Thanks. Was just confirming , Yes self signed. I broke certbot
> On May 12, 2024, at 4:55 AM, Viktor Dukhovni via Postfix-users
> wrote:
>
> On Sat, May 11, 2024 at 11:55:14PM -0400, Jason Hirsh via Postfix-users
> wrote:
>
>> I have they error message
>>
>> postfix/smtps/smtpd[39559]: w
On Sat, May 11, 2024 at 11:55:14PM -0400, Jason Hirsh via Postfix-users wrote:
> I have they error message
>
> postfix/smtps/smtpd[39559]: warning: TLS library problem:
> error:14094416:SSL routines:ssl3_read_bytes:
> sslv3 alert certificate unknown:
> /usr/src/crypto/openssl/ssl/record/rec_layer
On 11.05.24 23:55, Jason Hirsh via Postfix-users wrote:
Still chasing ssl/tls issue
I have they error message
postfix/smtps/smtpd[39559]: warning: TLS library problem: error:14094416:SSL
routines:ssl3_read_bytes:sslv3 alert certificate
unknown:/usr/src/crypto/openssl/ssl/record/rec_layer_s3.c
On Mon, May 08, 2023 at 04:22:29PM -0500, E R via Postfix-users wrote:
> Thank you so much for the suggestion to review the crypto setting as this
> indeed a RedHat based distribution. I confirmed it is set to "default"
> which means “The default system-wide cryptographic policy level offers
> s
The /usr/share/crypto-policies/DEFAULT/opensslcnf.txt on RHEL 9 looks
identical to what you posted for Fedora.
I am not a RHEL expert but I have not see any references to opt out of the
crypto policy on a per application basis. You can customize an existing
crypto policy or create your own. I t
Thank you so much for the suggestion to review the crypto setting as this
indeed a RedHat based distribution. I confirmed it is set to "default"
which means “The default system-wide cryptographic policy level offers
secure settings for current threat models. It allows the TLS 1.2 and 1.3
protocol
I don't even know whether RedHat exposes any mechanisms for applications> to opt-out
of crypto policy and use only application-driven OpenSSL> configuration. This is
should perhaps be looked into in the Postfix 3.9> timeframe.
from my notes dealing with new Fedora crypto-policies on a number o
On Fri, May 05, 2023 at 08:28:48PM -0400, Viktor Dukhovni via Postfix-users
wrote:
> You should of course also share
> (https://www.postfix.org/DEBUG_README.html#mail)
>
> $ postconf -nf
> $ postconf -Mf
>
> without any changes in whitespace, including line breaks. Attaching
> these a
> >
>
> Because TLS/SSL things are very complex, you have to show us real
> settings all. Like me: (yw-0919: inbound, yw-1204: outbound)
> [1] https://gitlab.com/soyeomul/Gnus/-/raw/master/DKIM/smtp-conf.yw-0919
> [2] https://gitlab.com/soyeomul/Gnus/-/raw/master/DKIM/smtp-conf.yw-1204
>
And P
On Fri, May 05, 2023 at 06:55:23PM -0500, E R via Postfix-users wrote:
> I have setup Postfix so that internally I offer TLS to systems but do not
> require it since I have no control over their configuration. I did
> extensive testing to ensure that the mail gateway supports TLS and accepts
> ema
On Fri, May 05, 2023 at 06:55:23PM -0500, E R via Postfix-users wrote:
> postfix/smtpd[1234567]: SSL_accept error from xxx.xxx.xxx[yyy.yyy.yyy.yyy]: -1
> postfix/smtpd[1234567]: warning: TLS library problem:
> error:0398:digital envelope routines::invalid
> digest:crypto/evp/m_sigver.c:343:
11 matches
Mail list logo
