Page 1 of 1
configure efa to send using TLS 1.2
Posted: 24 Mar 2022 20:04
by viper407
Hi there
I see that my mail servers send to efa using TLS 1.2 however efa is not sending using TLS 1.2
I tried to update the postfix config file and add in !TLS1.2 after !SSLv3 but it seemed to stop mail flow.
Can you advise if I need to update all the smtpd lines or which is the correct one?
Re: configure efa to send using TLS 1.2
Posted: 27 Mar 2022 16:18
by viper407
Is there anyway to change the cipher to use 256 bits instead of 128 bits?
I did try updating the posfix config file and change the ciphers to high with a high list but no difference.
Mail coming in is 256 bits.
Thanks
Edward
Re: configure efa to send using TLS 1.2
Posted: 12 Apr 2022 11:38
by datako
Bump... Anyone with suggestions? Mine isn't using TLS 1.2 either now for some reason
Viper - I believe what you added to postfix has told it to NOT use TLS1.2 any more.
Re: configure efa to send using TLS 1.2
Posted: 12 Apr 2022 12:20
by freyuh
datako wrote: 12 Apr 2022 11:38
Viper - I believe what you added to postfix has told it to NOT use TLS1.2 any more.
That's correct. The '!' is negating the parameter. So TLS1.2 is turned off.
I only have configured the following protocols:
smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
And this is standard ...
My eFa sends and receives with TLSv1.2 and TLSv1.3
What protocol is used for sending and receiving is negotiated by both mailservers.
The highest protocol that both can 'talk' is used.
Re: configure efa to send using TLS 1.2
Posted: 13 Apr 2022 16:57
by datako
freyuh wrote: 12 Apr 2022 12:20
datako wrote: 12 Apr 2022 11:38
Viper - I believe what you added to postfix has told it to NOT use TLS1.2 any more.
That's correct. The '!' is negating the parameter. So TLS1.2 is turned off.
I only have configured the following protocols:
smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
And this is standard ...
My eFa sends and receives with TLSv1.2 and TLSv1.3
What protocol is used for sending and receiving is negotiated by both mailservers.
The highest protocol that both can 'talk' is used.
Thanks very much freyuh!
Mine originally sent by default with tls... but im not sure why it isn't any more. Are there settings I should check anywhere to see if it's configured properly?
Re: configure efa to send using TLS 1.2
Posted: 14 Apr 2022 13:34
by freyuh
Here you can test what your server offers:
https://testtls.com/#advanced
You could also check the ciphers if you changed them.
Ans also look at the maillog if something is missing/wrong.
It can also be a certificate issue.
Re: configure efa to send using TLS 1.2
Posted: 19 Apr 2022 05:38
by pdwalker
useful tool, thanks!