" Whatever the default, the logs you posted showed TLS 1.3"
I have noticed that some gmail comes through as TLS 1.2 and some as TLS 1.3; I am guessing that not all of Google's SMTP gateways are TLS 1.3 yet... On 6/22/19, 2:13 PM, "[email protected] on behalf of Viktor Dukhovni" <[email protected] on behalf of [email protected]> wrote: > On Jun 22, 2019, at 2:20 PM, Security Admin (NetSec) <[email protected]> wrote: > > One of the other posters was correct; it was a certificate issue. Reissued my cert on my postfix SMTP mail gateways. As expected, the keyUsage you had was only appropriate for a CA, not a TLS server. > All seems to be working now. Gmail defaults to TLS 1.2 Whatever the default, the logs you posted showed TLS 1.3 > I saw some posts that TLS 1.3 still has issues with OpenSSL v1.1.1 and postfix 3.3.x Postfix 3.3 should works fine with TLS 1.3, but Postfix 3.4 has improved support. -- Viktor.
