Hello again postfix-users,
After Viktor gave really helpful advise re SSLv3, now on to the next
problem, dealing with crypto is opening a can of worms, at least where
I am.
We cannot receive messages from a Big Corp, our Postfix MX's responds
with "no shared cipher". The configuration is pretty standard I think,
smtpd_tls_security_level = may
smtpd_tls_ciphers = medium
smtpd_tls_protocols = >=TLSv1.2
smtpd_tls_exclude_ciphers = aNULL
From what I can see, this is what they want:
TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128
This seems to be available in the openssl version
1.1.1q-freebsd
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
that we currently use but we do not offer it, and why is beyond me
unfortunately, any help welcome.
Thanks,
Per
