On Mon, Aug 26, 2013 at 12:04:28PM +0200, Sebastian Wiesinger wrote:
> > It may be overkill, but it should work. I am afraid the best path
> > forward is for GMX to debug this with their client software.
>
> Yeah I'm not holding my breath for that.
Send them (postmaster@) a pointer to this thre
* Viktor Dukhovni [2013-08-24 05:27]:
>
> > I just did, here is the PCAP:
> >
> > http://www.karotte.org/smtp-gmx.pcap
>
> The client sends an "internal error" alert. It is not clear what
> problem it is encountering. The server elects:
>
> Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_
On Wed, Aug 21, 2013 at 10:44:40PM +0200, Sebastian Wiesinger wrote:
> I just did, here is the PCAP:
>
> http://www.karotte.org/smtp-gmx.pcap
The client sends an "internal error" alert. It is not clear what
problem it is encountering. The server elects:
Cipher Suite: TLS_ECDHE_ECDSA_WITH_
* Viktor Dukhovni [2013-08-20 16:51]:
> > I found the problem... In addition to my normal certificate, I had an
> > EC certificate.
> >
> > smtpd_tls_eccert_file=/etc/postfix/certs/cacert-karotte-ec.crt
>
> Though I think OpenSSL will generally detect attempts to configure
> a public key (certif
On Tue, Aug 20, 2013 at 01:27:01PM +0200, Sebastian Wiesinger wrote:
> I found the problem... In addition to my normal certificate, I had an
> EC certificate.
>
> smtpd_tls_eccert_file=/etc/postfix/certs/cacert-karotte-ec.crt
Though I think OpenSSL will generally detect attempts to configure
a p
* DTNX Postmaster [2013-08-20 12:57]:
> Self-signed, 2048 bits certificate from our own root. Picks the same cipher
> and TLS version as in Heiko's example, it seems. Perhaps it's your
> certificate, perhaps your Postfix settings? No odd overrides for the defaults
> anywhere, forced cipher suit
On Aug 20, 2013, at 11:48, Sebastian Wiesinger
wrote:
> GMX and web.de started an initiative for secure E-Mail made in
> Germany... they turned TLS on.
>
> But in addition to that bold move the did something else that causes
> the following errors when they try to send mail to my postfix:
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 20.08.2013 12:12, schrieb Sebastian Wiesinger:
> * Heiko Wundram [2013-08-20 12:09]:
>> Still delivers fine for me (and my mail-server) running Postfix
>> 2.10.1:
>>
>> Received: from mout.web.de (mout.web.de [212.227.15.3]) (using
>> TLSv1.2 wi
* Heiko Wundram [2013-08-20 12:09]:
> Still delivers fine for me (and my mail-server) running Postfix 2.10.1:
>
> Received: from mout.web.de (mout.web.de [212.227.15.3])
> (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))
> (No client certificate requested)
> by ma
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 20.08.2013 11:48, schrieb Sebastian Wiesinger:
> This error ONLY occurs with their servers. My question is if
> anyone has an idea what could cause this error. My first guess is
> that they check certificates for validity and I only have an CACert
>
10 matches
Mail list logo
