Some background:
During the TLS negotiation, the client gives the server a list of
ciphers which it supports, then from that list the server chooses which
one to use.
The server's cipher list is a list, in order of preference, of the
ciphers it will use (from the client's list). If there is
Actually, doing the openssl ciphers > /var/qmail/control/tlsservercipher is a
starting point.
After I did that, I then ran my server through some tests. I happen to use
OpenVAS [which tool you want to use to find insecure SSL connections is up to
you]. It was able to tell me which ciphers to
Thanks for that Carl. I'm running
openssl-1.0.2k-16.el7_6.1.x86_64
Pretty much everything about my server is continuously updated
stock Centos 7. Currently at CentOS Linux release 7.6.1810 (Core)
I do have epel installed, which updates so
Your real problem is that this file is different based on which CentOS you’re
on [or should I say, which openssl is loaded]. If you have CentOS 7, with
openssl 1.0.2k, you can tune this file to include each cipher you want [the
file can actually be 10+ lines long wrapped]. This is so you can rem
So this may be an issue of the tlsserverciphers file. Some times
it's interesting not knowing what your doing! haha
I guess the question I have is.. What is the proper
tlsserverciphers for a qmailtoaster with a letsencrypt
certificate. If th
I had to get a new cert for my server, which I installed
yesterday. Now I'm having problems with certain clients logging
in. I get the following error in the dovecot.log.
TLS handshaking: SSL_accept() failed: error:1408A10B:SSL
routines: ssl3_get