On Fri, 25 Nov 2016 07:20:25 +0100, Josh Good stated:
>On 2016 Nov 24, 16:58, Postfix User wrote:
>> On Thu, 24 Nov 2016 22:04:41 +0100, Josh Good stated:
>>
>> >Now, having said that, there is a gotcha: the URL for the hotfix
>> >offers a "Hotfix download available" button, which simply put do
On 2016 Nov 24, 16:58, Postfix User wrote:
> On Thu, 24 Nov 2016 22:04:41 +0100, Josh Good stated:
>
> >Now, having said that, there is a gotcha: the URL for the hotfix offers
> >a "Hotfix download available" button, which simply put does NOT work.
> >Microsoft seems to have silently retired that
On Thu, Nov 24, 2016 at 10:04:41PM +0100, Josh Good wrote:
> The trick is installing hotfix KB948963, provided by Microsoft for
> Windows Server 2003 on year 2008. That hotfix provides the cipher suites:
Yes, that's the one:
http://ietf.10.n7.nabble.com/Windows-2003-TLS-64-ciphersuite-limit
On Thu, 24 Nov 2016 22:04:41 +0100, Josh Good stated:
>Now, having said that, there is a gotcha: the URL for the hotfix offers
>a "Hotfix download available" button, which simply put does NOT work.
>Microsoft seems to have silently retired that hotfix from general
>availability. That is bad news f
On 2016 Nov 20, 01:38, Viktor Dukhovni wrote:
> Given that Exchange on Windows 2003 only supports RC4 and 3DES,
> both of which are deprecated in TLS. There's not much point in
> continuing to offer TLS to the unwashed masses. Such servers
> can only do TLS with specially configured front-end pro
On Sun, Nov 20, 2016 at 02:21:06AM +0100, Josh Good wrote:
> > That's not how Postfix is expected to behave. Please post
> > configuration and logs. Mind you, Postfix is not the only MTA that
> > sends email over TLS, and other TLS implementations can be (and
> > often are) less capable, less fo
On 2016 Nov 19, 23:14, Viktor Dukhovni wrote:
> On Sat, Nov 19, 2016 at 10:44:11PM +0100, Josh Good wrote:
>
> > Also, I've been able to replicate the problem, setting up a server with
> > Ubuntu 16.10, which defaults to Postfix 3.1.0 as MTA and OpenSSL 1.0.2g
> > as crypto subsystem. After I enab
On Sat, Nov 19, 2016 at 10:44:11PM +0100, Josh Good wrote:
> This bug in SChannel (the SSL/TLS subsystem in Windows) in Windows
> Server 2003 is well known:
Indeed, it has been well known now for approximately a decade.
> Also, I've been able to replicate the problem, setting up a server with
>
Hello.
I manage the email for several SMBs (between 100 and 900 mailboxes each),
where they are still running on-premises Exchange 2007 on Windows Server
2003 x64. Yes, I know this is old software, but upgrading their setup is
expensive because it involves getting new licenses (for the server OS,
