On Mon, Sep 15, 2014 at 05:16:19PM +1000, shm...@riseup.net wrote:
> if i have an EC mail server cert and if an MTA setup to send/receive
> gives the following:
Always configure at least some sort of RSA certificate along with
any ECDSA certificates. The RSA certificate can be self-signed.
Many systems don't support ECDSA, and also don't enabled anonymous
cipher suites, so they fail when no RSA certificate is offered.
> postfix/smtpd[7060]: initializing the server-side TLS engine
> postfix/smtpd[7060]: connect from medusa.blackops.org[208.69.40.157]
> postfix/smtpd[7060]: warning: milter inet:127.0.0.1:10023: can't read
> SMFIC_OPTNEG reply packet header: Connection timed out
> postfix/smtpd[7060]: warning: milter inet:127.0.0.1:10023: read error in
> initial handshake
Also fix this.
> postfix/smtpd[7060]: setting up TLS connection from
> medusa.blackops.org[208.69.40.157]
> postfix/smtpd[7060]: medusa.blackops.org[208.69.40.157]: TLS cipher list
> "!ANULL:!EXPORT:!MD5:!DES:!LOW:ALL:@STRENGTH"
> postfix/smtpd[7060]: SSL_accept:before/accept initialization
> postfix/smtpd[7060]: SSL3 alert write:fatal:handshake failure
> postfix/smtpd[7060]: SSL_accept:error in SSLv3 read client hello C
> postfix/smtpd[7060]: SSL_accept:error in SSLv3 read client hello C
> postfix/smtpd[7060]: SSL_accept error from
> medusa.blackops.org[208.69.40.157]: -1
> postfix/smtpd[7060]: warning: TLS library problem: error:1408A0C1:SSL
> routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1358:
> postfix/smtpd[7060]: lost connection after STARTTLS from
> medusa.blackops.org[208.69.40.157]
> postfix/smtpd[7060]: disconnect from medusa.blackops.org[208.69.40.157]
--
Viktor.
