configure efa to send using TLS 1.2

General eFa discussion
Post Reply
viper407
Posts: 25
Joined: 09 Mar 2022 09:55

configure efa to send using TLS 1.2

Post by viper407 »

Hi there

I see that my mail servers send to efa using TLS 1.2 however efa is not sending using TLS 1.2

I tried to update the postfix config file and add in !TLS1.2 after !SSLv3 but it seemed to stop mail flow.

Can you advise if I need to update all the smtpd lines or which is the correct one?
Attachments
efa.png
efa.png (13 KiB) Viewed 1677 times
viper407
Posts: 25
Joined: 09 Mar 2022 09:55

Re: configure efa to send using TLS 1.2

Post by viper407 »

Is there anyway to change the cipher to use 256 bits instead of 128 bits?

I did try updating the posfix config file and change the ciphers to high with a high list but no difference.

Mail coming in is 256 bits.

Thanks
Edward
datako
Posts: 7
Joined: 14 Nov 2019 19:56

Re: configure efa to send using TLS 1.2

Post by datako »

Bump... Anyone with suggestions? Mine isn't using TLS 1.2 either now for some reason

Viper - I believe what you added to postfix has told it to NOT use TLS1.2 any more.
freyuh
Posts: 62
Joined: 04 Oct 2018 11:21

Re: configure efa to send using TLS 1.2

Post by freyuh »

datako wrote: 12 Apr 2022 11:38 Viper - I believe what you added to postfix has told it to NOT use TLS1.2 any more.
That's correct. The '!' is negating the parameter. So TLS1.2 is turned off.

I only have configured the following protocols:
smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
And this is standard ...

My eFa sends and receives with TLSv1.2 and TLSv1.3

What protocol is used for sending and receiving is negotiated by both mailservers.
The highest protocol that both can 'talk' is used.
datako
Posts: 7
Joined: 14 Nov 2019 19:56

Re: configure efa to send using TLS 1.2

Post by datako »

freyuh wrote: 12 Apr 2022 12:20
datako wrote: 12 Apr 2022 11:38 Viper - I believe what you added to postfix has told it to NOT use TLS1.2 any more.
That's correct. The '!' is negating the parameter. So TLS1.2 is turned off.

I only have configured the following protocols:
smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
And this is standard ...

My eFa sends and receives with TLSv1.2 and TLSv1.3

What protocol is used for sending and receiving is negotiated by both mailservers.
The highest protocol that both can 'talk' is used.
Thanks very much freyuh!

Mine originally sent by default with tls... but im not sure why it isn't any more. Are there settings I should check anywhere to see if it's configured properly?
freyuh
Posts: 62
Joined: 04 Oct 2018 11:21

Re: configure efa to send using TLS 1.2

Post by freyuh »

Here you can test what your server offers: https://testtls.com/#advanced
You could also check the ciphers if you changed them.
Ans also look at the maillog if something is missing/wrong.
It can also be a certificate issue.
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: configure efa to send using TLS 1.2

Post by pdwalker »

useful tool, thanks!
Post Reply