On 24.10.18 16:56, Burn Zero wrote:
Yea, I got it. But even with that configuration when I connect to my
server, my server is still accepting connections in TLSv1. If I disable
TLSv1 in my server,
warning: TLS library problem: 21975:error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:578:
On Wed, Oct 24, 2018 at 5:01 PM Matus UHLAR - fantomas <uh...@fantomas.sk>
wrote:
which OS/distribution do you use?
On 24.10.18 17:50, Burn Zero wrote:
I use CentOS 6.5
On 25.10.18 09:10, Matus UHLAR - fantomas wrote:
I haven't find centos 6.5 nor redhat 6.5 here, but on one of our redhat 6.4
servers the postconf says:
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
so, apparently, when connecting to your server, tls1.1 and 1.2 are not
enabled. try:
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
maybe this will allow new tls protocols and explain the issue.
btw, seems there are many defaults that have to be changed there:
# postconf -d |grep tls|grep proto
lmtp_tls_mandatory_protocols = SSLv3, TLSv1
lmtp_tls_protocols = !SSLv2
smtp_tls_mandatory_protocols = SSLv3, TLSv1
smtp_tls_protocols = !SSLv2
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_protocols =
luckily it only applies for mandatory protocols.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, what kind of school did you study to be a detective?
- Elementary, Watson. -- Daffy Duck & Porky Pig
