>> With session tickets disabled it logs: >> >> Anonymous TLS connection established from <redacted>: TLSv1.2 with >> cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) >> >> This server does not support TLS 1.3 yet and TLS 1.2 is the only >> version currently allowed for submission. > > Do you have "tls_preempt_cipherlist = yes"? I wonder why AES128 is used > as opposed to AES256.
Yes, sorry, I've tried different options while troubleshooting. With tls_preempt_cipherlist unset it logs: Anonymous TLS connection established from <redacted>: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Best regards Gerald