* Viktor Dukhovni <postfix-us...@dukhovni.org> [2013-08-24 05:27]:
>
> > I just did, here is the PCAP:
> >
> > http://www.karotte.org/smtp-gmx.pcap
>
> The client sends an "internal error" alert. It is not clear what
> problem it is encountering. The server elects:
>
> Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
>
> and the client purports to support the curve in the server certificate.
> I don't have the expertise to try to debug the server's key exchange
> message, but it it is typically secp256r1 aka prime256v1, which the
> client purports to support.
>
> It may be overkill, but it should work. I am afraid the best path
> forward is for GMX to debug this with their client software.
Yeah I'm not holding my breath for that. Is there a way to exclude the
web.de/GMX mailservers from the EC certificate? Let postfix always
use the other certificate for them?
Regards
Sebastian
--
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant
