Zitat von Viktor Dukhovni <postfix-us...@dukhovni.org>:
On Sun, Mar 13, 2022 at 08:35:02PM +0000, lst_ho...@kwsoft.de wrote:
We have a Postfix Server Version 3.3 and Openssl 1.1.1 on Ubuntu 18.04
LTS. One user has the need to send e-mail from an age old Windows XP
VM used because of a special not any more available software.
Is the user on a fixed IP address from which you can allow
unauthenticated submission? If so, simplest to just avoid TLS.
No, unfortunately not. It indeed works without TLS at all when using
Port 25, but this is a "left-over" from the past.
I have tried to not deactivate TLS 1.0 as Outlook/XP should be able to
use this, but i got the error "no shared cipher" in Postfix log. To
my knowledge XP does not support AES and Openssl 1.1.1 does not
suggest 3DES or RC4 as far as i can see.
IIRC there were once service packs for XP that make AES available in
TLS, but they are likely not easy to find and deploy these days...
I also searched for this one but all i have found was a hack with
using Windows Vista libraries.
Are there any settings in Postfix to force RC4/3DES in the Cipherlist
for TLS 1.0?
No, because the ciphers are disabled in OpenSSL at compile time (the
"no-weak-ssl-ciphers" is enabled by default in the OpenSSL Configure
script).
Ok, thanks. I might consider rebuilding the Ubuntu Openssl, i have
already done such things in the past.
Regards
Andreas
