On Sat, Aug 05, 2023 at 03:27:01PM -0400, Charles Sprickman via Postfix-users wrote:
> > Nope, ever since SSL 3.0 the client proposes and the server chooses. > > The issue is very likely that the server's certificate is ECDSA or > > Ed25519, and so not supported by the client. > > > > https://marc.info/?l=postfix-users&m=169103911908552&w=2 > > Between this and Dell's implementation not falling back to doing > authentication if TLS is not available, that leaves basically > validating by IP, which is what I've done to work around this. Just > wanted to confirm that I have it working (although not in the way I'd > hoped). If not for your sake, then perhaps for future readers, it would be great if you would confirm or deny what type of certificate is configured on the Postfix SMTP server end? If you switch to RSA, it should work with the iDRAC, the ciphers offered by the client are not particularly exotic. They're all CBC, but that should still be supported on the Postfix end. Even with OpenSSL 3.0, you still have: $ openssl ciphers -s -tls1_2 -v AES128+CBC+aRSA+kEDH DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 -- Viktor. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
