Any ideas how to solve the TLS connect errors? A bit of a hack that comes to my mind would be to have a cron job to switch back to LEGACY, process the queue and then switch back to DEFAULT?
But a more elegant solution would be preferable :) Best, Peter On Tue, Mar 1, 2022 at 9:13 AM Peter Peltonen <[email protected]> wrote: > > Now after monitoring 36h after the change no cipher related errors, > but a few servers apparently have problems with higher TLS versions: > > TLS_connect_failed:_error:1425F102:SSL_routines:ssl_choose_client_version:unsupported_protocol > > I assume that this is due to these > /etc/crypto-policies/back-ends/opensslcnf.config settings: > > TLS.MinProtocol = TLSv1.2 > TLS.MaxProtocol = TLSv1.3 > DTLS.MinProtocol = DTLSv1.2 > DTLS.MaxProtocol = DTLSv1.2 > > If I lower MinProtocol to TLSv1.0 would that enable access to those > servers but use the higher protocol version for the rest of the world? > > Best, > Peter > > > On Mon, Feb 28, 2022 at 1:44 AM Eric Broch <[email protected]> wrote: > > > > I'd like to implement this programmatically so that we can set > > parameters in a /var/qmail/control/sslconf file > > > > On 2/27/2022 2:25 PM, Peter Peltonen wrote: > > > Hi Eric, > > > > > > Okay my crypto-policy is now DEFAULT again and in opensslcnf.config I now > > > have: > > > > > > CipherString = > > > DEFAULT@SECLEVEL=1:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 > > > > > > I am grepping ssl from qmail/send log. Let's see how it goes. > > > > > > Best, > > > Peter > > > > > > On Thu, Feb 24, 2022 at 7:36 PM Eric Broch <[email protected]> > > > wrote: > > >> Peter, > > >> > > >> Can you try something with your server to get mail delivery to normal. > > >> Run command: > > >> > > >> update-crypto-policies --set DEFAULT > > >> > > >> Edit file /etc/crypto-policies/back-ends/opensslcnf.config particularly > > >> setting > > >> > > >> CipherString = @SECLEVEL=2 > > >> > > >> change to > > >> > > >> CipherString = DEFAULT@SECLEVEL=1 > > >> > > >> Watch logs > > >> > > >> Eric > > >> > > >> On 2/23/2022 8:53 AM, Peter Peltonen wrote: > > >>> You mean my server with qmail-1.03-3.3.1.qt.md.el8.x86_64 (not > > >>> qmail-1.03-2.2.1) with the LEGACY setting? > > >>> > > >>> As far as I know the only problem I am having is with the > > >>> hornetsecurity.com servers. But to be honest I have not really been > > >>> monitoring the logs that carefully, that's the only server I've > > >>> received a complain about. I now tried sending them email with > > >>> unencrypted connection and it failed. > > >>> > > >>> So I think I will now leave it to LEGACY, accept that I cannot deliver > > >>> mail to the hornet serers and keep monitoring now more closely for TLS > > >>> errors in the logs: if more turn up then I might consider again > > >>> switching to DEFAULT and then adding those servers to notlshosts/ > > >>> although that looks like a nonendint task. > > >>> > > >>> If someone comes up with a solution how I could have the best of both > > >>> worlds (= support everyone), let me know? > > >>> > > >>> Best, > > >>> Peter > > >>> > > >>> On Wed, Feb 23, 2022 at 5:08 PM Eric Broch <[email protected]> > > >>> wrote: > > >>>> Does your legacy server qmail-1.03-2.2.1 send to all? > > >>>> > > >>>> On 2/23/2022 8:03 AM, Peter Peltonen wrote: > > >>>>> Here is another error I have now seen qmail/send log about 10 times in > > >>>>> the recent hour: > > >>>>> > > >>>>> TLS_connect_failed:_error:141A318A:SSL_routines:tls_process_ske_dhe:dh_key_too_small > > >>>>> > > >>>>> And this has now happened with two pretty big local service provider's > > >>>>> servers as well. I don't think I can continue with the DEFAULT > > >>>>> setting. I