:-) Maybe seems strange but... With those settings my postfix (3.5.9) no broken connections are reported:
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1.1 smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1.1 But when I change to those: smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1from time to time sessions from some reputable and presumably well configured mail servers are terminated during the SSL negotiation phase with "SSL_accept error". It looks like '!TLSv1' is seen as something like "!TLSv1.x" ("no TLS 1.x at all") rather than "!TLSv1.0". Yes it is a stupid supposition but I cannot think of any other explanation. Is it possible?
Best regards, Marek
smime.p7s
Description: S/MIME Cryptographic Signature
