Le 13/04/2013 13:40, mouss a écrit :
> Le 12/04/2013 23:05, Joan Moreau a écrit : > Please don't top-post. I do not understand smtpd_tls_loglevel = 1 is > sufficient for debugging. ok 2013-04-12T21:49:03.160443+02:00 server > postfix/smtpd[12238]: warning: TLS library problem: 12238:error:1409D08A:SSL > routines:ssl3_setup_key_block:cipher or hash unavailable:s3_enc.c:423: This > suggests your TLS library is broken. The TLS library being which one ? I am > using openSSL and all https web site are working fine. Is there another > library involved ? most probably, the compiled/configured version of openssl does not match what postfix expects. you said that your upgraded the kernel. did this cause an upgrade of openssl? if so, try rebuilding postfix. Is your openssl library striped to only include selected algorithms? if so, you need to make sure that this mtaches the algos configured in postfix: $ postconf |grep medium lmtp_tls_mandatory_ciphers = medium smtp_tls_mandatory_ciphers = medium smtpd_tls_mandatory_ciphers = medium tls_medium_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH you can try: openssl ciphers -v 'aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH' (single quotees to avoid the shell barfing because of the '!' char). With those parameters, I get : 2013-04-13T17:41:48.562917+02:00 server postfix/smtpd[16148]: initializing the server-side TLS engine 2013-04-13T17:41:48.582261+02:00 server postfix/smtpd[16148]: connect from unknown[41.137.65.121] 2013-04-13T17:41:48.582275+02:00 server postfix/smtpd[16148]: setting up TLS connection from unknown[41.137.65.121] 2013-04-13T17:41:48.582290+02:00 server postfix/smtpd[16148]: unknown[41.137.65.121]: TLS cipher list "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4STRENGTH" 2013-04-13T17:41:48.582492+02:00 server postfix/smtpd[16148]: SSL_accept:before/accept initialization 2013-04-13T17:41:48.582586+02:00 server postfix/smtpd[16148]: SSL_accept:SSLv3 read client hello A 2013-04-13T17:41:48.582594+02:00 server postfix/smtpd[16148]: SSL_accept:SSLv3 write server hello A 2013-04-13T17:41:48.582701+02:00 server postfix/smtpd[16148]: SSL_accept:SSLv3 write certificate A 2013-04-13T17:41:48.584639+02:00 server postfix/smtpd[16148]: SSL_accept:SSLv3 write key exchange A 2013-04-13T17:41:48.584647+02:00 server postfix/smtpd[16148]: SSL_accept:SSLv3 write server done A 2013-04-13T17:41:48.584650+02:00 server postfix/smtpd[16148]: SSL_accept:SSLv3 flush data 2013-04-13T17:41:48.670134+02:00 server postfix/smtpd[16148]: SSL_accept:SSLv3 read client key exchange A 2013-04-13T17:41:48.670144+02:00 server postfix/smtpd[16148]: SSL_accept:error in SSLv3 read certificate verify A 2013-04-13T17:41:48.670147+02:00 server postfix/smtpd[16148]: SSL_accept error from unknown[41.137.65.121]: -1 2013-04-13T17:41:48.670156+02:00 server postfix/smtpd[16148]: warning: TLS library problem: 16148:error:1411C146:SSL routines:tls1_prf:unsupported digest type:t1_enc.c:276: 2013-04-13T17:41:48.670167+02:00 server postfix/smtpd[16148]: warning: TLS library problem: 16148:error:140D308A:SSL routines:tls1_setup_key_block:cipher or hash unavailable:t1_enc.c:621:
