On 10/05/17 10:45, Samuel Sieb wrote:
On 10/04/2017 04:15 PM, Nelson Crosby wrote:
> Because Legacy Software, I need to be able to support SSLv3 on my
> Postfix server. From what I can figure, however, this is disabled
> in the SSL library itself, as I still cannot get a successful
> handshake with the following configuration line, which seems to me
> like it should be enough to enable it:
>
> smtpd_tls_mandatory_protocols = !SSLv2
Just speculating, but if SSLv3 is disabled by default in the library, this is not
likely to work. What happens if you put SSLv3 on that line instead?
FWIW, in examining the changelogs for openssl-libs it would appear that while SSv3 is
disabled by default it is designed such that an application can override the settings.
* Mon Jun 30 2014 Tomáš Mráz <tmraz(a)redhat.com> 1.0.1h-5
- disable SSLv2 and SSLv3 protocols by default (can be enabled
via appropriate SSL_CTX_clear_options() call)
So, it would seem to be a configuration issue or bug with postfix
--
Fedora Users List - The place to go to speculate endlessly