Re: disable TLS 1.3 on postfix (logs enclosed)

Sat, 22 Jun 2019 10:45:58 -0700 

Jun 22 10:31:19 mailgate postfix/smtpd[7180]: setting up TLS connection from 
mail-wr1-f42.google.com[209.85.221.42]
Jun 22 10:31:19 mailgate postfix/smtpd[7180]: 
mail-wr1-f42.google.com[209.85.221.42]: TLS cipher list 
"aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH"
Jun 22 10:31:19 mailgate postfix/smtpd[7180]: SSL_accept:before SSL 
initialization
Jun 22 10:31:19 mailgate postfix/smtpd[7180]: SSL_accept:before SSL 
initialization
Jun 22 10:31:19 mailgate postfix/smtpd[7180]: SSL_accept:SSLv3/TLS read client 
hello
Jun 22 10:31:19 mailgate postfix/smtpd[7180]: SSL_accept:SSLv3/TLS write server 
hello
Jun 22 10:31:19 mailgate postfix/smtpd[7180]: SSL_accept:SSLv3/TLS write change 
cipher spec
Jun 22 10:31:19 mailgate postfix/smtpd[7180]: SSL_accept:TLSv1.3 write 
encrypted extensions
Jun 22 10:31:19 mailgate postfix/smtpd[7180]: SSL_accept:SSLv3/TLS write 
certificate
Jun 22 10:31:19 mailgate postfix/smtpd[7180]: SSL_accept:TLSv1.3 write server 
certificate verify
Jun 22 10:31:19 mailgate postfix/smtpd[7180]: SSL_accept:SSLv3/TLS write 
finished
Jun 22 10:31:19 mailgate postfix/smtpd[7180]: SSL_accept:TLSv1.3 early data
Jun 22 10:31:19 mailgate postfix/smtpd[7180]: SSL3 alert read:fatal:illegal 
parameter
Jun 22 10:31:19 mailgate postfix/smtpd[7180]: SSL_accept:error in error
Jun 22 10:31:19 mailgate postfix/smtpd[7180]: SSL_accept error from 
mail-wr1-f42.google.com[209.85.221.42]: -1
Jun 22 10:31:19 mailgate postfix/smtpd[7180]: warning: TLS library problem: 
error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal 
parameter:../ssl/record/rec_layer_s3.c:1528:SSL alert number 47:
Jun 22 10:31:19 mailgate postfix/smtpd[7180]: lost connection after STARTTLS 
from mail-wr1-f42.google.com[209.85.221.42]
Jun 22 10:31:19 mailgate postfix/smtpd[7180]: disconnect from 
mail-wr1-f42.google.com[209.85.221.42] ehlo=1 starttls=0/1 commands=1/2

On 6/22/19, 10:31 AM, "owner-postfix-us...@postfix.org on behalf of Benny 
Pedersen" <owner-postfix-us...@postfix.org on behalf of m...@junc.eu> wrote:

    Security Admin (NetSec) skrev den 2019-06-22 19:15:
    > What is the correct procedure to disable TLS 1.3 negotiation on 
    > postfix?
    
    why ?
    
    i am not an expert, but i think you will not get that to work well, imho 
    show logs for the problem to get more help

Reply via email to