will now try to fall back to LEGACY and see if > > >>>>> hornetsecurity.com accepts unencrypted connections. And I really do > > >>>>> not understand the core of this problem: why cannot my server just > > >>>>> have the whole range of ciphers and protocols in use and apply the > > >>>>> most secure / appropriate one that the other party supports? > > >>>>> > > >>>>> Best, > > >>>>> Peter > > >>>>> > > >>>>> On Wed, Feb 23, 2022 at 4:29 PM Eric Broch <[email protected]> > > >>>>> wrote: > > >>>>>> If I remember correctly it had something to do with Dovecot > > >>>>>> On Feb 23, 2022, at 2:25 AM, Peter Peltonen > > >>>>>> <[email protected]> wrote: > > >>>>>>> Hello, > > >>>>>>> > > >>>>>>> Okay I now tested:: > > >>>>>>> > > >>>>>>> With LEGACY (which I had earlier) I get the > > >>>>>>> SSL_routines:set_client_ciphesuite:wrong_cipher_returned error in > > >>>>>>> qmail/send log: > > >>>>>>> > > >>>>>>> But with DEFAULT I get Remote_host_said:_250_2.0.0_OK_accept as the > > >>>>>>> result > > >>>>>>> > > >>>>>>> And I did the test without rebooting nor restarting qmail. > > >>>>>>> > > >>>>>>> So apparently this command did the trick like Eric suggested: > > >>>>>>> > > >>>>>>> update-crypto-policies --set DEFAULT > > >>>>>>> > > >>>>>>> Now I wonder if this has some other consequences, what legacy stuff > > >>>>>>> is now incompatible...? > > >>>>>>> > > >>>>>>> Best, > > >>>>>>> Peter > > >>>>>>> > > >>>>>>> > > >>>>>>> ma 21. helmik. 2022 klo 17.55 Eric Broch < [email protected]> > > >>>>>>> kirjoitti: > > >>>>>>>> reboot > > >>>>>>>> > > >>>>>>>> On 2/21/2022 8:30 AM, Peter Peltonen wrote: > > >>>>>>>>> Thanks Eric for the update. Here is what I see: > > >>>>>>>>> > > >>>>>>>>> [root@mail ~]# update-crypto-policies --show > > >>>>>>>>> LEGACY > > >>>>>>>>> [root@mail ~]# update-crypto-policies --set DEFAULT > > >>>>>>>>> Setting system policy to DEFAULT > > >>>>>>>>> Note: System-wide crypto policies are applied on application > > >>>>>>>>> start-up. > > >>>>>>>>> It is recommended to restart the system for the change of policies > > >>>>>>>>> to fully take place. > > >>>>>>>>> > > >>>>>>>>> Is restarting qmail enough or should I even reboot? > > >>>>>>>>> > > >>>>>>>>> And is there some difference between DEFAULT and FUTURE or are > > >>>>>>>>> they the same? > > >>>>>>>>> > > >>>>>>>>> Best, > > >>>>>>>>> Peter > > >>>>>>>>> > > >>>>>>>>> On Mon, Feb 21, 2022 at 4:39 PM Eric Broch < > > >>>>>>>>> [email protected]> wrote: > > >>>>>>>>>> Upon further reflection, at the end of the qt/cos8 install > > >>>>>>>>>> script there > > >>>>>>>>>> is a command, 'update-crypto-policies --set LEGACY' intended for > > >>>>>>>>>> old > > >>>>>>>>>> email clients I don't wonder if this change between cos7 and > > >>>>>>>>>> cos8 might > > >>>>>>>>>> caused the problem. Have a look here: > > >>>>>>>>>> > > >>>>>>>>>> https://www.redhat.com/en/blog/how-customize-crypto-policies-rhel-82 > > >>>>>>>>>> > > >>>>>>>>>> If you've change it to 'update-crypto-policies --set DEFAULT' or > > >>>>>>>>>> 'update-crypto-policies --set FUTURE' and are still having issue > > >>>>>>>>>> ask > > >>>>>>>>>> hornet security if we can see the actual smtp transaction. > > >>>>>>>>>> > > >>>>>>>>>> In my earlier email I was saying that there was not much > > >>>>>>>>>> difference > > >>>>>>>>>> between the old code and the new code for remote delivery and it > > >>>>>>>>>> was not > > >>>>>>>>>> immediately obvious why we would be having a problem. > > >>>>>>>>>> > > >>>>>>>>>> Eric > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>> On 2/21/2022 7:17 AM, Peter Peltonen wrote: > > >>>>>>>>>>> Hi, > > >>>>>>>>>>> > > >>>>>>>>>>> Is there something I can