 31 35 31-34 30 30 5a 30 6a 31 0b   40224151400Z0j1.
00a0 - 30 09 06 03 55 04 06 13-02 4e 4c 31 16 30 14 06   0...U....NL1.0..
00b0 - 03 55 04 08 13 0d 53 6f-75 74 68 20 48 6f 6c 6c   .U....South Holl
00c0 - 61 6e 64 31 12 30 10 06-03 55 04 07 13 09 52 6f   and1.0...U....Ro
00d0 - 74 74 65 72 64 61 6d 31-0f 30 0d 06 03 55 04 0a   tterdam1.0...U..
00e0 - 13 06 4e 6f 76 65 6c 6c-31 0c 30 0a 06 03 55 04   ..Novell1.0...U.
00f0 - 0b 13 03 4e 54 53 31 10-30 0e 06 03 55 04 03 13   ...NTS1.0...U...
0100 - 07 67 77 38 2d 6c 6e 78-30 81 9f 30 0d 06 09 2a   .gw8-lnx0..0...*
0110 - 86 48 86 f7 0d 01 01 01-05 00 03 81 8d 00 30 81   .H............0.
0120 - 89 02 81 81 00 b9 0c b5-fa 3d d2 43 5b c5 00 e9   .........=.C[...
0130 - 18 93 4f af 23 26 d1 85-82 e8 c9 2a 10 b0 72 b5   ..O.#&.....*..r.
0140 - bc 41 29 d8 eb 53 a9 a8-de 7f c4 47 4d e1 e5 59   .A)..S.....GM..Y
0150 - ad dc c6 e5 4d 0a 5e 1d-6d 68 0a 98 e5 23 6c 4c   ....M.^.mh...#lL
0160 - a5 f4 3f de 97 a6 a5 37-0d 49 bd e2 fc 0c f7 fe   ..?....7.I......
0170 - 00 f8 2e 3f 73 7e e4 30-ea e2 97 03 ed 10 12 82   ...?s~.0........
0180 - ac 1b 74 ac 4e 65 0b 81-15 49 45 55 54 68 af 16   ..t.Ne...IEUTh..
0190 - a5 d3 d2 4e bd f0 8e 6b-7a c4 cd 00 c1 a5 4a 96   ...N...kz.....J.
01a0 - cb 94 5b 3b 19 02 03 01-00 01 a3 82 02 2f 30 82   ..[;........./0.
01b0 - 02 2b 30 1d 06 03 55 1d-0e 04 16 04 14 51 72 e8   .+0...U......Qr.
01c0 - 20 ac f4 e5 7e 4b 9f a3-b3 c8 93 fb 87 25 c7 52    ...~K.......%.R
01d0 - 46 30 1f 06 03 55 1d 23-04 18 30 16 80 14 4d 74   F0...U.#..0...Mt
01e0 - cc 2d 6f 95 45 ba e3 1e-ed 21 32 4f e8 3c f6 8e   .-o.E....!2O.<..
01f0 - 61 83 30 0b 06 03 55 1d-0f 04 04 03 02 05 a0 30   a.0...U........0
0200 - 0c 06 03 55 1d 13 04 05-30 03 01 01 ff 30 82 01   ...U....0....0..
0210 - cc 06 0b 60 86 48 01 86-f8 37 01 09 04 01 04 82   ...`.H...7......
0220 - 01 bb 30 82 01 b7 04 02-01 00 01 01 ff 13 1d 4e   ..0............N
0230 - 6f 76 65 6c 6c 20 53 65-63 75 72 69 74 79 20 41   ovell Security A
0240 - 74 74 72 69 62 75 74 65-28 74 6d 29 16 43 68 74   ttribute(tm).Cht
0250 - 74 70 3a 2f 2f 64 65 76-65 6c 6f 70 65 72 2e 6e   tp://developer.n
0260 - 6f 76 65 6c 6c 2e 63 6f-6d 2f 72 65 70 6f 73 69   ovell.com/reposi
0270 - 74 6f 72 79 2f 61 74 74-72 69 62 75 74 65 73 2f   tory/attributes/
0280 - 63 65 72 74 61 74 74 72-73 5f 76 31 30 2e 68 74   certattrs_v10.ht
0290 - 6d 30 82 01 48 a0 1a 01-01 00 30 08 30 06 02 01   m0..H.....0.0...
02a0 - 01 02 01 00 30 08 30 06-02 01 01 02 01 00 02 01   ....0.0.........
02b0 - 00 a1 1a 01 01 00 30 08-30 06 02 01 01 02 01 00   ......0.0.......
02c0 - 30 08 30 06 02 01 01 02-01 00 02 01 00 a2 06 02   0.0.............
