That'd then be the file to analyse:
# tshark -nr /tmp/tls.pcap -V ssl
thx for the ez tutorial
after the key file cleanup,
...
Untrusted TLS connection established from
esa.hc2802-61.iphmx.com[68.232.155.227]: TLSv1.2 with cipher
ECDHE-RSA-AES128-GCM-SHA256
...
This explains the '!aNULL', added automatically by Postfix, because
you're soliciting and receiving client certificates. Drop the
smtpd_tls_ask_ccert = yes
I use that between internal/local instances of postfix.
for this server, it was in fact set -- only on the public postscreen instance.
which i don't get.
anyway, fixed. thx!
Handshake type: 01 (Client Hello)
Length: 00 00 9c (156)
One thing I failed to mention is that length of 156 is rather unexpected
...
And there's also that mysterious 0x01,0x88 cipher, which is not listed
in the IANA TLS ciphersuite registry.
wouldn't have known to look. more reading ... thx.
what tool are you using to extract the
>> Handshake type: 01 (Client Hello)
>> Length: 00 00 9c (156)
from the OP log output?
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
