Hello, Not sure if this will help with anything, but about a year back I was having issues getting my at the time s7 phone to connect to postfix. The solution was to determine that the connecting key was an ed-384 bit key. At that time android only supported ed-256 keys so I had to redo my key and it worked. I've now got an s20 so don't know if this information is still valid.
Hth Dave. On 12/18/21, Matthias Andree <matthias.and...@gmx.de> wrote: > Am 15.12.21 um 23:35 schrieb Benny Pedersen: >> On 2021-12-15 23:04, raf wrote: >> >>>> How could I get an Android client and a Postfix server work together >>>> please? >> >>> It's just a guess, but maybe the problem is ECDSA. >>> If you add an RSA key as well, it might work. >>> Does that sound plausible? >> >> or simply try smtps if submission fails on android >> >> i use aquamail on android with succes smtps / imaps (ssl not tls) > > Benny, > > Please do not confuse protocol versions with how TLS > handshake/negotiation is introduced. > > SSL is the obsolete and unsafe predecessor to TLS but that or the TLS > version has NOTHING to do with > whether you either: use dedicated SSL-wrapped = TLS-wrapped = Implicit > TLS ports for TCP, > or: start a vulnerable clear-text connection that starts at application > level, then proceeds through STARTTLS or STLS to negotiate TLS, > and when many applications forget to reset their state[1 below] > > Standing recommendations are to use TLS v1.2 or newer. Obsolete clients > may want to talk TLS v1.1 or v1.0 though but should be upgraded or > phased out. > > If you want to make a distinction between negotiation, i. e., whether > the TCP session starts with TLS handshake right away (called "Implicit > TLS" or "TLS-wrapped on dedicated "...s" ports smtps/imaps/pop3s on > 465/993/995) or cleartext initial conversation that negotiates TLS > in-band (STARTTLS for SMTP and IMAP, STLS for POP3 on ports 25/587, 143, > 110, respectively), then make that clear. Anything else is coincidental > and adds to the confusion. > > Thank you. > > [1] After the Poddebniak et al. paper&presentation earlier this year, > Implicit TLS would get my preference, it is also cleaner and does not > mix application and security layers in ways that require special attention. > https://www.usenix.org/conference/usenixsecurity21/presentation/poddebniak > >