02d0 - 01 00 01 01 ff a3 82 01-04 a0 58 02 01 02 02 02   ..........X.....
02e0 - 00 ff 02 01 00 03 0d 00-80 00 00 00 00 00 00 00   ................
02f0 - 00 00 00 00 03 09 00 80-00 00 00 00 00 00 00 30   ...............0
0300 - 18 30 10 02 01 00 02 08-7f ff ff ff ff ff ff ff   .0..............
0310 - 01 01 00 02 04 06 f0 df-48 30 18 30 10 02 01 00   ........H0.0....
0320 - 02 08 7f ff ff ff ff ff-ff ff 01 01 00 02 04 06   ................
0330 - f0 df 48 a1 58 02 01 02-02 02 00 ff 02 01 00 03   ..H.X...........
0340 - 0d 00 40 00 00 00 00 00-00 00 00 00 00 00 03 09   ..@.............
0350 - 00 40 00 00 00 00 00 00-00 30 18 30 10 02 01 00   .@.......0.0....
0360 - 02 08 7f ff ff ff ff ff-ff ff 01 01 00 02 04 11   ................
0370 - ff a4 d5 30 18 30 10 02-01 00 02 08 7f ff ff ff   ...0.0..........
0380 - ff ff ff ff 01 01 00 02-04 11 ff a4 d5 a2 4e 30   ..............N0
0390 - 4c 02 01 02 02 01 00 02-02 00 ff 03 0d 00 80 00   L...............
03a0 - 00 00 00 00 00 00 00 00-00 00 03 09 00 80 00 00   ................
03b0 - 00 00 00 00 00 30 12 30-10 02 01 00 02 08 7f ff   .....0.0........
03c0 - ff ff ff ff ff ff 01 01-00 30 12 30 10 02 01 00   .........0.0....
03d0 - 02 08 7f ff ff ff ff ff-ff ff 01 01 00 30 0d 06   .............0..
03e0 - 09 2a 86 48 86 f7 0d 01-01 04 05 00 03 82 01 01   .*.H............
03f0 - 00 40 18 bc 7a a6 8e b4-d9 78 bf c4 6c e6 c8 2d   .@..z....x..l..-
0400 - 4e 31 0d 8e 5d 52 19 76-d0 f3 2f 2a 12 b3 08 2b   N1..]R.v../*...+
0410 - 17 06 08 78 bd 3d f6 cb-af 3f 4c c4 a8 fe cf 72   ...x.=...?L....r
0420 - 40 34 66 3e e6 aa 0c ac-72 77 78 0c 7c b7 1a 7a   @4f>....rwx.|..z
0430 - a3 90 6b d5 24 95 4d c3-54 ab 02 a9 a7 8d 02 6d   ..k.$.M.T......m
0440 - 01 9e 76 7e 1c 6f 03 03-48 99 da 63 f9 f4 b7 26   ..v~.o..H..c...&
0450 - 56 93 b0 35 31 35 59 af-e7 c5 5e c2 11 5b c9 4a   V..515Y...^..[.J
0460 - f2 1b 65 8d d6 1d 79 f8-ef 86 ec 51 1b 6d af a2   ..e...y....Q.m..
0470 - 01 fe e6 2d 0f 4d c5 01-0e 48 32 4c 1b ae 1d a9   ...-.M...H2L....
0480 - d5 3d 19 53 63 c3 f8 77-7a 9d 2b c0 ff bc f4 de   .=.Sc..wz.+.....
0490 - 85 30 af 30 f5 40 f6 b8-2b 5c ae 57 c5 ff 8d b3   .0.0.@..+\.W....
04a0 - 76 6b f7 49 29 e4 8b 1d-55 47 20 05 68 c1 77 23   vk.I)...UG .h.w#
04b0 - 44 12 9f 22 99 11 3f 10-19 98 22 65 4a 0e f8 85   D.."..?..."eJ...
04c0 - 9b 74 f9 f8 62 65 b7 b2-21 40 65 37 93 1b 43 c8   .t..be..!@e7..C.
04d0 - ce f7 b4 b8 38 dd 12 b8-6e 97 70 47 f8 11 80 9b   ....8...n.pG....
04e0 - d3 a7 72 4b 14 a9 ba 30-d9 9f 5e 64 c4 0a 76 40   ..rK...0..^d..v@
04f0 - 46                                                F
depth=0 /C=NL/ST=South Holland/L=Rotterdam/O=Novell/OU=NTS/CN=gw8-lnx
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=NL/ST=South Holland/L=Rotterdam/O=Novell/OU=NTS/CN=gw8-lnx
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=NL/ST=South Holland/L=Rotterdam/O=Novell/OU=NTS/CN=gw8-lnx
verify error:num=21:unable to verify the first certificate
verify return:1
read from 0x80bcfe0 [0x80c30a0] (5 bytes => 5 (0x5))
0000 - 16 03 01 00 04                                    .....
read from 0x80bcfe0 [0x80c30a5] (4 bytes => 4 (0x4))
0000 - 0e                                                .
