Thanks. I'm CCing this to the system administrator at nv.net. On Sun, 2014-05-04 at 20:48 +0200, Hanno Böck wrote: > On Sun, 04 May 2014 13:05:30 -0500 Lindsay Haisley > <[email protected]> wrote: > > I'd like to configure courier to use TLS1 as a fallback in cases such > > as this. Is this possible? > > This is possible and it is the default. Courier also does that. Every > TLS app that conforms to standards does that. > > Usually what happens is something like this: > * Client: "Server, I'd like to connect with TLS 1.2" > * Server: "Sorry, I can't do that, let's use TLS 1.0" > * Client: "Okay, let's use TLS 1.0" > > Now what happens sometimes is that servers are unable to proceed if > they're connected with a tls version they don't support. So they don't > answer at all. As far as I can remember, the Facebook-API had such a > problem when TLS 1.2 first appeared in openssl. > > However, this is always a bug on the server side. Every correct > implementation of TLS 1.0 can handle this gracefully. > So mx.nv.net is using broken hardware or software. Tell them. There's > nothing you can do about it except not supporting newer and better > crypto standards (which really should not be an option if you're > serious).
For the time being, excepting nv.net from STARTTLS altogether in esmtproutes seems to be the only workaround for this. This isn't mission critical. I have two customers on nv.net email accounts with whom I need to correspond reliably. -- Lindsay Haisley | "UNIX is user-friendly, it just FMP Computer Services | chooses its friends." 512-259-1190 | -- Andreas Bogk http://www.fmp.com | ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
