On Thu, Mar 28, 2024 at 09:58:13AM +0200, Levente Birta via Postfix-users wrote:
> > That's worth a try:
> >
> > 588 inet ... smtpd
> > -o smtpd_tls_security_level=encrypt
> > -o smtpd_tls_mandatory_protocols=TLSv1.2
> > ...
>
> Limiting to only TLSv1.2 did the job.
It sure looks like something was causing the client's initial attempt
with TLS 1.3 to not work, and when the client retried with TLS 1.2, the
server objected, since it supported TLS 1.3. Now that the server
supports TLS 1.2 only, it did not mind the fallback signal,
The other possibility, is that the client never tried TLS 1.3, and was
implemented by a clueless keyboard-monkey, who decided to always send
the fallback SCSV even though there was no fallback. That's sad, if
true.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
