On Fri, Sep 23, 2016 at 12:57:13PM +0000, DaB. wrote: > X.Y.Z.invalid[10.X.Y.Z]: TLS cipher list > "aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH" [...] > Sep 23 11:26:42 hermes postfix/smtpd[30240]: warning: TLS library problem: > error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared > cipher:s3_srvr.c:1440:
With those settings that's expected. XP only supports RC4 and 3DES, and you should stop using them, just like you should stop using XP. We just moved 3DES from HIGH to MEDIUM because of the sweet32 attack. RC4 was already moved to MEDIUM in the past. You have an "!MEDIUM" there that removes both of them, without having a possiblity to readd them. The "+RC4" isn't even doing anything. You probably want to remove that "!MEDIUM", since you clearly need them. Kurt
