On Sat, Aug 12, 2023 at 12:53:35PM -0400, Viktor Dukhovni wrote: > > Length: 00 00 9c (156) > > ... > > 0x01,0x88 7 ??? > > ... > > 0xC0,0x12 14 ECDHE-RSA-DES-CBC3-SHA Au=RSA > > ... > > 0x00,0x40 22 DHE-DSS-AES128-SHA256 Au=DSS > > ... > > All the ciphersuites offered except one (DSS) are RSA.
It turned out that there were multiple "bit errors" in the hex dump, perhaps as a result of a "noisy" console connection, or auto-correct of cut/paste, or similar. None of the above were in fact what the client sent. - The length was 154 as expected. - The 0188 was: 0x00,0x88 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - The c012 was: 0xC0,0x13 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - The 0040 was: 0x00,0x41 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA So, no oddball hello fragmentation, no unregistered ciphers, no 3DES and no DSS. Sometimes its the evidence that's wrong, not the underlying behaviour. -- Viktor. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org