0004 - <SPACES/NULS>
write to 0x80bcfe0 [0x80cd1c8] (139 bytes => 139 (0x8B))
0000 - 16 03 01 00 86 10 00 00-82 00 80 50 a2 e8 ea 82   ...........P....
0010 - 5c d9 be 46 09 6f 13 c4-1c dc c0 13 b0 82 70 ee   \..F.o........p.
0020 - 74 08 3e 88 79 0a 44 17-62 4e 57 cc 0b 0f a9 4d   t.>.y.D.bNW....M
0030 - 31 82 a5 82 e0 e2 12 08-98 4a 78 e9 3c 16 91 e9   1........Jx.<...
0040 - a7 43 f2 9c 48 b3 5b a7-60 2e df 8d ba 16 ed 4f   .C..H.[.`......O
0050 - 42 81 aa 13 d9 97 c7 73-4c 21 42 ac 49 ca 52 df   B......sL!B.I.R.
0060 - 61 92 ed 21 ed a4 51 18-09 54 7d 9a 33 e8 a0 6d   a..!..Q..T}.3..m
0070 - 2b 59 0c 18 d0 88 5c 72-8e 93 75 70 39 c8 77 74   +Y....\r..up9.wt
0080 - 60 9e 95 db c4 7b 4c 91-dc b4 b3                  `....{L....
write to 0x80bcfe0 [0x80cd1c8] (6 bytes => 6 (0x6))
0000 - 14 03 01 00 01 01                                 ......
write to 0x80bcfe0 [0x80cd1c8] (53 bytes => 53 (0x35))
0000 - 16 03 01 00 30 e1 0a ab-e0 47 d4 bb 1a 6f fa 83   ....0....G...o..
0010 - 45 eb f9 93 8d 60 5c 98-a5 85 aa f3 02 b1 21 c9   E....`\.......!.
0020 - 21 0d 86 93 08 66 8d 32-94 a3 bd 3c 71 a6 05 39   !....f.2...<q..9
0030 - d8 bc 1c 39 cb                                    ...9.
read from 0x80bcfe0 [0x80c30a0] (5 bytes => 5 (0x5))
0000 - 14 03 01 00 01                                    .....
read from 0x80bcfe0 [0x80c30a5] (1 bytes => 1 (0x1))
0000 - 01                                                .
read from 0x80bcfe0 [0x80c30a0] (5 bytes => 5 (0x5))
0000 - 16 03 01 00 30                                    ....0
read from 0x80bcfe0 [0x80c30a5] (48 bytes => 48 (0x30))
0000 - 7f a5 87 9f 7a c9 9c 0e-4b 94 75 00 54 40 e0 99   ....z...K.u.T@..
0010 - fd ea cf a7 1f d7 ee 29-a7 7b ab b2 ef 47 71 02   .......).{...Gq.
0020 - 49 5d 20 92 6d ac 78 63-a0 37 f1 96 cd 2d 09 e2   I] .m.xc.7...-..
---
Certificate chain
 0 s:/C=NL/ST=South Holland/L=Rotterdam/O=Novell/OU=NTS/CN=gw8-lnx
   i:/OU=Organizational CA/O=GW8-LNX
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIkAhwR/6TVICZw5Hybn6H4HvZOFPx1DOyfz7GeyK1oAgIQ
Tx6/MA0GCSqGSIb3DQEBBAUAMC4xGjAYBgNVBAsTEU9yZ2FuaXphdGlvbmFsIENB
MRAwDgYDVQQKEwdHVzgtTE5YMB4XDTEyMDIyNDE1MTQwMFoXDTE0MDIyNDE1MTQw
MFowajELMAkGA1UEBhMCTkwxFjAUBgNVBAgTDVNvdXRoIEhvbGxhbmQxEjAQBgNV
BAcTCVJvdHRlcmRhbTEPMA0GA1UEChMGTm92ZWxsMQwwCgYDVQQLEwNOVFMxEDAO
BgNVBAMTB2d3OC1sbngwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALkMtfo9
0kNbxQDpGJNPryMm0YWC6MkqELBytbxBKdjrU6mo3n/ER03h5Vmt3MblTQpeHW1o
CpjlI2xMpfQ/3pempTcNSb3i/Az3/gD4Lj9zfuQw6uKXA+0QEoKsG3SsTmULgRVJ
RVVUaK8WpdPSTr3wjmt6xM0AwaVKlsuUWzsZAgMBAAGjggIvMIICKzAdBgNVHQ4E
FgQUUXLoIKz05X5Ln6OzyJP7hyXHUkYwHwYDVR0jBBgwFoAUTXTMLW+VRbrjHu0h
