Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Victor Duchovni (Victor.Duchovnimorganstanley.com)
Date: Fri Aug 21 2009 - 09:37:50 CDT
On Fri, Aug 21, 2009 at 06:09:52AM -0500, Noel Jones wrote:
> Ralf Hildebrandt wrote:
>>> Aug 20 22:49:01 server postfix/smtpd: connect from
>>> Aug 20 22:49:02 server postfix/smtpd: setting up TLS connection
>>> from unknown[XXX.YYY.ZZZ.KKK]
>>> Aug 20 22:49:02 server postfix/smtpd: Anonymous TLS connection
>>> established from unknown[XXX.YYY.ZZZ.KKK]: TLSv1 with cipher
>>> AES128-SHA (128/128 bits)
>>> Why does it say "Anonymous TLS connection"?
>> Because the TLS certificate is not signed by a trusted CA.
> No, it's because an anonymous cipher is used when there is no client
> certificate. If it was a certificate trust problem, the connection would
> be labeled "Untrusted".
No, it is because the client did not provide a certificate. The cipher
AES128-SHA is not an "anonymous" cipher, the server did provide a
certificate to the client, but the converse was false.
Don't confuse anonymous ciphers, with anonymous clients using a cipher
that (if the client bothers, ...) authenticates the server.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.