I have been looking at the Postfix logs and wonder if this is significant:
Dec 22 10:10:08 mx32 postfix-p25/smtpd[12694]: SSL_accept:SSLv3/TLS read client
hello
Dec 22 10:10:08 mx32 postfix-p25/smtpd[12694]: SSL_accept:SSLv3/TLS write
server hello
Dec 22 10:10:08 mx32 postfix-p25/smtpd[12694]: SSL_accept:SSLv3/TLS write
change cipher spec
Dec 22 10:10:08 mx32 postfix-p25/smtpd[12694]: SSL_accept:TLSv1.3 write
encrypted extensions
Dec 22 10:10:08 mx32 postfix-p25/smtpd[12694]: SSL_accept:SSLv3/TLS write
certificate
Dec 22 10:10:08 mx32 postfix-p25/smtpd[12694]: SSL_accept:TLSv1.3 write server
certificate verify
Dec 22 10:10:08 mx32 postfix-p25/smtpd[12694]: SSL_accept:SSLv3/TLS write
finished
Dec 22 10:10:08 mx32 postfix-p25/smtpd[12694]: SSL_accept:TLSv1.3 early data
Dec 22 10:10:08 mx32 postfix-p25/smtpd[12694]: SSL3 alert
read:fatal:certificate unknown
Dec 22 10:10:08 mx32 postfix-p25/smtpd[12694]: SSL_accept:error in error
Dec 22 10:10:08 mx32 postfix-p25/smtpd[12694]: SSL_accept error from
accounting-2.internal.harte-lyne.ca[192.168.216.88]: -1
Dec 22 10:10:08 mx32 postfix-p25/smtpd[12694]: warning: TLS library problem:
error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate
unknown:/usr/src/crypto/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number
46:
It appears to me that the client is insisting on SSLv3 but that Postfix is
looking for or replying with TLSv1.3. Would that cause a problem with the
certificate being recognised by the client?
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Unencrypted messages have no legal claim to privacy
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:byrn...@harte-lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
