Le 12/04/2013 23:05, Joan Moreau a écrit : > >> Please don't top-post. > > I do not understand > > >> smtpd_tls_loglevel = 1 is sufficient for debugging. > > ok > > >> 2013-04-12T21:49:03.160443+02:00 server postfix/smtpd[12238]: >> warning: TLS library problem: 12238:error:1409D08A:SSL >> routines:ssl3_setup_key_block:cipher or hash unavailable:s3_enc.c:423: >> >> This suggests your TLS library is broken. >> > > The TLS library being which one ? > > I am using openSSL and all https web site are working fine. Is there > another library involved ?
most probably, the compiled/configured version of openssl does not match what postfix expects. you said that your upgraded the kernel. did this cause an upgrade of openssl? if so, try rebuilding postfix. Is your openssl library striped to only include selected algorithms? if so, you need to make sure that this mtaches the algos configured in postfix: $ postconf |grep medium lmtp_tls_mandatory_ciphers = medium smtp_tls_mandatory_ciphers = medium smtpd_tls_mandatory_ciphers = medium tls_medium_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH you can try: openssl ciphers -v 'aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH' (single quotees to avoid the shell barfing because of the '!' char).
