Hi List,
Since having setup the cipher-policy to DEFAULT I had no more failures
for wrong ciphersuite.
Even the hornetservers can be reached (they told me they accept TLS1.2
and TLS1.3 only).
Until having changed the policy I routed all mails to domains that
didn't accept my ciphers via my old server with qmail-1.03-2.2.1 and had
no issues.
The only issue I actually know off is that my clients cannot
authenticate with an alias-name.
I thank all developers working on qmailtoaster for this great software
that I use and appreciate since many years.
Andreas
Am 23.02.22 um 17:07 schrieb Eric Broch:
when you run the command
update-crypto-policies --set 'POLICY'
it actually modifies the file
/etc/crypto-policies/back-ends/opensslcnf.config
If you set to DEFAULT you may be able to modify the file with the
correct cipher
Eric
On 2/23/2022 9:49 AM, xaf wrote:
Peter Peltonen a écrit le 23/02/2022 à 16:53 :
So I think I will now leave it to LEGACY, accept that I cannot deliver
mail to the hornet serers and keep monitoring now more closely for TLS
errors in the logs: if more turn up then I might consider again
switching to DEFAULT and then adding those servers to notlshosts/
although that looks like a nonendint task.
provides
cat /etc/redhat-release
cat /usr/share/crypto-policies/LEGACY/opensslcnf.txt
xaf
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com