I don't see how it could matter, so long as you have valid values in there. It's just a text file.

Do you mind sharing which ciphers you needed to add to accomodate which mail server on the other end?

Of course the same mail server software on the other end could be configured differently from one host to the next. It's a little suspicious to me though that the only ciphers available are insecure ones. It's also possible though that the other server quit trying after the first one failed. Python had a similar problem with this (not checking alternative authentication methods after failing the first) before I reported the behavior as a bug, which was subsequently fixed.

Thanks.

--
-Eric 'shubes'


On 10/13/2014 06:47 PM, Rajesh M. wrote:
thanks very much eric

i simply backed up the tlsserverciphers and edited the existing tlsserverciphers

it worked.

i hope it does not matter if do not create the new tlsserverciphers.dist file

rajesh


----- Original Message -----
From: Eric Shubert [mailto:[email protected]]
To: [email protected]
Sent: Mon, 13 Oct 2014 17:09:42 -0700
Subject: [qmailtoaster] Re: tls connect errors : extremely urgent

The cert's probably ok. I'm guessing that the destination server can't
handle the more secure ciphers that are being used now (the newer QMT is
hardened a bit security wise).

Try this:
# cd /var/qmail/control
# mv tlsserverciphers tlsserverciphers.qmt
# ln -s tlsserverciphers.dist tlsserverciphers

You might need to restart qmail after doing this. That should put you
back to the older more permissive (and insecure) ciphers.

You may or may not have a tlsciphers.dist file. If you don't, I've
attached one from my COS6 QMT (although I don't use it - I use the more
secure one).

Let us know if that does it for you.

Thanks.



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]





---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to