Hi Viktor Dukhovni wrote on 03.02.2015 18:12: > On Tue, Feb 03, 2015 at 04:41:40PM +0000, Viktor Dukhovni wrote: > >> If your Postfix is old enough, and is linked against OpenSSL 0.9.8, >> it only supports md5 and sha1.
Thanks, Viktor, that'll be it. > "Old enough" means older than these: [...] > Date: Thu Sep 5 08:55:00 2013 -0400 > > postfix-2.8.16 It's postfix-2.8.5 or, to be more precise, postfix-2.8.5-2~build0.10.04, and, as you assume, linked OpenSSL 0.9.8. I guess I'll have to relax the TLS policy for this domain until we can upgrade the system. Thanks for the swift and accurate analysis! Cheers, Tobias
