[ext] Re: cipher Fehlermeldung
Timm Schneider
t.schneider at tms-itdienst.at
Mi Mai 20 21:57:22 CEST 2026
Hallo Ralf
Das hat mir ein tlstest rausgegeben:
rDNS (194.165.192.44): esa.hc1506-8.eu.iphmx.com.
Service set: STARTTLS via SMTP
Testing ciphers per protocol via OpenSSL plus sockets against the
server, ordered by encryption strength
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits
Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
SSLv2
SSLv3
TLS 1
TLS 1.1
TLS 1.2
xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 253 AESGCM 256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
xc028 ECDHE-RSA-AES256-SHA384 ECDH 253 AES 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
x9f DHE-RSA-AES256-GCM-SHA384 DH 2048 AESGCM 256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
xcca8 ECDHE-RSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
xccaa DHE-RSA-CHACHA20-POLY1305 DH 2048 ChaCha20 256
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
x6b DHE-RSA-AES256-SHA256 DH 2048 AES 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
xc077 ECDHE-RSA-CAMELLIA256-SHA384 ECDH 253 Camellia 256
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
xc4 DHE-RSA-CAMELLIA256-SHA256 DH 2048 Camellia 256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
x9d AES256-GCM-SHA384 RSA AESGCM 256
TLS_RSA_WITH_AES_256_GCM_SHA384
xc09d AES256-CCM RSA AESCCM 256
TLS_RSA_WITH_AES_256_CCM
x3d AES256-SHA256 RSA AES 256
TLS_RSA_WITH_AES_256_CBC_SHA256
xc0 CAMELLIA256-SHA256 RSA Camellia 256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 253 AESGCM 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
xc027 ECDHE-RSA-AES128-SHA256 ECDH 253 AES 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
x9e DHE-RSA-AES128-GCM-SHA256 DH 2048 AESGCM 128
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
xc09c AES128-CCM RSA AESCCM 128
TLS_RSA_WITH_AES_128_CCM
x67 DHE-RSA-AES128-SHA256 DH 2048 AES 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
xc076 ECDHE-RSA-CAMELLIA128-SHA256 ECDH 253 Camellia 128
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
xbe DHE-RSA-CAMELLIA128-SHA256 DH 2048 Camellia 128
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
x9c AES128-GCM-SHA256 RSA AESGCM 128
TLS_RSA_WITH_AES_128_GCM_SHA256
x3c AES128-SHA256 RSA AES 128
TLS_RSA_WITH_AES_128_CBC_SHA256
xba CAMELLIA128-SHA256 RSA Camellia 128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
TLS 1.3
und Meiner:
rDNS (83.137.45.114): ns.tms-it.net.
Service set: STARTTLS via SMTP
Testing ciphers per protocol via OpenSSL plus sockets against the
server, ordered by encryption strength
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits
Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
SSLv2
SSLv3
TLS 1
TLS 1.1
TLS 1.2
xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 253 AESGCM 256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
xc024 ECDHE-ECDSA-AES256-SHA384 ECDH 253 AES 256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
xc00a ECDHE-ECDSA-AES256-SHA ECDH 253 AES 256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
xc0af ECDHE-ECDSA-AES256-CCM8 ECDH 253 AESCCM8 256
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
xc0ad ECDHE-ECDSA-AES256-CCM ECDH 253 AESCCM 256
TLS_ECDHE_ECDSA_WITH_AES_256_CCM
xc073 ECDHE-ECDSA-CAMELLIA256-SHA384 ECDH 253 Camellia 256
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
