Hi,
I recently upgraded my mailserver-linux-system, which also upgraded Postfix
from 3.4.6 to 3.4.9, and renewed the TLS-certificates (Let's Encrypt).
The Postfix-configuration did not change.
Since then, some mails could not be delivered to my server, because it
seems that the mailservers could not agree on a TLS algorithm:
postfix/smtpd[17880]: connect from ...[...]
postfix/smtpd[17880]: SSL_accept error from ...[...]: -1
postfix/smtpd[17880]: warning: TLS library problem: error:1417A0C1:SSL
routines:tls_post_process_client_hello:no shared
cipher:ssl/statem/statem_srvr.c:2282:
postfix/smtpd[17880]: lost connection after STARTTLS from ...[...]
postfix/smtpd[17880]: disconnect from ...[...] ehlo=1 starttls=0/1 commands=1/2
Setting "smtpd_tls_ciphers = low" did not help; the only way to receive
the mails was disabling TLS completely ("smtpd_tls_security_level = none").
But I would like to enable TLS again.
Do you know what the reason could be and how it could be fixed?
(Change in Postfix default configuration? Bad certificate? Bad TLS library?
Bad TLS on other mailserver?)
thanks,
Roland
