On Mon, May 08, 2023 at 04:22:29PM -0500, E R via Postfix-users wrote:
> Thank you so much for the suggestion to review the crypto setting as this
> indeed a RedHat based distribution. I confirmed it is set to "default"
> which means “The default system-wide cryptographic policy level offers
>
On Mon, May 08, 2023 at 06:13:25PM -0400, Wietse Venema via Postfix-users wrote:
> We're thinking of adding a few new settings to the stable Postfix
> releases that allow Postfix to regain some control over crypto
> policies that do not necessarily improve matters for SMTP where
> the main result
We're thinking of adding a few new settings to the stable Postfix
releases that allow Postfix to regain some control over crypto
policies that do not necessarily improve matters for SMTP where
the main result would be more plaintext communication.
With stable releases, it would not be
The /usr/share/crypto-policies/DEFAULT/opensslcnf.txt on RHEL 9 looks
identical to what you posted for Fedora.
I am not a RHEL expert but I have not see any references to opt out of the
crypto policy on a per application basis. You can customize an existing
crypto policy or create your own. I
Thank you so much for the suggestion to review the crypto setting as this
indeed a RedHat based distribution. I confirmed it is set to "default"
which means “The default system-wide cryptographic policy level offers
secure settings for current threat models. It allows the TLS 1.2 and 1.3
Wietse Venema via Postfix-users:
> Sean Gallagher via Postfix-users:
> > ADDRESS_CLASS_README:
> >
> > The most misleading place for me was the ADDRESS_CLASS_README
> >
> > For "The virtual alias domain class" it says:
> > "Valid recipient addresses are listed with the virtual_alias_maps
> >
On Mon, May 08, 2023 at 12:33:31PM +1000, Sean Gallagher via Postfix-users
wrote:
> > [ Yes, one could also craft "classless" access(5) tables, ... and rely
> >only on explicit transport(5) table entries, opting out of all the
> >taxonomy that makes it easier to reason about Postfix mail
Hi
Exactly as you're saying - problem solved - CA cant load via aplications.
W dniu 8.05.2023 o 15:31, Viktor Dukhovni via Postfix-users pisze:
On Mon, May 08, 2023 at 01:29:55PM +0200, natan via Postfix-users wrote:
I have some problem with cert - user who connect via 465
On Mon, May 08, 2023 at 01:29:55PM +0200, natan via Postfix-users wrote:
> I have some problem with cert - user who connect via 465
>
> postfix/smtps/smtpd[6901]: warning: TLS library problem:
> error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:
>
Hi
Problem is only via web aplications (php)
W dniu 8.05.2023 o 13:29, natan via Postfix-users pisze:
Hi
I have some problem with cert - user who connect via 465
postfix/smtps/smtpd[6901]: warning: TLS library problem:
error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown
Hi
I have some problem with cert - user who connect via 465
postfix/smtps/smtpd[6901]: warning: TLS library problem:
error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown
ca:../ssl/record/rec_layer_s3.c:1544:SSL alert number 48:
Debian10
Cert is new (renew) and openssl x509 -in
Viktor Dukhovni via Postfix-users writes:
> (...)
> [ Yes, one could also craft "classless" access(5) tables, ... and rely
> only on explicit transport(5) table entries, opting out of all the
> taxonomy that makes it easier to reason about Postfix mail routing,
> but this is not a good
12 matches
Mail list logo