On Sat, Apr 09, 2022 at 08:52:54AM +0200, Admin Beckspaced wrote:
> Apr 8 09:53:07 cx20 postfix/smtpd[5402]: warning: TLS library problem:
> error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared
> cipher:ssl/statem/statem_srvr.c:2260:
> smtpd_tls_cert_file =
> /etc/dehydrated/certs/webmail.beckspaced.com/fullchain.pem
> smtpd_tls_key_file = /etc/dehydrated/certs/webmail.beckspaced.com/privkey.pem
That host has an ECDSA P384 certificate. This is liable to not be
supported by older systems. For maximum interoperability, RSA is safer,
or with ECDSA perhaps P256, though likely that too is not supported by
a peer that lacks P384.
A high-tech solution is to configure both ECDSA and RSA certs, but this
is not recommended for non-experts.
--
Viktor.
