> On Aug 5, 2023, at 3:38 PM, Viktor Dukhovni via Postfix-users > <postfix-users@postfix.org> wrote: > > On Sat, Aug 05, 2023 at 03:27:01PM -0400, Charles Sprickman via Postfix-users > wrote: > >>> Nope, ever since SSL 3.0 the client proposes and the server chooses. >>> The issue is very likely that the server's certificate is ECDSA or >>> Ed25519, and so not supported by the client. >>> >>> https://marc.info/?l=postfix-users&m=169103911908552&w=2 >> >> Between this and Dell's implementation not falling back to doing >> authentication if TLS is not available, that leaves basically >> validating by IP, which is what I've done to work around this. Just >> wanted to confirm that I have it working (although not in the way I'd >> hoped). > > If not for your sake, then perhaps for future readers, it would be great > if you would confirm or deny what type of certificate is configured on > the Postfix SMTP server end? Oops, missed this earlier. It's Let's Encrypt using the dehydrated acme client (https://github.com/dehydrated-io/dehydrated), so whatever it generates (I don't see a config option to select the type of cert) is what I have. Looking at the key, this is the header, so not RSA: -----BEGIN EC PRIVATE KEY----- Charles > If you switch to RSA, it should work with > the iDRAC, the ciphers offered by the client are not particularly > exotic. They're all CBC, but that should still be supported on the > Postfix end. Even with OpenSSL 3.0, you still have: > > $ openssl ciphers -s -tls1_2 -v AES128+CBC+aRSA+kEDH > DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) > Mac=SHA256 > DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) > Mac=SHA1 > > -- > Viktor. > _______________________________________________ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Accepting mail from old Dell iDRAC
Charles Sprickman via Postfix-users Sat, 05 Aug 2023 21:15:10 -0700
- [pfx] Re: Accepting mail from old... Viktor Dukhovni via Postfix-users
- [pfx] Re: Accepting mail from old... Jaroslaw Rafa via Postfix-users
- [pfx] Re: Accepting mail fro... Charles Sprickman via Postfix-users
- [pfx] Re: Accepting mail... Charles Sprickman via Postfix-users
- [pfx] Re: Accepting ... Matus UHLAR - fantomas via Postfix-users
- [pfx] Re: Accept... Dan Mahoney via Postfix-users
- [pfx] Re: Accept... Viktor Dukhovni via Postfix-users
- [pfx] Re: Accept... Charles Sprickman via Postfix-users
- [pfx] Re: Accept... Viktor Dukhovni via Postfix-users
- [pfx] Re: Accept... Shawn Heisey via Postfix-users
- [pfx] Re: Accept... Charles Sprickman via Postfix-users
- [pfx] Re: Accept... Viktor Dukhovni via Postfix-users
