Hi there
I see that my mail servers send to efa using TLS 1.2 however efa is not sending using TLS 1.2
I tried to update the postfix config file and add in !TLS1.2 after !SSLv3 but it seemed to stop mail flow.
Can you advise if I need to update all the smtpd lines or which is the correct one?
configure efa to send using TLS 1.2
configure efa to send using TLS 1.2
- Attachments
-
- efa.png (13 KiB) Viewed 1734 times
Re: configure efa to send using TLS 1.2
Is there anyway to change the cipher to use 256 bits instead of 128 bits?
I did try updating the posfix config file and change the ciphers to high with a high list but no difference.
Mail coming in is 256 bits.
Thanks
Edward
I did try updating the posfix config file and change the ciphers to high with a high list but no difference.
Mail coming in is 256 bits.
Thanks
Edward
Re: configure efa to send using TLS 1.2
Bump... Anyone with suggestions? Mine isn't using TLS 1.2 either now for some reason
Viper - I believe what you added to postfix has told it to NOT use TLS1.2 any more.
Viper - I believe what you added to postfix has told it to NOT use TLS1.2 any more.
Re: configure efa to send using TLS 1.2
That's correct. The '!' is negating the parameter. So TLS1.2 is turned off.
I only have configured the following protocols:
smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
And this is standard ...
My eFa sends and receives with TLSv1.2 and TLSv1.3
What protocol is used for sending and receiving is negotiated by both mailservers.
The highest protocol that both can 'talk' is used.
Re: configure efa to send using TLS 1.2
Thanks very much freyuh!freyuh wrote: ↑12 Apr 2022 12:20That's correct. The '!' is negating the parameter. So TLS1.2 is turned off.
I only have configured the following protocols:
smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
And this is standard ...
My eFa sends and receives with TLSv1.2 and TLSv1.3
What protocol is used for sending and receiving is negotiated by both mailservers.
The highest protocol that both can 'talk' is used.
Mine originally sent by default with tls... but im not sure why it isn't any more. Are there settings I should check anywhere to see if it's configured properly?
Re: configure efa to send using TLS 1.2
Here you can test what your server offers: https://testtls.com/#advanced
You could also check the ciphers if you changed them.
Ans also look at the maillog if something is missing/wrong.
It can also be a certificate issue.
You could also check the ciphers if you changed them.
Ans also look at the maillog if something is missing/wrong.
It can also be a certificate issue.
Re: configure efa to send using TLS 1.2
useful tool, thanks!