On Wed, Sep 28, 2022 at 06:38:15PM +0200, Lists Nethead wrote:
>
> Hello again postfix-users,
>
> After Viktor gave really helpful advise re SSLv3, now on to the next
> problem, dealing with crypto is opening a can of worms, at least where
> I am.
>
> We cannot receive messages from a Big Corp, our Postfix MX's responds
> with "no shared cipher". The configuration is pretty standard I think,
>
> smtpd_tls_protocols = >=TLSv1.2
That's not the default setting.
> smtpd_tls_exclude_ciphers = aNULL
This is only appeases clueless auditors, in reality it is silly.
> From what I can see, this is what they want:
> TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128
What certificate did you deploy? What is the name of the server,
would I be able to connect to it?
--
Viktor.
