> On Jun 22, 2019, at 2:20 PM, Security Admin (NetSec)
> <secad...@netsecdesign.com> wrote:
>
> One of the other posters was correct; it was a certificate issue. Reissued
> my cert on my postfix SMTP mail gateways.
As expected, the keyUsage you had was only appropriate for a CA,
not a TLS server.
> All seems to be working now. Gmail defaults to TLS 1.2
Whatever the default, the logs you posted showed TLS 1.3
> I saw some posts that TLS 1.3 still has issues with OpenSSL v1.1.1 and
> postfix 3.3.x
Postfix 3.3 should works fine with TLS 1.3, but Postfix 3.4 has improved
support.
--
Viktor.
