On Sun, Apr 14, 2013 at 08:49:11PM +0000, Joan Moreau wrote:
> >$ openssl s_client -state -connect 127.0.0.1:12345 2>&1 | tee client.out
>
> Ok, here it is below
>
Please also report "openssl version -a".
> client.out :
>
> New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
> Server public key is 2048 bit
> Secure Renegotiation IS supported
> Compression: zlib compression
> Expansion: zlib compression
> SSL-Session:
> Protocol : TLSv1.2
> Cipher : ECDHE-RSA-AES256-GCM-SHA384
This looks fine, OpenSSL inter-operates with itself selecting a TLSv1.2
ciphersuite. Now try:
(sleep 2; printf "%s\r\n" QUIT) |
openssl s_client -state -connect 127.0.0.1:465 2>&1 |
tee client.out
and report the output of that (I am assuing Postfix is configured with
wrapper mode on port 465 aka "smtps") based on your reported master.cf:
smtps inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_wrappermode=yes
--
Viktor.
