Viktor Dukhovni <postfix-us...@dukhovni.org> schrieb am 19.07.20 um 17:05:02
Uhr:
> > Jul 19 22:41:37 dualbit1 postfix/smtpd[834008]: Anonymous TLS connection
> > established from p57b62c8e.dip0.t-ipconnect.de[87.182.44.142]: TLSv1.2 with
> > cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
>
> Your server supports TLS 1.2.
>
> > This android version is old, it's version 4.0.3. I had problems connecting
> > to dovecot
> > too and found out android is using TLSv1.
>
> This is quite possibly the issue, and even if Postfix is not explicitly
> restricting the TLS version to >= 1.2, your system-wide "openssl.cnf"
> file may well be doing that. Look for "MinProtocol" in that file:
>
> $ openssl version -d
> OPENSSLDIR: "/etc/ssl"
> $ ls /etc/ssl/openssl.cnf
> /etc/ssl/openssl.cnf
No entry MinProtocol /etc/pki/tls/openssl.cnf.
The manpage says
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
MinProtocol = TLSv1.2
Andreas