xc019 AECDH-AES256-SHA ECDH 521 AES 256
TLS_ECDH_anon_WITH_AES_256_CBC_SHA
xa7 ADH-AES256-GCM-SHA384 DH 3072 AESGCM 256
TLS_DH_anon_WITH_AES_256_GCM_SHA384
x6d ADH-AES256-SHA256 DH 3072 AES 256
TLS_DH_anon_WITH_AES_256_CBC_SHA256
x3a ADH-AES256-SHA DH 3072 AES 256
TLS_DH_anon_WITH_AES_256_CBC_SHA
xc5 ADH-CAMELLIA256-SHA256 DH 3072 Camellia 256
TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256
x89 ADH-CAMELLIA256-SHA DH 3072 Camellia 256
TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
xc05d ECDHE-ECDSA-ARIA256-GCM-SHA384 ECDH 253 ARIAGCM 256
TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 253 AESGCM 128
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
xc023 ECDHE-ECDSA-AES128-SHA256 ECDH 253 AES 128
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
xc009 ECDHE-ECDSA-AES128-SHA ECDH 253 AES 128
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
xc0ae ECDHE-ECDSA-AES128-CCM8 ECDH 253 AESCCM8 128
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
xc0ac ECDHE-ECDSA-AES128-CCM ECDH 253 AESCCM 128
TLS_ECDHE_ECDSA_WITH_AES_128_CCM
xc072 ECDHE-ECDSA-CAMELLIA128-SHA256 ECDH 253 Camellia 128
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
xc018 AECDH-AES128-SHA ECDH 521 AES 128
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
xa6 ADH-AES128-GCM-SHA256 DH 1024 AESGCM 128
TLS_DH_anon_WITH_AES_128_GCM_SHA256
x6c ADH-AES128-SHA256 DH 1024 AES 128
TLS_DH_anon_WITH_AES_128_CBC_SHA256
x34 ADH-AES128-SHA DH 1024 AES 128
TLS_DH_anon_WITH_AES_128_CBC_SHA
xbf ADH-CAMELLIA128-SHA256 DH 1024 Camellia 128
TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256
x46 ADH-CAMELLIA128-SHA DH 1024 Camellia 128
TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
xc05c ECDHE-ECDSA-ARIA128-GCM-SHA256 ECDH 253 ARIAGCM 128
TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
TLS 1.3
x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256
TLS_AES_256_GCM_SHA384
x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256
TLS_CHACHA20_POLY1305_SHA256
x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128
TLS_AES_128_GCM_SHA256
Done 2026-05-20 21:31:55 [ 17s] -->> 83.137.45.114:25
(mail.tms-itdienst.at) <<--
Am 20.05.2026 um 21:37 schrieb Ralf Hildebrandt via Postfixbuch-users:
> * Timm Schneider via Postfixbuch-users <postfixbuch-users at listen.jpberlin.de>:
>> Hallo nochmal.
>>
>> Welche cipher nutzt den Postfix, wenn nichts definiert ist?
> postconf smtpd_tls_ciphers
>
> da kommt bei mir "medium" raus, dann fragt man sich: "Medium? Mit wenig Blubber?"
>
> postconf tls_medium_cipherlist
> sagt dann WAS das " medium" bedeutet -- da kommt bei mir raus:
>
> tls_medium_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:!SEED:!IDEA:!3DES:!RC2:!RC4:!RC5:!kDH:!kECDH:!aDSS:!MD5:+RC4:@STRENGTH
>
> Das ist dann natürlich OpenSLL-Sprech. Und welche das konkret sind sagt dir dann ein:
> openssl ciphers -v 'aNULL:-aNULL:HIGH:MEDIUM:!SEED:!IDEA:!3DES:!RC2:!RC4:!RC5:!kDH:!kECDH:!aDSS:!MD5:+RC4:@STRENGTH'
>
> TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
> TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
> TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
> ...
>
--
Timm Schneider
4840 Vöcklabruck
T. (AT) 0720.501078
T. (DE) 089.2441 3327
T. (CH) 032.510 9875
T. (IT) 366.908 0087
Video-Konferenz mit mir: https://tmspbx.3cx.at/meet/timmschneider
Mehr Informationen über die Mailingliste Postfixbuch-users