Hi — This is postfix 3.0.2 and FreeBSD-10.2/STABLE. I switched from OpenSLL to LibreSSL some month ago.
My relevant SSL/TLS settings for receiving mail didn't change ever since that time (postconf -n | grep tls | grep smtpd) smtpd_use_tls = yes smtpd_tls_auth_only = yes smtpd_tls_security_level = may smtpd_tls_loglevel = 1 smtpd_tls_cert_file = /path-to-pem/my-server.pem smtpd_tls_key_file = /path-to-pem/my-server.pem smtpd_tls_security_level = may smtpd_tls_protocols = !SSLv2 !SSLv3 smtpd_tls_ciphers = medium smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3 smtpd_tls_mandatory_ciphers = high smtpd_tls_dh1024_param_file = /path-to-pem/dh-2048.pem smtpd_tls_dh512_param_file = /path-to-pem/dh-512.pem After my recent upgrade of LibreSSL to 2.2.2 some servers fail to deliver mail. Example logfile entry: postfix/smtpd[111]: connect from xxx.xxx[1.2.3.4] postfix/smtpd[111]: SSL_accept error from xxx.xxx[1.2.3.4]: lost connection postfix/smtpd[111]: lost connection after STARTTLS from xxx.xxx[1.2.3.4]: postfix/smtpd[111]: disconnect from xxx.xxx[1.2.3.4]: ehlo=1 starttls=0/1 commands=1/2 Previous LibreSSL 2.2.1: *all* those servers delivered their mail as reported by logwatch; example: 16 Anonymous: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) 1 1.2.3.4 xxx.xxx For the time being I am "helping" myself by discarding TLS for those servers by setting "1.2.3.4 STARTTLS" in: smtpd_discard_ehlo_keyword_address_maps = cidr:/path-to-conf/smtpd_discard_ehlo_keyword_address_maps But, I do consider this approach somehow error prone. I could revert either to the previous LibreSSL version or back to OpenSSL, but I really would like to understand whether I do have an erroneous configuration of postfix, or if I am missing something else. In the release notes of LibreSSL 2.2.2 (http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.2-relnotes.txt) I do find: * Removed SSLv3 support from openssl(1) But I do find SSLv3 protocol entries: mail> openssl version LibreSSL 2.2.2 mail> openssl ciphers -v | grep ^DHE-RSA-AES256-SHA DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 Sigh, I do have to admit that crypto configuration isn't well understood by myself, thus I feel lost here. But every hint is highly appreciated. (BTW: is this off-topic for that list? If so, tell me then. I will move to a recommended ML.) With kind regards and thanks in advance, Michael