On Tue, Feb 06, 2024 at 06:50:28PM +0100, Maurizio Caloro via Postfix-users
wrote:
> Feb6 time P postfix/tlsproxy[300980]: warning: TLS library problem:
> error:1417A0C1:SSL routines:tls_post_process_client_hello:
> no shared cipher:../ssl/statem/statem_srvr.c:2283:
This looks like a client connection to your server, that was mediated by
tlsproxy(8) on behalf of postscreen(8). The remote client's TLS client
hello message did not list any ciphers that are enabled in your
configuation and supported by your server's underlying OpenSSL library.
If the client were on the postscreen whitelist, the connection would
have been immediately handed off to smtpd(8), well before STARTTLS.
Therefore, this was either a blacklisted client, or else a "new" client,
whose IP address has either expired from the cache or has never before
connected.
It could also, for example, be one of the security scanners (shodan,
...) that specifically tests deprecated ciphers.
That said, you've provided no information about your configuration:
https://www.postfix.org/DEBUG_README.html#mail
so more specific advice is not possible.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
