Apart from what I indicated about about CN != server host, there isn't any other detail in the debug log. If fails the initial connection, dialback is initiated, verification over dialback succeeds ending in ServerDialback: AS - Key was: VALID for host: domain.com
It seems after that the debug log goes silent, up to the timeout message indicating the packet could not be delivered from the client.
So, combining both logs:
- OF attempts a connection, plaintext first, succeeds.
- TLS is requested, certificate verification by OF fails (possibly due to CN name mismatch with server hostname connected to)
- Server dialback verification is initiated and succeeds.
- Remote server then sends the logged request for starttls which is not understood by OF. This is the main issue.
- If remote server requires TLS, it will not accept the connection and send another informative response to OF which is not understood either (hence both showing up in the Warn logs)