On Fri, Nov 07, 2014 at 10:17:40AM +0100, Lars Heide wrote:
> > Please post more detailed logging for this. Was this logged by
> > your postfix/smtpd SMTP server or by the postfix/smtp SMTP client?
> > Any idea what software the other end was using? ...
>
> Logged by postfix SMTP server (I redacted specific system information):
>
> Nov 4 09:00:44 mailserver postfix/smtpd[5708]: connect from
> postur.example.com[93.184.216.119]
> Nov 4 09:00:44 mailserver postfix/smtpd[5708]: SSL_accept error from
> postur.example.com[93.184.216.119]: -1
> Nov 4 09:00:44 mailserver postfix/smtpd[5708]: warning: TLS library
> problem: error:140A1175:SSL
> routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback:ssl_lib.c:1505:
> Nov 4 09:00:44 mailserver postfix/smtpd[5708]: lost connection after
> STARTTLS from postur.example.com[93.184.216.119]
> Nov 4 09:00:44 mailserver postfix/smtpd[5708]: disconnect from
> postur.example.com[93.184.216.119]
Was there a prior connection shortly before that where the handshake
failed for some other reason?
> They use Kerio Connect 8.4.0 RC 1. According to Wikipedia (couldn't find
> any version information on their website):
>
> 8.3.4 OpenSSL library upgraded to version 1.0.1j to prevent MITM
> protocol downgrade to insecure SSL 3.0 protocol
Perhaps 1.0.1j sometimes sends SCSV when it should not, I'll look
into it when I get a chance.
--
Viktor.
