> I'm thinking that perhaps your cert is using SHA-(256|512) and > something better than 3DES for HMAC, and therefore the remote servers > are unable to work with the certificate as they don't have access to > the required crypto. I sincerely hope this is not the case, but > perhaps you can test this by using a certificate signed with "export > grade" algorithms...
That's not a bad theory. However I just checked, and our cert was upgraded to sha256 around Dec 2014, but based on our logs, we only had to introduce the workarounds in Oct 2015, so it doesn't seem related to the sha1 -> sha256 upgrade of our cert. Also from what I hear from some others, they don't have problems with a sha256 cert either from the same hosts we're having problems with. Rob Mueller r...@fastmail.fm
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
