Hello Everyone,
I'm setting up a new postfix 3.5.4 server on a Centos 8 box and, no
matter what config i make, i can't get TLSv1 (yes, sorry, need to
support some old clients until the end of the year) support to work.
I have already tweaked smtpd_tls_mandatory_protocols and
smtpd_tls_protocols to "!SSLv2, !SSLv3" but TLSv1 simply doesn't work.
The very same config, on other CentOS 7 boxes, are working fine to
allow TLSv1 connections.
While googling for the error
warning: TLS library problem: error:14209102:SSL
routines:tls_early_post_process_client_hello:unsupported
protocol:ssl/statem/statem_srvr.c:1661:
found a proposed patch on
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873334 to "overrides
default TLSv1.2" ... and after applying and recompiled postfix 3.5.4,
TLSv1 worked immediately with the config i was running (no config
problem after all).
So it seems we really have a TLSv1.2 minimum hardcoded anywhere. Is
it on the postfix sources? Is it CentOS 8? Is it possible to change
that, via config or compile options, without patching the sources?
Thanks all!
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
