Re: [qmailtoaster] ssl problem

Eric Broch Wed, 22 Apr 2020 15:53:26 -0700

Doesn't '!SSLv3' in your ciphers mean NO SSLv3 is accepted? So, yourcommand should be


openssl s_client -connect mx.domain.ltd:25 -starttls smtp -no_ssl3


not the following command which forces ssl3...

openssl s_client -connect mx.domain.ltd:25 -starttls smtp -ssl3

Correct?

On 4/22/2020 9:57 AM, natan maciej milaszewski wrote:

Hi
I have a debian8 and qmail with tcpserver

I have big problem with disable sslv3 - or I dont understand


i crate /var/qmail/control/tlsserverciphers
and put:
ALL:!ADH:!LOW:!SSLv2:!SSLv3:!EXP:+HIGH:+MEDIUM

naw I restart qmail via svc:

svc -d /service/qmail-smtpd
svc -u /service/qmail-smtpd
svc -d /service/qmail
svc -u /service/qmail


and tested via openssl s_client -connect host:25 -starttls smtp -ssl3
and I thinking sslv3 working....


openssl s_client -connect mx.domain.ltd:25 -starttls smtp -ssl3
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 127 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
     Protocol  : SSLv3
     Cipher    : 0000
     Session-ID:
     Session-ID-ctx:
     Master-Key:
     Key-Arg   : None
     Krb5 Principal: None
     PSK identity: None
     PSK identity hint: None
     Start Time: 1587570345
     Timeout   : 7200 (sec)
     Verify return code: 0 (ok)
---

What i doing wrong ?



---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] ssl problem

Reply via email to