On Mon, Oct 21, 2019 at 03:48:10PM -0400, J Doe wrote:
> I am aware that this is not an error on Postfix’s fault, but I found the
> following entry in one of mail server’s logs confusing.
It is nevertheless rather ordinary...
> Oct 21 06:09:51 server postfix/smtpd[31405]:
> Anonymous TLS connection established from unknown[77.120.120.29]:33126:
> TLSv1 with cipher AES256-SHA (256/256 bits)
$ openssl ciphers -stdname -s -tls1 -V AES256-SHA
0x00,0x35 - TLS_RSA_WITH_AES_256_CBC_SHA - AES256-SHA SSLv3
Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
> — There is neither DH/DHE/ECDHE at the start. What public key negotiation
> was done ?
> — There is no mode for AES256 (neither old CBC or newer, recommended GCM).
> What mode was used ?
See above.
--
Viktor.
