On Sat, Aug 05, 2023 at 11:23:06AM -0700, Dan Mahoney via Postfix-users wrote:
> Under the hood, idracs do use openSSL, and it’s not unreasonable to > assume that both the SMTP client and the web server use the same > linked version. You could start by seeing which ciphers the idrac 7 > web UI supports. We already saw upthread which ciphers the SMTP client in the iDRAC supports: https://marc.info/?l=postfix-users&m=169103325706376&w=2 It is a simple matrix of: { aRSA + kEDH , aRSA + kRSA , aDSS + kEDH } x { AES128-CBC-SHA , AES128-CBC-SHA256 , AES256-CBC-SHA , AES256-CBC-SHA256 , CAMELLIA128-CBC-SHA , CAMELLIA256-CBC-SHA , 3DES-CBC-SHA } > If I understand the way the TLS handshake works, the server provides a > list of supported ciphers, and the client picks one — at no point does > the client say which ones it supports, implicitly. Nope, ever since SSL 3.0 the client proposes and the server chooses. The issue is very likely that the server's certificate is ECDSA or Ed25519, and so not supported by the client. https://marc.info/?l=postfix-users&m=169103911908552&w=2 -- Viktor. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
