On Mon, Feb 24, 2014 at 12:40 PM, Vladimir Támara Patiño <vtam...@pasosdejesus.org> wrote: > I have an OpenSTMP server on OpenBSD 5.4 working fine, the configuration > (/etc/mail/smtpd.conf) includes: > > listen on all port 465 smtps certificate example.com auth-optional > > Sending email from thunderbird, roundcubemail and an android MUA works fine, > however I'm having problems to send email from an iPhone with its default > MUA. > The failed connections from the iPhone reported in /var/log/maillog show: ... > Feb 24 15:31:36 www smtpd[20008]: smtp-in: Disconnecting session > 00000047fd78e967: IO error: error:1408A0C1:SSL > routines:SSL3_GET_CLIENT_HELLO:no shared cipher ... > | ssl-enum-ciphers: | SSLv3: | ciphers: | > TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA - strong > | TLS_DHE_DSS_WITH_AES_256_CBC_SHA - strong > | compressors: | NULL > | TLSv1.0: | ciphers: | TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA - > strong > | TLS_DHE_DSS_WITH_AES_128_CBC_SHA - strong > | TLS_DHE_DSS_WITH_AES_256_CBC_SHA - strong > | compressors: | NULL > | TLSv1.1: | ciphers: | TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA - > strong > | TLS_DHE_DSS_WITH_AES_128_CBC_SHA - strong > | TLS_DHE_DSS_WITH_AES_256_CBC_SHA - strong > | compressors: | NULL > | TLSv1.2: | ciphers: | TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA - > strong > | TLS_DHE_DSS_WITH_AES_128_CBC_SHA - strong > | TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 - strong > | TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 - strong > | TLS_DHE_DSS_WITH_AES_256_CBC_SHA - strong > | TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 - strong > | TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 - strong > | compressors: | NULL > |_ least strength: strong
Your certificate is apparently a DHE/DSS cert, so smtpd can only offer the DHE-DSS suites and not the RSA suites that almost all sites use. How confident are you that iOS supports DHE-DSS cipher suites by default? Philip Guenther
