You may want to use this tool on your mail server(so it picks up the same openssl version) to check what cyphers the mil server accepts: https://testssl.sh/
Beware, I believe one connection is open for each cypher tested, the client offers only one cypher and see if the connection completes... On Mon, Jan 9, 2017 at 6:48 AM, Graeme Fowler <graeme+mai...@graemef.net> wrote: > On 9 Jan 2017, at 14:08, Franck Martin via mailop <mailop@mailop.org> > wrote: > > Often, it is a problem of finding an acceptable cypher to both parties... > > > ...after... > > On Mon, Jan 9, 2017 at 4:21 AM, Robert Mueller <r...@fastmail.fm> wrote: >> >> So it turns out we'd actually encountered this problem before (Oct >> 2015), and had put a work around in place at the time. It appears that >> us.af.mil servers were having problems connecting to our postfix >> instances and at the time couldn't work out what the obvious reason was >> so I had added this to our postfix config. > > > They're finding a cipher they don't like - so far as I can ascertain, your > host is offering an RC4 based cipher. If they're .mil, as you mention, then > their cipher compatibility list will likely be small and hard (so to > speak). I can't speak for why they'd not connect to you as a result, that's > up to them. > > https://ssl-tools.net/mailservers/mx1.messagingengine.com > > Graeme > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
