On Mon, Nov 25, 2024 at 11:52:07AM +0100, Matus UHLAR - fantomas via
Postfix-users wrote:
This is Debian 12, postfix 3.7.11 and SSL 3.0.15.
On 25.11.24 22:26, Viktor Dukhovni via Postfix-users wrote:
Does Debian do anything similar to RedHat's crypto policy?
Nothing I know of.
The closest to crypto policy was the openssl.conf setting I mentioned
before.
I can see these ciphers when I fed the command above with contents of
tls_medium_cipherlist/tls_high_cipherlist
Have you tries connecting to this server with:
$ openssl s_client -connect <hostname>:25 \
-starttls smtp -tls1_2 -cipher 'HIGH+AES+kRSA+CBC:@STRENGTH'
Seems like determining whether the ciphers could interoperate is the
first step.
works with tls1.3, doesn't work otherwise:
00A77BF7:error:0A000410:SSL routines:ssl3_read_bytes:sslv3 alert handshake
failure:../ssl/record/rec_layer_s3.c:1605:SSL alert number 40
I have also tried this from Debian 10 machine without success, it doesn't
understand the "CBC" part
Looking back at pcap output:
Alert Message
Level: Fatal (2)
Description: Handshake Failure (40)
That's not useful, without known which party sent the alert.
sorry, forgot to say it was server reply to TLS helo.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I wonder how much deeper the ocean would be without sponges.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
