On 02.08.23 01:26, Charles Sprickman via Postfix-users wrote:
I'm having a heck of a time figuring out how to see just what this Dell is
offering when speaking to Postfix...
It's an "iDRAC7", which is just a little management card. I want it to be
able to send some email alerts, but I keep getting warnings about a cipher
mismatch. With some debugging I think there's some hints here, but
OpenSSL seems to not really provide much info on the "cipher mismatch"
(including perhaps, what cipher the remote end is using).
Aug 2 01:18:56 mail postfix/smtpd[28114]: <
pool-ANON.fios.verizon.net[10.10.10.2]: STARTTLS
Aug 2 01:18:56 mail postfix/smtpd[28114]: >
pool-ANON.fios.verizon.net[10.10.10.2]: 220 2.0.0 Ready to start TLS
as we can see, idrac supports starttls
Aug 2 01:18:56 mail postfix/smtpd[28114]: warning: TLS library problem:
error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared
cipher:/usr/src/crypto/openssl/ssl/statem/statem_srvr.c:2285:
"no shared cipher" means that your cipher list is too strict. iDRAC
apparently has old firmware.
How can I troubleshoot this a bit more?
tcpdump/wireshark the connection and see which ciphers are announced by the
client.
If you don't want to lower SSL expectations, you can configure ssl/starttls
server with different smtpd_tls_mandatory_ciphers or
smtpd_tls_exclude_ciphers settings on separate port.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