Mk/oPPaOYYMwCwYDVR0PBAQDAgWgMAwGA1UdEwQFMAMBAf8wggHMBgtghkgBhvg3
AQkEAQSCAbswggG3BAIBAAEB/xMdTm92ZWxsIFNlY3VyaXR5IEF0dHJpYnV0ZSh0
bSkWQ2h0dHA6Ly9kZXZlbG9wZXIubm92ZWxsLmNvbS9yZXBvc2l0b3J5L2F0dHJp
YnV0ZXMvY2VydGF0dHJzX3YxMC5odG0wggFIoBoBAQAwCDAGAgEBAgEAMAgwBgIB
AQIBAAIBAKEaAQEAMAgwBgIBAQIBADAIMAYCAQECAQACAQCiBgIBAAEB/6OCAQSg
WAIBAgICAP8CAQADDQCAAAAAAAAAAAAAAAADCQCAAAAAAAAAADAYMBACAQACCH//
////////AQEAAgQG8N9IMBgwEAIBAAIIf/////////8BAQACBAbw30ihWAIBAgIC
AP8CAQADDQBAAAAAAAAAAAAAAAADCQBAAAAAAAAAADAYMBACAQACCH//////////
AQEAAgQR/6TVMBgwEAIBAAIIf/////////8BAQACBBH/pNWiTjBMAgECAgEAAgIA
/wMNAIAAAAAAAAAAAAAAAAMJAIAAAAAAAAAAMBIwEAIBAAIIf/////////8BAQAw
EjAQAgEAAgh//////////wEBADANBgkqhkiG9w0BAQQFAAOCAQEAQBi8eqaOtNl4
v8Rs5sgtTjENjl1SGXbQ8y8qErMIKxcGCHi9PfbLrz9MxKj+z3JANGY+5qoMrHJ3
eAx8txp6o5Br1SSVTcNUqwKpp40CbQGedn4cbwMDSJnaY/n0tyZWk7A1MTVZr+fF
XsIRW8lK8htljdYdefjvhuxRG22vogH+5i0PTcUBDkgyTBuuHanVPRlTY8P4d3qd
K8D/vPTehTCvMPVA9rgrXK5Xxf+Ns3Zr90kp5IsdVUcgBWjBdyNEEp8imRE/EBmY
ImVKDviFm3T5+GJlt7IhQGU3kxtDyM73tLg43RK4bpdwR/gRgJvTp3JLFKm6MNmf
XmTECnZARg==
-----END CERTIFICATE-----
---
Server certificate
subject=/C=NL/ST=South Holland/L=Rotterdam/O=Novell/OU=NTS/CN=gw8-lnx
issuer=/OU=Organizational CA/O=GW8-LNX
---
No client certificate CA names sent
---
SSL handshake has read 1392 bytes and written 343 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID:
    Session-ID-ctx:
    Master-Key: CF6FC492C06306A592A7A7AC580FB487FA1EC85E50A2E3DF430A59D757F20B0859DA04B7C25FE8AF599846AEFD3AC463
    Key-Arg   : None
    Start Time: 1331038126
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
read from 0x80bcfe0 [0x80c30a0] (5 bytes => 5 (0x5))
0000 - 17 03 01                                          ...
0005 - <SPACES/NULS>
read from 0x80bcfe0 [0x80c30a5] (32 bytes => 32 (0x20))
0000 - 3e 95 a9 82 ae 2f f5 bc-29 f3 de b7 93 46 96 25   >..../..)....F.%
0010 - 79 b1 79 9e a1 70 e8 29-d2 87 00 1d af 06 97 59   y.y..p.).......Y
read from 0x80bcfe0 [0x80c30a0] (5 bytes => 5 (0x5))
0000 - 17 03 01 00 30                                    ....0
read from 0x80bcfe0 [0x80c30a5] (48 bytes => 48 (0x30))
0000 - 58 eb 9e 9c 2b d5 fd 8d-11 a3 94 a3 76 d8 5c 24   X...+.......v.\$
0010 - 3f f2 fd e9 e3 87 b9 8c-26 59 fa 25 5c 01 b3 79   ?.......&Y.%\..y
0020 - 17 d9 1e 76 51 ce 75 18-8b 6c f8 c4 6e 98 66 b0   ...vQ.u..l..n.f.
220 rum.com Ready

However, as said earlier, there are hardly any hosts in Internet set with the same SSL Required settings. Therefore in a majority of cases such a configuration on your GWIA would mean the rest Intrnet SMTP hosts would not be able to communicate with your GWIA.