Viktor Dukhovni:
>
> > On Dec 2, 2016, at 4:22 AM, Zalezny Niezalezny
> > <[email protected]> wrote:
> >
> > Dec 2 10:12:03 postfix-server01 postfix/smtpd[37036]: SSL_accept error
> > from smtptransit.de.net.intra[152.21.2.44]: -1
> > Dec 2 10:12:03 postfix-server01 postfix/smtpd[37036]: warning: TLS library
> > problem: 37036:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
> > cipher:s3_srvr.c:1352:
>
> Your Postfix SMTP server accepting an inbound connection could not
> complete a TLS handshake with the remote SMTP client, because the
> remote SMTP client's list of supported TLS ciphers, TLS signature
> algorithms, supported EC curves, ... did not support any of the
> corresponding parameter combinations available on your server.
>
> For more detailed help, you should post more detail of your TLS
> configuration. (The shell commands below assume a POSIX shell,
> not csh or similar):
With 'no shared ciphers' happening frequently, do we want to set
up a TLS troubleshooting document, or is the decision tree too
complex for such a document to be useful?
Wietse
