Hi Viktor, So it seems the root cause is that the ciphers sent by postfinger and openssl are different, I will try the packet dump. Many thanks again.
Regards, King 2015-05-22 7:38 GMT+08:00 Viktor Dukhovni <postfix-us...@dukhovni.org>: > On Thu, May 21, 2015 at 10:33:27PM +0800, King Cao wrote: > > > Many thanks for your help. The server only allows sepcifc IP, so I am > > afraid that internet can't acees this server. I will try to dump the > > package to compare it. > > Yes, a packet dump of the handshake should tell the whole story. > Make sure to use "tcpdump -s0" so that you capture the full packet, > not just the TCP headers. > > > So may I know if Exchange server will only pick one > > of 64 ciphers list provided by client? or there is the limitation on > > openssl client just sent out 64 cipher list during handshake? > > Exchange 2003 ignores ciphers after the 64th in the TLS client > HELLO message. No such limitation in OpenSSL. > > -- > Viktor. >
