On Sat, Aug 12, 2023 at 09:47:57AM -0400, pgnd via Postfix-users wrote:
> postconf -n | grep -i tls | grep -i cipher
> smtp_tls_ciphers = medium
> smtp_tls_exclude_ciphers = EXP, LOW, MEDIUM, aNULL, eNULL, SRP,
> PSK, kDH, DH, kRSA, DHE, DSS, RC4, DES, IDEA, SEED, ARIA, CAMELLIA, AESCCM8,
> 3DES, ECDHE-ECDSA-AES256-SHA384, ECDHE-ECDSA-AES128-SHA256,
> ECDHE-RSA-AES256-SHA384, ECDHE-RSA-AES128-SHA256, MD5, SHA
> smtp_tls_mandatory_ciphers = medium
> smtpd_tls_ciphers = medium
> smtpd_tls_exclude_ciphers =
> smtpd_tls_mandatory_ciphers = medium
> tls_preempt_cipherlist = yes
> tlsproxy_tls_mandatory_exclude_ciphers =
> $smtpd_tls_mandatory_exclude_ciphers
Start by reverting all of those to default.
> i'm not seeing the cause of the problem :-/
> am i looking in the wrong place? or is that^ config already a cause?
Well, you exclude still used ciphers. aNULL for example. So where did
you get that from?
Bastian
--
Conquest is easy. Control is not.
-- Kirk, "Mirror, Mirror", stardate unknown
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
