Hello Mark, please take the following with a grain of salt, it's 4am here, so I might be seriously wrong:
* Mark Watts <[EMAIL PROTECTED]> wrote: > > I'm in the process of setting up TLS on a number of servers. > I have two servers, both running Postfix, one an smtp client and the other an > smtpd server, using a self-signed SSL certificate. > > Sending messages, I get the following in the log on the sender: > > Nov 19 10:05:01 mailr postfix/smtp[22688]: setting up TLS connection to > mail.linux-corner.info > Nov 19 16:05:01 mailr postfix/smtp[22688]: TLS connection established to > mail.linux-corner.info: TLSv1 with cipher ADH-AES256-SHA (256/256 bits) ADH-AES256-SHA is a certificate less cipher. Without a certificate, teher is nothing to verify. > However, the same server sending to another TLS-enabled server (I believe its > qmail), I get this: > > Nov 19 10:09:09 mailr postfix/smtp[25134]: setting up TLS connection to > burn.qinetiq.com > Nov 19 10:09:09 mailr postfix/smtp[25134]: certificate verification failed > for burn.qinetiq.com: num=18:self signed certificate > Nov 19 10:09:09 mailr postfix/smtp[25134]: Unverified: > subject_CN=burn.qinetiq.com, issuer=burn.qinetiq.com > Nov 19 10:09:09 mailr postfix/smtp[25113]: TLS connection established to > burn.qinetiq.com: TLSv1 with cipher AES256-SHA (256/256 bits) I don't know what exactly AES256-SHA is, but obviously, it is not a null cipher, so there is a certificate to verify, and verification fails. Cheers Stefan -- Stefan Förster http://www.incertum.net/ Public Key: 0xBBE2A9E9 FdI #266: Allradantrieb - Allradantrieb bedeutet, dass man dort stecken bleibt, wo der Abschleppwagen nicht hinkommt.
