Victor Duchovni wrote, on 2/27/2009 12:50 PM:
I'm running postfix on server and client, forcing TLS on both.
No matter what I do, I can't seem to solve "Untrusted TLS connection
established to [...]:587: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)"
warning messages in the client log file. Aside from those warnings, mail
delivery actually works fine.
This is not a warning. It is an informational message. Postfix 2.6 will
use "Anonymous" instead of "Untrusted", which may be less confusing.
Thanks -- that explains a lot. So it just means there is no
client-certificate, right? Is this to be expected, even if I do have a
unique cert/key installed on the client?
But I'm not sure it's actually checking the server certificate at all,
which may just be a separate issue. If I take out any mention of cacert
in main.cf, I don't see any warning or error in the log file. Shouldn't
the postfix client be checking the server certificate against the local
trusted CA?
Adam