test? I didn't quite understand from > > >>>>>>>>>>> Eric's > > >>>>>>>>>>> earlier msg what I should try... > > >>>>>>>>>>> > > >>>>>>>>>>> One email address producing this error for me is > > >>>>>>>>>>> [email protected] -> If you like Eric, you could try > > >>>>>>>>>>> emailing > > >>>>>>>>>>> themselves asking for more details (either they reply to you or > > >>>>>>>>>>> you > > >>>>>>>>>>> will face the same error). If you don't face the same error > > >>>>>>>>>>> then we > > >>>>>>>>>>> could try figuring out what is different in our setups? > > >>>>>>>>>>> > > >>>>>>>>>>> Best, > > >>>>>>>>>>> Peter > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> On Sat, Feb 19, 2022 at 6:29 PM Eric Broch < > > >>>>>>>>>>> [email protected]> wrote: > > >>>>>>>>>>>> Looking through the function tls_init() in the code for > > >>>>>>>>>>>> qmail-remote.c > > >>>>>>>>>>>> > > >>>>>>>>>>>> I don't see much that it could be, they're almost identical > > >>>>>>>>>>>> between > > >>>>>>>>>>>> 2.2.1 and 3.3.5 > > >>>>>>>>>>>> > > >>>>>>>>>>>> Will continue looking... > > >>>>>>>>>>>> > > >>>>>>>>>>>> On 2/18/2022 1:54 PM, Andreas Galatis wrote: > > >>>>>>>>>>>>> Hi Finn, > > >>>>>>>>>>>>> > > >>>>>>>>>>>>> > > >>>>>>>>>>>>> I have tested with the tlsserverciphers of my older server, > > >>>>>>>>>>>>> completed > > >>>>>>>>>>>>> with some of the ciphers from the new file and my mails came > > >>>>>>>>>>>>> through. > > >>>>>>>>>>>>> > > >>>>>>>>>>>>> > > >>>>>>>>>>>>> Thanks a lot for your tip, Finn, I didn't find it in the code > > >>>>>>>>>>>>> > > >>>>>>>>>>>>> > > >>>>>>>>>>>>> Andreas > > >>>>>>>>>>>>> > > >>>>>>>>>>>>> > > >>>>>>>>>>>>> Am 18.02.22 um 16:56 schrieb Qmail: > > >>>>>>>>>>>>>> Hi Andreas. > > >>>>>>>>>>>>>> > > >>>>>>>>>>>>>> In qmail You're properly using > > >>>>>>>>>>>>>> /var/qmail/control/tlsclientciphers > > >>>>>>>>>>>>>> (that are a link to tlcserverciphers) > > >>>>>>>>>>>>>> > > >>>>>>>>>>>>>> According to what I read at the Nginx forum, the problem > > >>>>>>>>>>>>>> there is > > >>>>>>>>>>>>>> because some of the included ciphers are with underscore '_' > > >>>>>>>>>>>>>> and not > > >>>>>>>>>>>>>> hyphen '-' - I don't know if changing that in the > > >>>>>>>>>>>>>> tlsservercipher > > >>>>>>>>>>>>>> file will solve the problem. > > >>>>>>>>>>>>>> > > >>>>>>>>>>>>>> > > >>>>>>>>>>>>>> /Finn > > >>>>>>>>>>>>>> > > >>>>>>>>>>>>>> Den 18-02-2022 kl. 16:29 skrev Andreas: > > >>>>>>>>>>>>>>> I cannot find any file where those ciphers could be adjust. > > >>>>>>>>>>>>>>> Is that compiled in? > > >>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>> Me too, I have clients not beeing reachable with the new > > >>>>>>>>>>>>>>> server > > >>>>>>>>>>>>>>> (qmail-1.03-3.3.5), but my old server running > > >>>>>>>>>>>>>>> qmail-1.03.2.2.1.qt. > > >>>>>>>>>>>>>>> Did anyone find a solution? > > >>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>> Andreas > > >>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>> Am 17.02.22 um 20:28 schrieb Qmail: > > >>>>>>>>>>>>>>>> Hi. > > >>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>> Not sure it is related, but I just read in the Nginx forum > > >>>>>>>>>>>>>>>> that > > >>>>>>>>>>>>>>>> some have issues (failed (SSL: error:0A0000B9:SSL > > >>>>>>>>>>>>>>>> routines::no > > >>>>>>>>>>>>>>>> cipher match)) using Mozillas 'modern' 5.5 ciphers, but > > >>>>>>>>>>>>>>>> everything > > >>>>>>>>>>>>>>>> works with Mozillas 'modern' ciphers 4.0. > > >>>>>>>>>>>>>>>> (found testing the Nginx config) > > >>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>> The 5.5 list contains : > > >>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>> ssl_ciphers'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256'; > > >>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>> The 4.0 list contains: > > >>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>> ssl_ciphers'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; > > >>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>> These are matched against the openssl ciphers that are > > >>>>>>>>>>>>>>>> located on > > >>>>>>>>>>>>>>>> the server but are more or less same as the > > >>>>>>>>>>>>>>>> tlsclientciphers used > > >>>>>>>>>>>>>>>> in qmail. > > >>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>> Nginx can be setup as a MAIL proxy and therefore may be > > >>>>>>>>>>>>>>>> the reason > > >>>>>>>>>>>>>>>> for Your issue ?? > > >>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>> or maybe it's just a coincidence ? > > >>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>> Regards, > > >>>>>>>>>>>>>>>> Finn > > >>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>> Den 17-02-2022 kl. 08:14 skrev Andreas: > > >>>>>>>>>>>>>>>>> Hi list, > > >>>>>>>>>>>>>>>>> I have the same failure-mails with some servers, my > > >>>>>>>>>>>>>>>>> version of > > >>>>>>>>>>>>>>>>> qmail is > > >>>>>>>>>>>>>>>>> qmail-1.03-3.3.5.qt.md.el8.x86_64 > > >>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>> TLS connect failed: error:1421C105:SSL > > >>>>>>>>>>>>>>>>> routines:set_client_ciphersuite:wrong > > >>>>>>>>>>>>>>>>> cipher returnedZConnected to 83.246.65.85 but connection > > >>>>>>>>>>>>>>>>> died. > > >>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>> With my old server (qmail-1.03-2.2.1.qt.el7.x86_64) I can > > >>>>>>>>>>>>>>>>> send > > >>>>>>>>>>>>>>>>> emails to the same recipients. > > >>>>>>>>>>>>>>>>> Andreas > > >>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>> Am 15.02.22 um 09:39 schrieb Peter Peltonen: > > >>>>>>>>>>>>>>>>>> What I have installed is > > >>>>>>>>>>>>>>>>>> qmail-1.03-3.3.1.qt.md.el8.x86_64 > > >>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>> Any reason to update? > > >>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>> Best, > > >>>>>>>>>>>>>>>>>> Peter > > >>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>> On Sun, Feb 13, 2022 at 5:15 PM Eric Broch > > >>>>>>>>>>>>>>>>>> < [email protected]> wrote: > > >>>>>>>>>>>>>>>>>>> What version of qmail ? > > >>>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>>> On 2/12/2022 12:56 PM, Peter Peltonen wrote: > > >>>>>>>>>>>>>>>>>>>> Finally got an answer from them (see list below). I > > >>>>>>>>>>>>>>>>>>>> see some > > >>>>>>>>>>>>>>>>>>>> matching > > >>>>>>>>>>>>>>>>>>>> siphers on their and on my own list. Any idea how I > > >>>>>>>>>>>>>>>>>>>> could debug > > >>>>>>>>>>>>>>>>>>>> this > > >>>>>>>>>>>>>>>>>>>> more so I can find out why mail is not being delivered > > >>>>>>>>>>>>>>>>>>>> to their > > >>>>>>>>>>>>>>>>>>>> server? > > >>>>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>>>> best, > > >>>>>>>>>>>>>>>>>>>> Peter > > >>>>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>>>> " > > >>>>>>>>>>>>>>>>>>>> OPTON > > >>>>>>>>>>>>>>>>>>>> All ciphers > > >>>>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>>>> DESCRIPTION > > >>>>>>>>>>>>>>>>>>>> TLS encryption is only possible with ciphers that are > > >>>>>>>>>>>>>>>>>>>> considered as > > >>>>>>>>>>>>>>>>>>>> secure by the German Federal Office for Information > > >>>>>>>>>>>>>>>>>>>> Security. A > > >>>>>>>>>>>>>>>>>>>> TLS > > >>>>>>>>>>>>>>>>>>>> connection is only established if the email server of > > >>>>>>>>>>>>>>>>>>>> the > > >>>>>>>>>>>>>>>>>>>> communication partner supports one of the following > > >>>>>>>>>>>>>>>>>>>> ciphers: > > >>>>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>>>> • ECDHE-RSA-AES256-GCM-SHA384 > > >>>>>>>>>>>>>>>>>>>> • ECDHE-RSA-AES256-SHA384 > > >>>>>>>>>>>>>>>>>>>> • ECDHE-RSA-AES256-SHA > > >>>>>>>>>>>>>>>>>>>> • DHE-RSA-AES256-GCM-SHA384 > > >>>>>>>>>>>>>>>>>>>> • DHE-RSA-AES256-SHA256 > > >>>>>>>>>>>>>>>>>>>> • DHE-RSA-AES256-SHA > > >>>>>>>>>>>>>>>>>>>> • AES256-GCM-SHA384 > > >>>>>>>>>>>>>>>>>>>> • AES256-SHA256 > > >>>>>>>>>>>>>>>>>>>> • AES256-SHA > > >>>>>>>>>>>>>>>>>>>> • ECDHE-RSA-DES-CBC3-SHA > > >>>>>>>>>>>>>>>>>>>> • EDH-RSA-DES-CBC3-SHA > > >>>>>>>>>>>>>>>>>>>> • DES-CBC3-SHA > > >>>>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>>>> OPTION > > >>>>>>>>>>>>>>>>>>>> Secure ciphers > > >>>>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>>>> DESCRIPTION > > >>>>>>>>>>>>>>>>>>>> Secure ciphers TLS encryption is only possible with > > >>>>>>>>>>>>>>>>>>>> ciphers > > >>>>>>>>>>>>>>>>>>>> that are > > >>>>>>>>>>>>>>>>>>>> considered as secure by the German Federal Office for > > >>>>>>>>>>>>>>>>>>>> Information > > >>>>>>>>>>>>>>>>>>>> Security. A TLS connection is only established if the > > >>>>>>>>>>>>>>>>>>>> email > > >>>>>>>>>>>>>>>>>>>> server of the communication partner supports one of the > > >>>>>>>>>>>>>>>>>>>> following ciphers: > > >>>>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>>>> • ECDHE-RSA-AES256-GCM-SHA384 > > >>>>>>>>>>>>>>>>>>>> • ECDHE-RSA-AES256-SHA384 > > >>>>>>>>>>>>>>>>>>>> • DHE-RSA-AES256-GCM-SHA384 > > >>>>>>>>>>>>>>>>>>>> • DHE-RSA-AES256-SHA256 > > >>>>>>>>>>>>>>>>>>>> • ECDHE-RSA-AES128-GCM-SHA256 > > >>>>>>>>>>>>>>>>>>>> • ECDHE-RSA-AES128-SHA256 > > >>>>>>>>>>>>>>>>>>>> • DHE-RSA-AES128-GCM-SHA256 > > >>>>>>>>>>>>>>>>>>>> • DHE-RSA-AES128-SHA256 > > >>>>>>>>>>>>>>>>>>>> " > > >>>>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>>>> On Mon, Feb 7, 2022 at 4:08 PM Eric Broch > > >>>>>>>>>>>>>>>>>>>> < [email protected]> wrote: > > >>>>>>>>>>>>>>>>>>>>> Is there a way to contact them and find out what > > >>>>>>>>>>>>>>>>>>>>> obscure B.S. > > >>>>>>>>>>>>>>>>>>>>> they want? > > >>>>>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>>>>> On 2/7/2022 12:26 AM, Peter Peltonen wrote: > > >>>>>>>>>>>>>>>>>>>>>> When trying to deliver email to a domain that is > > >>>>>>>>>>>>>>>>>>>>>> using spam > > >>>>>>>>>>>>>>>>>>>>>> protection > > >>>>>>>>>>>>>>>>>>>>>> from antispameurope.com I get the following error: > > >>>>>>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>>>>>> deferral: > > >>>>>>>>>>>>>>>>>>>>>> TLS_connect_failed:_error:1421C105:SSL_routines:set_client_ciphersuite:wrong_cipher_returnedZConnected_to_83.246.65.85_but_connection_died._(#4.4.2)/ > > >>>>>>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>>>>>> So am I missing something here: > > >>>>>>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>>>>>> [root@mail ~]# cat > > >>>>>>>>>>>>>>>>>>>>>> /var/qmail/control/tlsclientciphers > > >>>>>>>>>>>>>>>>>>>>>> TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:ADH-SEED-SHA:SEED-SHA:IDEA-CBC-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:ECDHE-ECDSA-ARIA256-GCM-SHA384:ECDHE-ARIA256-GCM-SHA384:DHE-DSS-ARIA256-GCM-SHA384:DHE-RSA-ARIA256-GCM-SHA384:ADH-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM:ECDHE-ECDSA-ARIA128-GCM-SHA256:ECDHE-ARIA128-GCM-SHA256:DHE-DSS-ARIA128-GCM-SHA256:DHE-RSA-ARIA128-GCM-SHA256:ADH-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-RSA-CAMELLIA256-SHA384:DHE-RSA-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA256:ADH-AES256-SHA256:ADH-CAMELLIA256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ECDHE-ECDSA-CAMELLIA128-SHA256:ECDHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA256:ADH-AES128