> On Mar 16, 2020, at 9:04 AM, Benny Pedersen <m...@junc.eu> wrote:
>
> tested with
>
> posttls-finger gmail.com
>
> is it my own postfix that fails with this ?
>
> how can i solve it ?
For opportunistic TLS, unvalidated certificates are not a failure.
There is no problem, everything is working as expected:
$ posttls-finger -l may -c -L summary gmail.com
posttls-finger: Untrusted TLS connection established to
gmail-smtp-in.l.google.com[2607:f8b0:400d:c0f::1a]:25: TLSv1.3 with cipher
TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature
RSA-PSS (2048 bits) server-digest SHA256
--
Viktor.
