On Wed, Sep 28, 2022 at 07:47:17PM +0200, Benny Pedersen wrote:
> Lists Nethead skrev den 2022-09-28 19:34:
> >> (P-256 is plenty strong, not P-384 or P-521).
>
> > Yes agree, on my way there now.
>
> typo P-521
There was no typo.
--
Viktor.
On 28.09.22 18:38, Lists Nethead wrote:
Hello again postfix-users,
After Viktor gave really helpful advise re SSLv3, now on to the next
problem, dealing with crypto is opening a can of worms, at least where
I am.
We cannot receive messages from a Big Corp, our Postfix MX's responds
with
Lists Nethead skrev den 2022-09-28 19:34:
(P-256 is plenty strong, not P-384 or P-521).
Yes agree, on my way there now.
typo P-521
Quoting Viktor Dukhovni :
On Wed, Sep 28, 2022 at 07:22:37PM +0200, Lists Nethead wrote:
> Your server defaults to an ECDSA P-384 certificate, the client may not
> support ECDSA at all, or may not support P-384 (P-256 is a more broadly
> supported choice):
>
> $ posttls-finger -c -lmay
On Wed, Sep 28, 2022 at 07:22:37PM +0200, Lists Nethead wrote:
> > Your server defaults to an ECDSA P-384 certificate, the client may not
> > support ECDSA at all, or may not support P-384 (P-256 is a more broadly
> > supported choice):
> >
> > $ posttls-finger -c -lmay -Lsummary
Quoting Viktor Dukhovni :
On Wed, Sep 28, 2022 at 06:47:39PM +0200, Lists Nethead wrote:
>> smtpd_tls_protocols = >=TLSv1.2
>
> That's not the default setting.
>
>> smtpd_tls_exclude_ciphers = aNULL
>
> This is only appeases clueless auditors, in reality it is silly.
>
>> From what I can
On Wed, Sep 28, 2022 at 06:47:39PM +0200, Lists Nethead wrote:
> >> smtpd_tls_protocols = >=TLSv1.2
> >
> > That's not the default setting.
> >
> >> smtpd_tls_exclude_ciphers = aNULL
> >
> > This is only appeases clueless auditors, in reality it is silly.
> >
> >> From what I can see, this is
Lists Nethead skrev den 2022-09-28 19:00:
Quoting Benny Pedersen :
Lists Nethead skrev den 2022-09-28 18:47:
smtpd_tls_protocols = >=TLSv1.2
Hm, what is the default then?
put an # infront of this line in main.cf, then do a postfix reload
simple ? :=)
If this would enable everything
Quoting Benny Pedersen :
Lists Nethead skrev den 2022-09-28 18:47:
smtpd_tls_protocols = >=TLSv1.2
Hm, what is the default then?
put an # infront of this line in main.cf, then do a postfix reload
simple ? :=)
If this would enable everything from tls1, no.
Lists Nethead skrev den 2022-09-28 18:47:
smtpd_tls_protocols = >=TLSv1.2
Hm, what is the default then?
put an # infront of this line in main.cf, then do a postfix reload
simple ? :=)
Quoting Viktor Dukhovni :
On Wed, Sep 28, 2022 at 06:38:15PM +0200, Lists Nethead wrote:
Hello again postfix-users,
After Viktor gave really helpful advise re SSLv3, now on to the next
problem, dealing with crypto is opening a can of worms, at least where
I am.
We cannot receive messages
On Wed, Sep 28, 2022 at 06:38:15PM +0200, Lists Nethead wrote:
>
> Hello again postfix-users,
>
> After Viktor gave really helpful advise re SSLv3, now on to the next
> problem, dealing with crypto is opening a can of worms, at least where
> I am.
>
> We cannot receive messages from a Big
Hello again postfix-users,
After Viktor gave really helpful advise re SSLv3, now on to the next
problem, dealing with crypto is opening a can of worms, at least where
I am.
We cannot receive messages from a Big Corp, our Postfix MX's responds
with "no shared cipher". The configuration
On 27.09.22 20:21, Eddie Rowe wrote:
I tried the 2nd and 3rd option during my troubleshooting before my post,
reloaded the configuration and even bounced the service without anything
changing. The first option does not have the domain included and I am
leery of changing an OS file like
14 matches
Mail list logo
