Roland Freikamp:
> Hi,
>
> I recently upgraded my mailserver-linux-system, which also upgraded Postfix
> from 3.4.6 to 3.4.9, and renewed the TLS-certificates (Let's Encrypt).
> The Postfix-configuration did not change.
> Since then, some mails could not be delivered to my server, because it
> seems that the mailservers could not agree on a TLS algorithm:
>
> postfix/smtpd[17880]: connect from ...[...]
> postfix/smtpd[17880]: SSL_accept error from ...[...]: -1
> postfix/smtpd[17880]: warning: TLS library problem: error:1417A0C1:SSL
> routines:tls_post_process_client_hello:no shared
> cipher:ssl/statem/statem_srvr.c:2282:
> postfix/smtpd[17880]: lost connection after STARTTLS from ...[...]
> postfix/smtpd[17880]: disconnect from ...[...] ehlo=1 starttls=0/1
> commands=1/2
>
> Setting "smtpd_tls_ciphers = low" did not help; the only way to receive
> the mails was disabling TLS completely ("smtpd_tls_security_level = none").
> But I would like to enable TLS again.
>
> Do you know what the reason could be and how it could be fixed?
> (Change in Postfix default configuration? Bad certificate? Bad TLS library?
> Bad TLS on other mailserver?)
The crystal ball isn't working. What is the output from:
postconf -nf | grep tls
postconf -P | grep tls
Wietse
