On Mon, Mar 25, 2024 at 12:00:12PM +0800, Cowbay via Postfix-users wrote:
> On 2024/3/25 10:55, Viktor Dukhovni via Postfix-users wrote:
> > > I checked posttls-finger on my another container which is Ubuntu
> > > 22.04.4, posttls-finger still doesn't support ipv6, weird.
> >
> > It isn't posttls-finger that does not support "ipv6", but rather your
> > network stack.
>
> It's still weird because I have ipv6 network stack and I can ping
> smtp.gmail.com's ipv6 address. See below:
>
> $ host smtp.gmail.com
> smtp.gmail.com has address 173.194.174.108
> smtp.gmail.com has IPv6 address 2404:6800:4008:c1b::6c
>
> $ posttls-finger -wc -lsecure -F /etc/ssl/certs/ca-certificates.crt -a ipv6
> "[smtp.gmail.com]:465" smtp.gmail.com
> posttls-finger: smtp.gmail.com[173.194.174.108]:465: matched peername:
> smtp.gmail.com
> posttls-finger: smtp.gmail.com[173.194.174.108]:465:
> subject_CN=smtp.gmail.com, issuer_CN=GTS CA 1C3,
> fingerprint=F7:5F:AA:8D:B5:7A:A7:A4:8A:34:0C:C3:12:18:D8:77:3B:A9:F7:75:E1:EC:76:25:76:79:41:B2:AB:46:34:E1,
>
> pkey_fingerprint=E9:BB:66:2D:A5:7C:05:FD:C4:EE:2D:CD:33:9C:32:6D:F7:99:7E:66:29:1F:F0:A4:5E:42:05:57:32:10:7C:96
> posttls-finger: Verified TLS connection established to
> smtp.gmail.com[173.194.174.108]:465: TLSv1.3 with cipher
> TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature
> RSA-PSS (2048 bits) server-digest SHA256
The "-a" option is a "preference", but perhaps you have separately
disabled IPv6 via "inet_protocols = ipv4" in main.cf?
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
