On Thu 13/05/2021 10:47, Nick Ryan wrote:
> Bjorn, have a look at this from the opensmtpd mailling list.
>
> https://www.mail-archive.com/misc@opensmtpd.org/msg05278.html
>
> The message from Eric has how to downgrade the smtpd listener to use all TLS
> and compatible ciphers.
This helped immensely, thank you! Adding 'ciphers "compat"' fixed my
problem.
I should have known:
$ openssl s_client -connect smtp.ziggo.nl:587 -starttls smtp
...
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-SHA256
...
According to my maillogs the above mentioned host would allow
TLSv1.3:AEAD-CHACHA20-POLY1305-SHA256 until the time that I started
experiencing problems. I can only guess why they switched.