-SHA256:ADH-CAMELLIA128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AECDH-AES256-SHA:ADH-AES256-SHA:ADH-CAMELLIA256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AECDH-AES128-SHA:ADH-AES128-SHA:ADH-CAMELLIA128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-PSK-AES256-CCM8:DHE-PSK-AES256-CCM:RSA-PSK-ARIA256-GCM-SHA384:DHE-PSK-ARIA256-GCM-SHA384:AES256-GCM-SHA384:AES256-CCM8:AES256-CCM:ARIA256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:PSK-AES256-CCM8:PSK-AES256-CCM:PSK-ARIA256-GCM-SHA384:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-CCM8:DHE-PSK-AES128-CCM:RSA-PSK-ARIA128-GCM-SHA256:DHE-PSK-ARIA128-GCM-SHA256:AES128-GCM-SHA256:AES128-CCM8:AES128-CCM:ARIA128-GCM-SHA256:PSK-AES128-GCM-SHA256:PSK-AES128-CCM8:PSK-AES128-CCM:PSK-ARIA128-GCM-SHA256:AES256-SHA256:CAMELLIA256-SHA256:AES128-SHA256:CAMELLIA128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:ECDHE-PSK-CAMELLIA256-SHA384:RSA-PSK-CAMELLIA256-SHA384:DHE-PSK-CAMELLIA256-SHA384:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:PSK-CAMELLIA256-SHA384:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:ECDHE-PSK-CAMELLIA128-SHA256:RSA-PSK-CAMELLIA128-SHA256:DHE-PSK-CAMELLIA128-SHA256:AES128-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA:PSK-CAMELLIA128-SHA256 > > >>>>>>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>>>>>> ? > > >>>>>>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>>>>>> Best, > > >>>>>>>>>>>>>>>>>>>>>> Peter > > >>>>>>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>>>>>> --------------------------------------------------------------------- > > >>>>>>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>>>>>> To unsubscribe, e-mail: > > >>>>>>>>>>>>>>>>>>>>>> [email protected] > > >>>>>>>>>>>>>>>>>>>>>> For additional commands, e-mail: > > >>>>>>>>>>>>>>>>>>>>>> [email protected] > > >>>>>>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>>>> --------------------------------------------------------------------- > > >>>>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>>>> To unsubscribe, e-mail: > > >>>>>>>>>>>>>>>>>>>> [email protected] > > >>>>>>>>>>>>>>>>>>>> For additional commands, e-mail: > > >>>>>>>>>>>>>>>>>>>> [email protected] > > >>>>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>> --------------------------------------------------------------------- > > >>>>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>>>> To unsubscribe, e-mail: > > >>>>>>>>>>>>>>>>>> [email protected] > > >>>>>>>>>>>>>>>>>> For additional commands, e-mail: > > >>>>>>>>>>>>>>>>>> [email protected] > > >>>>>>>>>>>>>>>>>> > > >>>>>>>>>>> --------------------------------------------------------------------- > > >>>>>>>>>>> To unsubscribe, e-mail: > > >>>>>>>>>>> [email protected] > > >>>>>>>>>>> For additional commands, e-mail: > > >>>>>>>>>>> [email protected] > > >>>>>>>>>>> > > >>>>>>>>> --------------------------------------------------------------------- > > >>>>>>>>> To unsubscribe, e-mail: > > >>>>>>>>> [email protected] > > >>>>>>>>> For additional commands, e-mail: > > >>>>>>>>> [email protected] > > >>>>>>>>> > > >>>>> --------------------------------------------------------------------- > > >>>>> To unsubscribe, e-mail: [email protected] > > >>>>> For additional commands, e-mail: > > >>>>> [email protected] > > >>>>> > > >>> --------------------------------------------------------------------- > > >>> To unsubscribe, e-mail: [email protected] > > >>> For additional commands, e-mail: [email protected] > > >>> > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [email protected] > > > For additional commands, e-mail: [email protected] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
