On Mon, May 08, 2023 at 04:22:29PM -0500, E R via Postfix-users wrote:
> Thank you so much for the suggestion to review the crypto setting as this
> indeed a RedHat based distribution. I confirmed it is set to "default"
> which means “The default system-wide cryptographic policy level offers
>
The /usr/share/crypto-policies/DEFAULT/opensslcnf.txt on RHEL 9 looks
identical to what you posted for Fedora.
I am not a RHEL expert but I have not see any references to opt out of the
crypto policy on a per application basis. You can customize an existing
crypto policy or create your own. I
Thank you so much for the suggestion to review the crypto setting as this
indeed a RedHat based distribution. I confirmed it is set to "default"
which means “The default system-wide cryptographic policy level offers
secure settings for current threat models. It allows the TLS 1.2 and 1.3
I don't even know whether RedHat exposes any mechanisms for applications> to opt-out
of crypto policy and use only application-driven OpenSSL> configuration. This is
should perhaps be looked into in the Postfix 3.9> timeframe.
from my notes dealing with new Fedora crypto-policies on a number
On Fri, May 05, 2023 at 08:28:48PM -0400, Viktor Dukhovni via Postfix-users
wrote:
> You should of course also share
> (https://www.postfix.org/DEBUG_README.html#mail)
>
> $ postconf -nf
> $ postconf -Mf
>
> without any changes in whitespace, including line breaks. Attaching
> these
> >
>
> Because TLS/SSL things are very complex, you have to show us real
> settings all. Like me: (yw-0919: inbound, yw-1204: outbound)
> [1] https://gitlab.com/soyeomul/Gnus/-/raw/master/DKIM/smtp-conf.yw-0919
> [2] https://gitlab.com/soyeomul/Gnus/-/raw/master/DKIM/smtp-conf.yw-1204
>
And
On Fri, May 05, 2023 at 06:55:23PM -0500, E R via Postfix-users wrote:
> I have setup Postfix so that internally I offer TLS to systems but do not
> require it since I have no control over their configuration. I did
> extensive testing to ensure that the mail gateway supports TLS and accepts
>
On Fri, May 05, 2023 at 06:55:23PM -0500, E R via Postfix-users wrote:
> postfix/smtpd[1234567]: SSL_accept error from xxx.xxx.xxx[yyy.yyy.yyy.yyy]: -1
> postfix/smtpd[1234567]: warning: TLS library problem:
> error:0398:digital envelope routines::invalid
>