My guess--with it being soon after 1/1/2017--is that the certificate is using SHA-1.
-----Original Message----- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Robert Mueller Sent: Thursday, January 5, 2017 3:52 AM To: mailop@mailop.org Subject: [mailop] Trying to work out cause of "Certificate rejected over TLS. (unknown protocol)" error We've suddenly had a couple of reports from users about people sending to them (e.g. sending from a remote service to our servers) failing and bouncing with the error message: Certificate rejected over TLS. (unknown protocol) There's not much more in the error message, I haven't managed to get hold of a complete bounce email yet, or find out what server is being used, but I'm trying to get hold of that information. I don't believe anything has changed on our side (software wise or configuration wise), so I'm not sure why we're suddenly seeing a couple of reports of these errors. We're using postfix 2.11. We've got a valid cert that's not expired. $ echo | openssl s_client -starttls smtp -connect mx1.messagingengine.com:25 2>/dev/null | openssl x509 -noout -dates notBefore=Nov 28 00:00:00 2016 GMT notAfter=Feb 3 12:00:00 2020 GMT Also confirmed it's the same for all of our mx servers. Has anyone seen this error before and/or know what causes it? -- Rob Mueller r...@fastmail.fm _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop