On Mon, Oct 21, 2013 at 11:55:38PM +0200, li...@rhsoft.net wrote:
> > https://bugzilla.redhat.com/show_bug.cgi?id=1019390#c3
The author of comment #4 is not getting it. The problem is NOT
that Postfix fails to negotiate EECDH, rather the problem is that
it does! Once EECDH is negotiated, the server (gmx) selects an
unsupported (by RedHat's crippled OpenSSL) curve and the handshake
fails.
This is NOT progress. No support for EC is better than broken
support for EC. Either implement EC support or don't.
> also interesting, from one postfix to another using the same postfix/openssl
> builds
> exactly the same previously to GMX used ciphers are still fine - leaves the
> question
> open what exactly does "mx00.gmx.net" differently to fail now
>
> Oct 21 23:52:45 localhost postfix/smtp[27178]:
> Trusted TLS connection established to *****:25:
> TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
I don't understand what you mean, feel free to elaborate.
--
Viktor.
