On Mon, Dec 12, 2022 at 01:27:59PM -0500, Alex wrote:
> Dec 12 13:12:47 xavier postfix-116/smtpd[1683671]: warning: TLS library
> problem: error:0A000438:SSL routines::tlsv1 alert internal
> error:ssl/record/rec_layer_s3.c:1584:SSL alert number 80:
Some remote client encountered an internal (to it) error and decided to
politely abandon the TLS handshake by announcing this fact, rather than
just drop the connection. Newsflash: something's broken on the Internet!
No, wait, perhaps that's not news...
> smtp_tls_cert_file=/etc/letsencrypt/fullchain.pem
> smtp_tls_key_file=/etc/letsencrypt/privkey.pem
You probably don't need these.
> smtp_tls_exclude_ciphers = MD5, RC4, 3DES, IDEA, SEED, aNULL
> smtpd_tls_exclude_ciphers = MD5, RC4, 3DES, IDEA, SEED, aNULL
And don't need to exclude aNULL for either the server or the client.
> smtpd_tls_session_cache_database =
> btree:${data_directory}/smtpd_tls_session_cache
And don't need this either, because session tickets work better.
--
Viktor.
