On Sat, Oct 15, 2022 at 06:20:48PM +0200, Gerald Galster wrote:
> With session tickets disabled it logs:
>
> Anonymous TLS connection established from <redacted>: TLSv1.2 with
> cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
>
> This server does not support TLS 1.3 yet and TLS 1.2 is the only
> version currently allowed for submission.
Do you have "tls_preempt_cipherlist = yes"? I wonder why AES128 is used
as opposed to AES256.
> > Any chance you could provide (off-list if you prefer) a PCAP recording
> > of a good and a problem TLS session?
>
> I'll send it off-list.
Thanks. I hope that'll shed more light on what's going on.
--
Viktor.
