Re: TLS connection state

2010-09-17 Thread Victor Duchovni
On Fri, Sep 17, 2010 at 11:33:58AM -0500, Vernon A. Fort wrote: > On Fri, 2010-09-17 at 12:17 -0400, Victor Duchovni wrote: > > On Fri, Sep 17, 2010 at 11:09:14AM -0500, Vernon A. Fort wrote: > > > > > I fully agree and this IS the way i have it configured - my original > > > post was poorly writ

Re: TLS connection state

2010-09-17 Thread Vernon A. Fort
On Fri, 2010-09-17 at 12:17 -0400, Victor Duchovni wrote: > On Fri, Sep 17, 2010 at 11:09:14AM -0500, Vernon A. Fort wrote: > > > I fully agree and this IS the way i have it configured - my original > > post was poorly written. Using =may on both in/out but configure > > smtp_tls_policy_maps for

Re: TLS connection state

2010-09-17 Thread Victor Duchovni
On Fri, Sep 17, 2010 at 11:09:14AM -0500, Vernon A. Fort wrote: > I fully agree and this IS the way i have it configured - my original > post was poorly written. Using =may on both in/out but configure > smtp_tls_policy_maps for sites that I need tighter verification. I'm > playing (for lack of

Re: TLS connection state

2010-09-17 Thread Vernon A. Fort
On Fri, 2010-09-17 at 11:42 -0400, Victor Duchovni wrote: > On Thu, Sep 16, 2010 at 03:45:17PM -0500, Vernon A. Fort wrote: > > Yes, it looks like that Patch did not make it in. I just happen to run across your post a few days ago - cleared some things up but I could NOT find this in the TLS_READM

Re: TLS connection state

2010-09-17 Thread Victor Duchovni
On Thu, Sep 16, 2010 at 03:45:17PM -0500, Vernon A. Fort wrote: > > Anonymous DH ciphers don't use CA certs. The conversation is encrypted, > > but unathenticated. Of course "Trusted" is also encrypted and not > > authenticated, but a certificate is sent and mostly ignored. What you > > learn is t

Re: TLS connection state

2010-09-16 Thread Vernon A. Fort
On Thu, 2010-09-16 at 15:14 -0400, Victor Duchovni wrote: > On Thu, Sep 16, 2010 at 01:45:10PM -0500, Vernon A. Fort wrote: > > > TLS related messages in the maillog > > > > Sep 16 14:25:54 ns postout/smtp[27828]: Trusted TLS connection > > established to chanet.org.2.0001.arsmtp.com[204.232.236.

Re: TLS connection state

2010-09-16 Thread Victor Duchovni
On Thu, Sep 16, 2010 at 01:45:10PM -0500, Vernon A. Fort wrote: > TLS related messages in the maillog > > Sep 16 14:25:54 ns postout/smtp[27828]: Trusted TLS connection > established to chanet.org.2.0001.arsmtp.com[204.232.236.213]:25: TLSv1 > with cipher DES-CBC3-SHA (168/168 bits) Their certif

TLS connection state

2010-09-16 Thread Vernon A. Fort
TLS related messages in the maillog Sep 16 14:25:54 ns postout/smtp[27828]: Trusted TLS connection established to chanet.org.2.0001.arsmtp.com[204.232.236.213]:25: TLSv1 with cipher DES-CBC3-SHA (168/168 bits) Sep 16 14:25:55 ns postout/smtp[28259]: Untrusted TLS connection established to pluto.V