On Aug 5, 2023, at 3:01 PM, Viktor Dukhovni via Postfix-users <postfix-users@postfix.org> wrote: > > On Sat, Aug 05, 2023 at 11:23:06AM -0700, Dan Mahoney via Postfix-users wrote: > >> Under the hood, idracs do use openSSL, and it’s not unreasonable to >> assume that both the SMTP client and the web server use the same >> linked version. You could start by seeing which ciphers the idrac 7 >> web UI supports. > > We already saw upthread which ciphers the SMTP client in the iDRAC > supports: https://marc.info/?l=postfix-users&m=169103325706376&w=2 > > It is a simple matrix of: > > { aRSA + kEDH > , aRSA + kRSA > , aDSS + kEDH > } x > { AES128-CBC-SHA > , AES128-CBC-SHA256 > , AES256-CBC-SHA > , AES256-CBC-SHA256 > , CAMELLIA128-CBC-SHA > , CAMELLIA256-CBC-SHA > , 3DES-CBC-SHA > } > >> If I understand the way the TLS handshake works, the server provides a >> list of supported ciphers, and the client picks one — at no point does >> the client say which ones it supports, implicitly. > > Nope, ever since SSL 3.0 the client proposes and the server chooses. > The issue is very likely that the server's certificate is ECDSA or > Ed25519, and so not supported by the client. > > https://marc.info/?l=postfix-users&m=169103911908552&w=2
Between this and Dell's implementation not falling back to doing authentication if TLS is not available, that leaves basically validating by IP, which is what I've done to work around this. Just wanted to confirm that I have it working (although not in the way I'd hoped). Also this is an old Dell R720... It's still perfectly serviceable as a lab box for running vmware esxi - and the price was right, $0 and no fee for delivery. I've spent $35 on a replacement RAID controller (I learned how NOT to flash these the hard way) and about $200 on a pair of SSDs. It came with 48GB of RAM. I run my only Windows instance there (accessible from home or away via VPN and RDP) and then a dozen or so unix variants as needed for testing, experimenting, etc. Recently I missed a drive failure because the email alerts didn't work and here we are... Dell EOL'd the iDrac7 back in 2020, so this hack-around is permanent: https://www.dell.com/support/kbdoc/en-us/000175831/support-for-integrated-dell-remote-access-controller-7-idrac7#iDRAC-EndOfLifeDates Anyhow, thanks for all the help! Charles > -- > Viktor. > _______________________________________________ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
