Am 09.04.2022 um 10:06 schrieb Viktor Dukhovni:
On Sat, Apr 09, 2022 at 08:52:54AM +0200, Admin Beckspaced wrote:
Apr 8 09:53:07 cx20 postfix/smtpd[5402]: warning: TLS library problem:
error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared
cipher:ssl/statem/statem_srvr.c:2260:
smtpd_tls_cert_file = /etc/dehydrated/certs/webmail.beckspaced.com/fullchain.pem
smtpd_tls_key_file = /etc/dehydrated/certs/webmail.beckspaced.com/privkey.pem
That host has an ECDSA P384 certificate. This is liable to not be
supported by older systems. For maximum interoperability, RSA is safer,
or with ECDSA perhaps P256, though likely that too is not supported by
a peer that lacks P384.
A high-tech solution is to configure both ECDSA and RSA certs, but this
is not recommended for non-experts.
thanks for your reply, Viktor
so you are saying that the mailserver I host (mail.beckspaced.com) is
using a 'new' cert which is not compatible with older systems?
So I can either ask the other host to update their exchange server and
certificates?
Or switch my cert to RSA for better compatibility?
Sorry for asking again. I just want to make sure I understand correctly :)
Thanks
& have a nice weekend
Becki
