Hi Tom,
Hm.. I am on the receiving end of this TLS Handshake.
I am running -release on one and -current on another. Problem and error messages are the same.
Excerpt of the running postfix main.cf:
smtpd_tls_mandatory_ciphers = high
smtpd_tls_ciphers = high
smtp_tls_mandatory_ciphers = high
smtp_tls_ciphers = high
tls_ssl_options = NO_COMPRESSION, NO_RENEGOTIATION, PRIORITIZE_CHACHA
tls_high_cipherlist = HIGH:+aRSA:+SHA384:+SHA256:+DH:+SHA:+kRSA:!eNULL:!aNULL:!PSK:!SRP:!AESCCM:!DSS:!ARIA
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = maytfix/smtpd[97536]: mout.web.de[212.227.17.12]:52515: TLS cipher list "HIGH:+aRSA:+SHA384:+SHA256:+DH:+SHA:+kRSA:!eNULL:!aNULL:!PSK:!SRP:!AESCCM:!DSS:!ARIA:!aNULL"
Set the tls debug level to 2. The output:
postfix/smtpd[97536]: SSL_accept error from mout.web.de[212.227.17.12]:52515: -1
postfix/smtpd[97536]: warning: TLS library problem: error:1404A42E:SSL routines:ST_ACCEPT:tlsv1 alert protocol version:/usr/src/lib/libssl/tls13_lib.c:150:
postfix/smtpd[97536]: lost connection after STARTTLS from mout.web.de[212.227.17.12]:52515
postfix/smtpd[97536]: disconnect from mout.web.de[212.227.17.12]:52515 ehlo=1 starttls=0/1 commands=1/2
Best regards,
Stephan
On Wed, Apr 06, 2022 at 11:41:41PM +0100, Tom Smyth wrote:
> Hi Stephan,
> at a guess I would say that there is no overlap between supported TLS
> protool versions and ciphers
> available on the client vs the server.
> if your system is using a recent version of an Os and you are trying
> to relay to an older legacy system,
> ideally ask the older system to uprade / enable higher ciphers....
> or you can be more permissive on your tls configuration...
> I hope this is helpful
>
> On Wed, 6 Apr 2022 at 23:32, Stephan Mending <list@md5collisions.eu> wrote:
> >
> > Hi *,
> > I've noticed on my mail relays, that tls handshake with one certain email relay keep failing. I was wondering what the
> > reason for that may be.
> >
> > Following error from postfix:
> >
> > connect from mout.web.de[ IP ]:44003
> > SSL_accept error from mout.web.de[ IP ]:44003: -1
> > warning: TLS library problem: error:1404A42E:SSL routines:ST_ACCEPT:tlsv1 alert protocol version:/usr/src/lib/libssl/tls13_lib.c:150:
> > lost connection after STARTTLS from mout.web.de
> >
> > Can anybody with more knowledge of libressl and it's error messages tell by this error what is wrong?
> >
> > Best regards,
> > Stephan
> >
>
>
> --
> Kindest regards,
u Tom Smyth.
No comments:
Post a Comment