Re: Question about TLS 1.3 and openssl -cipher aNULL option

2020-09-03 Thread Benjamin Kaduk via openssl-users
On Thu, Sep 03, 2020 at 11:45:28PM +, Yury Mazin via openssl-users wrote: > Hello, > > We have a server was originaly using OpenSSL 1.0.2h. > Server is configured to use SSL ciphers as following > ALL:!aNULL:!ADH:!EDH:!eNULL:!EXPORT > When openssl client tries to connect to this server with co

Re: Question about TLS 1.3 and openssl -cipher aNULL option

2020-09-03 Thread Viktor Dukhovni
On Thu, Sep 03, 2020 at 11:45:28PM +, Yury Mazin via openssl-users wrote: > We have a server was originaly using OpenSSL 1.0.2h. Server is > configured to use SSL ciphers as following: > > ALL:!aNULL:!ADH:!EDH:!eNULL:!EXPORT > > When openssl client tries to connect to this server with comma

Question about TLS 1.3 and openssl -cipher aNULL option

2020-09-03 Thread Yury Mazin via openssl-users
Hello, We have a server was originaly using OpenSSL 1.0.2h. Server is configured to use SSL ciphers as following ALL:!aNULL:!ADH:!EDH:!eNULL:!EXPORT When openssl client tries to connect to this server with command openssl s_client -connect localhost:8101-cipher aNULL it fails, because any aNULL ci

Re: Testing

2020-09-03 Thread Jakob Bohm via openssl-users
On 2020-09-03 12:25, Marc Roos wrote: Why are you defending amazon? Everyone processing significant mail and http traffic is complaining about them. They were even listed in spamhaus's top 10 abuse networks (until they started contributing to them?) Because we are sending non-spam mail from a

RE: Testing

2020-09-03 Thread Marc Roos
Why are you defending amazon? Everyone processing significant mail and http traffic is complaining about them. They were even listed in spamhaus's top 10 abuse networks (until they started contributing to them?)

Re: Testing

2020-09-03 Thread Jakob Bohm via openssl-users
On 2020-09-03 09:42, Marc Roos wrote: PTR record, SPF, DKIM and DMARC are also set by spammers, and sometimes even just before a spam run. It is either choosing to do amazons work or not having any work. If more and more are blocking the amazon cloud it would make their clients leave and this fi

Re: Testing

2020-09-03 Thread Richard Levitte
For a rogue test message? However, a quick search through the mail log shows that indeed, there are messages coming from random Amazon AWS hosts that are... "interesting" I smirk a bit when I see this in our mail logs: Sep 2 10:36:06 mta postfix/smtpd[1091]: warning: non-SMTP command from

RE: Testing

2020-09-03 Thread Marc Roos
PTR record, SPF, DKIM and DMARC are also set by spammers, and sometimes even just before a spam run. It is either choosing to do amazons work or not having any work. If more and more are blocking the amazon cloud it would make their clients leave and this finally migth have them spend more on