[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

2023-05-08 Thread Viktor Dukhovni via Postfix-users
On Mon, May 08, 2023 at 04:22:29PM -0500, E R via Postfix-users wrote: > Thank you so much for the suggestion to review the crypto setting as this > indeed a RedHat based distribution. I confirmed it is set to "default" > which means “The default system-wide cryptographic policy level offers >

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

2023-05-08 Thread E R via Postfix-users
The /usr/share/crypto-policies/DEFAULT/opensslcnf.txt on RHEL 9 looks identical to what you posted for Fedora. I am not a RHEL expert but I have not see any references to opt out of the crypto policy on a per application basis. You can customize an existing crypto policy or create your own. I

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

2023-05-08 Thread E R via Postfix-users
Thank you so much for the suggestion to review the crypto setting as this indeed a RedHat based distribution. I confirmed it is set to "default" which means “The default system-wide cryptographic policy level offers secure settings for current threat models. It allows the TLS 1.2 and 1.3

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

2023-05-06 Thread PGNet Dev via Postfix-users
I don't even know whether RedHat exposes any mechanisms for applications> to opt-out of crypto policy and use only application-driven OpenSSL> configuration. This is should perhaps be looked into in the Postfix 3.9> timeframe. from my notes dealing with new Fedora crypto-policies on a number

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

2023-05-05 Thread Viktor Dukhovni via Postfix-users
On Fri, May 05, 2023 at 08:28:48PM -0400, Viktor Dukhovni via Postfix-users wrote: > You should of course also share > (https://www.postfix.org/DEBUG_README.html#mail) > > $ postconf -nf > $ postconf -Mf > > without any changes in whitespace, including line breaks. Attaching > these

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

2023-05-05 Thread Ken Peng via Postfix-users
> > > > Because TLS/SSL things are very complex, you have to show us real > settings all. Like me: (yw-0919: inbound, yw-1204: outbound) > [1] https://gitlab.com/soyeomul/Gnus/-/raw/master/DKIM/smtp-conf.yw-0919 > [2] https://gitlab.com/soyeomul/Gnus/-/raw/master/DKIM/smtp-conf.yw-1204 > And

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

2023-05-05 Thread Byung-Hee HWANG via Postfix-users
On Fri, May 05, 2023 at 06:55:23PM -0500, E R via Postfix-users wrote: > I have setup Postfix so that internally I offer TLS to systems but do not > require it since I have no control over their configuration. I did > extensive testing to ensure that the mail gateway supports TLS and accepts >

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

2023-05-05 Thread Viktor Dukhovni via Postfix-users
On Fri, May 05, 2023 at 06:55:23PM -0500, E R via Postfix-users wrote: > postfix/smtpd[1234567]: SSL_accept error from xxx.xxx.xxx[yyy.yyy.yyy.yyy]: -1 > postfix/smtpd[1234567]: warning: TLS library problem: > error:0398:digital envelope routines::invalid >