On Fri, May 15, 2020 at 10:09:18PM +0200, Roland Freikamp wrote:
> > > smtp_tls_ciphers = medium
> > > smtp_tls_exclude_ciphers = aNULL,eNULL,CAMELLIA
> > > smtp_tls_mandatory_ciphers = medium
> > > tls_preempt_cipherlist = yes
> >
> > Before asking for help, try removing those settings.
> I've removed them; it did not change anything.
>
> The debug-log now says:
>
> postfix/smtpd[12259]: connect from ...[...]
> postfix/smtpd[12259]: setting up TLS connection from ...[...]
> postfix/smtpd[12259]: ...[...]: TLS cipher list
> "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH"
> postfix/smtpd[12259]: SSL_accept:before SSL initialization
> postfix/smtpd[12259]: SSL_accept:before SSL initialization
> postfix/smtpd[12259]: SSL3 alert write:fatal:handshake failure
> postfix/smtpd[12259]: SSL_accept:error in error
> postfix/smtpd[12259]: SSL_accept error from ...[...]: -1
> postfix/smtpd[12259]: warning: TLS library problem: error:1417A0C1:SSL
> routines:tls_post_process_client_hello:no shared
> cipher:ssl/statem/statem_srvr.c:2282:
> postfix/smtpd[12259]: lost connection after STARTTLS from ...[...]
> postfix/smtpd[12259]: disconnect from ...[...] ehlo=1 starttls=0/1
> commands=1/2
>
> Does that mean that the other server only supports SSL3?
No.
> Or could it be that my certificate is ECDSA, but the other server
> maybe only supports RSA?
That's quite plausible, and would have been my guess even before you
mentioned this. For interop, you need an RSA cert, and then you can
*also* have an ECDSA cert. It gets even more fun with DANE "3 1 1",
when you then need multiple TLSA RRs matching each chain, and multiple
versions of each during key rollover.
--
Viktor.
