Hi Viktor, Am 24.02.2015 um 20:57 schrieb Viktor Dukhovni:
>> It's still not clear to me, why in this case there was no authentication >> performed. With the same configuration, an SMTP connection Gmail is >> authenticated: >> >> Feb 24 20:09:36 bender postfix/smtp[27726]: [ID 197553 mail.info] >> Trusted TLS connection established to >> gmail-smtp-in.l.google.com[74.125.136.26]:25: TLSv1.2 with cipher >> ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) >> >> For me still the question remains, why one connection is authenticated >> and one not. Is there any criteria that needs to be met? > > This is a Google server that does not support anon-DH ciphersuites. > > It is *not* authenticated. It has a certificate from *some* trusted > CA, binding the public key to *some* name, not necessarily related > to the intended destination. If it were authenticated the connection > would be "Verified" not "Trusted". I see. Thanks a lot for the explanation. Ihsan -- ih...@dogan.ch http://blog.dogan.ch/