Hi,
Thanks, that has done it.
Thanks.
Dave.
On 8/4/18, Viktor Dukhovni wrote:
>
>
>> On Aug 4, 2018, at 11:15 AM, David Mehler wrote:
>>
>> Sorry, the parameter is smtpd_tls_eecdh_grade it was set to ultra I
>> set it to strong. I don't know if that's what did it but clients can
>> now send.
> On Aug 4, 2018, at 11:15 AM, David Mehler wrote:
>
> Sorry, the parameter is smtpd_tls_eecdh_grade it was set to ultra I
> set it to strong. I don't know if that's what did it but clients can
> now send.
With recent Postfix releases, and OpenSSL >= 1.0.2, the best setting
for this parameter
Hi,
Sorry, the parameter is smtpd_tls_eecdh_grade it was set to ultra I
set it to strong. I don't know if that's what did it but clients can
now send.
If I'm getting what I'm reading ultra refers to p-384 bit ecc curves,
while strong is p-256, that's what I've got.
Thanks.
Dave.
On 8/4/18, Wie
David Mehler:
> Hello,
>
> Thanks Wietse and Victor,
>
> I commented out the smtp* lines and didn't fix it. What I then did was
> changed my ecc_grade from ultra to strong. Does this sound like the
> solution?
$ postconf|grep ecc_grade
[empty output]
Hello,
Thanks Wietse and Victor,
I commented out the smtp* lines and didn't fix it. What I then did was
changed my ecc_grade from ultra to strong. Does this sound like the
solution?
Thanks.
Dave.
On 8/3/18, Viktor Dukhovni wrote:
>
>
>> On Aug 3, 2018, at 6:09 PM, David Mehler wrote:
>>
>> s
> On Aug 3, 2018, at 6:09 PM, David Mehler wrote:
>
> smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1 !TLSv1.1 TLSv1.2
> smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1 !TLSv1.1 TLSv1.2
This does not leave too many working options... :-)
--
Viktor.
David Mehler:
> Aug 3 17:22:27 hostname postfix/submission/smtpd[65716]: warning: TLS
> library problem: error:1408A0C1:SSL routines:ssl3_get_client_hello:no
> shared cipher:s3_srvr.c:1427:
...
> smtp_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4,
> MD5, PSK, aECDH, EDH-DSS-DES-CB
Hello,
I'm using Postfix 3.3. I am atempting to send mail from a remote
android phone running AquaMail Pro, which does support ECC
certificates of secp-256. So I got an ecc cert pair from letsencrypt
and installed it. Atempting to send an email gives me a handshake
error on the android client and
