On Thu, Mar 28, 2024 at 09:58:13AM +0200, Levente Birta via Postfix-users wrote:
> > That's worth a try: > > > > 588 inet ... smtpd > > -o smtpd_tls_security_level=encrypt > > -o smtpd_tls_mandatory_protocols=TLSv1.2 > > ... > > Limiting to only TLSv1.2 did the job. It sure looks like something was causing the client's initial attempt with TLS 1.3 to not work, and when the client retried with TLS 1.2, the server objected, since it supported TLS 1.3. Now that the server supports TLS 1.2 only, it did not mind the fallback signal, The other possibility, is that the client never tried TLS 1.3, and was implemented by a clueless keyboard-monkey, who decided to always send the fallback SCSV even though there was no fallback. That's sad, if true. -- Viktor. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org