Re: TLS library problme: tlsv1 alert protocol

Sat, 09 Apr 2022 06:08:05 -0700 

Hi Tom, 

Hm.. I am on the receiving end of this TLS Handshake.
I am running -release on one and -current on another. Problem and error 
messages are the same. 

Excerpt of the running postfix main.cf:

     smtpd_tls_mandatory_ciphers = high
     smtpd_tls_ciphers = high
     smtp_tls_mandatory_ciphers = high
     smtp_tls_ciphers = high

     tls_ssl_options = NO_COMPRESSION, NO_RENEGOTIATION, PRIORITIZE_CHACHA

     tls_high_cipherlist = 
HIGH:+aRSA:+SHA384:+SHA256:+DH:+SHA:+kRSA:!eNULL:!aNULL:!PSK:!SRP:!AESCCM:!DSS:!ARIA

     smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
     smtpd_tls_protocols = !SSLv2, !SSLv3
     smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
     smtp_tls_protocols = !SSLv2, !SSLv3

     smtpd_tls_security_level = maytfix/smtpd[97536]: 
mout.web.de[212.227.17.12]:52515: TLS cipher list 
"HIGH:+aRSA:+SHA384:+SHA256:+DH:+SHA:+kRSA:!eNULL:!aNULL:!PSK:!SRP:!AESCCM:!DSS:!ARIA:!aNULL"


Set the tls debug level to 2. The output: 

     postfix/smtpd[97536]: SSL_accept error from 
mout.web.de[212.227.17.12]:52515: -1
     postfix/smtpd[97536]: warning: TLS library problem: error:1404A42E:SSL 
routines:ST_ACCEPT:tlsv1 alert protocol 
version:/usr/src/lib/libssl/tls13_lib.c:150:
     postfix/smtpd[97536]: lost connection after STARTTLS from 
mout.web.de[212.227.17.12]:52515
     postfix/smtpd[97536]: disconnect from mout.web.de[212.227.17.12]:52515 
ehlo=1 starttls=0/1 commands=1/2

Best regards, 
Stephan



On Wed, Apr 06, 2022 at 11:41:41PM +0100, Tom Smyth wrote:
> Hi Stephan,
> at a guess  I would say that there is no overlap between supported TLS
>  protool versions and ciphers
> available on the client vs the server.
> if your system is using a recent version of an Os and you are trying
> to relay to an older legacy system,
> ideally ask the older system to uprade / enable higher ciphers....
> or you can be more permissive on your tls configuration...
> I hope this is helpful
> 
> On Wed, 6 Apr 2022 at 23:32, Stephan Mending <l...@md5collisions.eu> wrote:
> >
> > Hi *,
> > I've noticed on my mail relays, that tls handshake with one certain email 
> > relay keep failing. I was wondering what the
> > reason for that may be.
> >
> > Following error from postfix:
> >
> >     connect from mout.web.de[ IP ]:44003
> >     SSL_accept error from mout.web.de[ IP ]:44003: -1
> >     warning: TLS library problem: error:1404A42E:SSL 
> > routines:ST_ACCEPT:tlsv1 alert protocol 
> > version:/usr/src/lib/libssl/tls13_lib.c:150:
> >     lost connection after STARTTLS from mout.web.de
> >
> > Can anybody with more knowledge of libressl and it's error messages tell by 
> > this error what is wrong?
> >
> > Best regards,
> > Stephan
> >
> 
> 
> -- 
> Kindest regards,
u Tom Smyth.

Reply via email to