Re: possible to reach hardenize's requirements?

Sat, 13 Apr 2019 07:47:17 -0700 


> On Apr 13, 2019, at 10:23 AM, Wietse Venema <wie...@porcupine.org> wrote:
> 
>> postfix/smtpd[45229]: connect from 3[18.233.176.231]
>> postfix/smtpd[45229]: SSL_accept error from 
>> outbound.hardenize.com[18.233.176.231]: -1
>> postfix/smtpd[45229]: lost connection after STARTTLS from 
>> outbound.hardenize.com[18.233.176.231]
>> postfix/smtpd[45229]: disconnect from outbound.hardenize.com[18.233.176.231] 
>> ehlo=1 starttls=0/1 ...
> 
> Same here. Speculation: they require PKI certificate verification.

One might also speculate that they try various ciphers and protocols, some of 
which
don't pan out.  The only way to determine which ciphers a server supports is to
try lots of connections, servers don't send their complete cipherlist to 
clients,
they only send the one cipher they accepted.  Ditto with protocol versions.

So one would expect a failed handshake any time an unsupported cipher or 
protocol
is tested.

-- 
        Viktor.
























					Reply via email to