Am 22.10.2013 02:33, schrieb Viktor Dukhovni: > On Mon, Oct 21, 2013 at 11:55:38PM +0200, li...@rhsoft.net wrote: > >>> https://bugzilla.redhat.com/show_bug.cgi?id=1019390#c3 > > The author of comment #4 is not getting it. The problem is NOT > that Postfix fails to negotiate EECDH, rather the problem is that > it does! Once EECDH is negotiated, the server (gmx) selects an > unsupported (by RedHat's crippled OpenSSL) curve and the handshake > fails.
this guy did the absusive change too :-( > This is NOT progress. No support for EC is better than broken > support for EC. Either implement EC support or don't. yes, frsutrating, but better start with something crippeled and hope it improves than wait another 6 years >> also interesting, from one postfix to another using the same postfix/openssl >> builds >> exactly the same previously to GMX used ciphers are still fine - leaves the >> question >> open what exactly does "mx00.gmx.net" differently to fail now >> >> Oct 21 23:52:45 localhost postfix/smtp[27178]: >> Trusted TLS connection established to *****:25: >> TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) > > I don't understand what you mean, feel free to elaborate. my two postfix servers are using exactly the same ciphers as was used before the change with success to GMX, but maybe i am not knoledgeable enough to understand the deep details...
