On 10/05/17 10:45, Samuel Sieb wrote: > On 10/04/2017 04:15 PM, Nelson Crosby wrote: >> Because Legacy Software, I need to be able to support SSLv3 on my >> Postfix server. From what I can figure, however, this is disabled >> in the SSL library itself, as I still cannot get a successful >> handshake with the following configuration line, which seems to me >> like it should be enough to enable it: >> >> smtpd_tls_mandatory_protocols = !SSLv2 > > Just speculating, but if SSLv3 is disabled by default in the library, this is not > likely to work. What happens if you put SSLv3 on that line instead? > FWIW, in examining the changelogs for openssl-libs it would appear that while SSv3 is disabled by default it is designed such that an application can override the settings. * Mon Jun 30 2014 Tomáš Mráz <tmraz@xxxxxxxxxx> 1.0.1h-5 - disable SSLv2 and SSLv3 protocols by default (can be enabled via appropriate SSL_CTX_clear_options() call) So, it would seem to be a configuration issue or bug with postfix -- Fedora Users List - The place to go to speculate endlessly
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
