On Sun, Apr 14, 2013 at 08:49:11PM +0000, Joan Moreau wrote: > >$ openssl s_client -state -connect 127.0.0.1:12345 2>&1 | tee client.out > > Ok, here it is below >
Please also report "openssl version -a". > client.out : > > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 > Server public key is 2048 bit > Secure Renegotiation IS supported > Compression: zlib compression > Expansion: zlib compression > SSL-Session: > Protocol : TLSv1.2 > Cipher : ECDHE-RSA-AES256-GCM-SHA384 This looks fine, OpenSSL inter-operates with itself selecting a TLSv1.2 ciphersuite. Now try: (sleep 2; printf "%s\r\n" QUIT) | openssl s_client -state -connect 127.0.0.1:465 2>&1 | tee client.out and report the output of that (I am assuing Postfix is configured with wrapper mode on port 465 aka "smtps") based on your reported master.cf: smtps inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_wrappermode=yes -- Viktor.