Doesn't '!SSLv3' in your ciphers mean NO SSLv3 is accepted? So, your
command should be
openssl s_client -connect mx.domain.ltd:25 -starttls smtp -no_ssl3
not the following command which forces ssl3...
openssl s_client -connect mx.domain.ltd:25 -starttls smtp -ssl3
Correct?
On 4/22/2020 9:57 AM, natan maciej milaszewski wrote:
Hi
I have a debian8 and qmail with tcpserver
I have big problem with disable sslv3 - or I dont understand
i crate /var/qmail/control/tlsserverciphers
and put:
ALL:!ADH:!LOW:!SSLv2:!SSLv3:!EXP:+HIGH:+MEDIUM
naw I restart qmail via svc:
svc -d /service/qmail-smtpd
svc -u /service/qmail-smtpd
svc -d /service/qmail
svc -u /service/qmail
and tested via openssl s_client -connect host:25 -starttls smtp -ssl3
and I thinking sslv3 working....
openssl s_client -connect mx.domain.ltd:25 -starttls smtp -ssl3
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 127 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : SSLv3
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1587570345
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
What i doing wrong ?
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com