On Thu, Dec 24, 2020 at 01:16:58PM -0500, James B. Byrne wrote:
> I would like to understand exactly what these postfix log messages tell me
> about starttls, if anything:
Generally, just the non-verbose "smtpd_tls_loglevel = 1" loggins is
quite sufficient, and the higher log levels in most cases just makes it
harder to find what's important among all the low-level detail.
> Dec 24 13:09:32 mx32 postfix-p25/smtpd: SSL_accept:SSLv3/TLS write session ticket
> Dec 24 13:09:32 mx32 postfix-p25/smtpd:
> Anonymous TLS connection established
> from accounting-2.internal.harte-lyne.ca[192.168.216.88]:
> TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
> key-exchange ECDHE (P-256)
> server-signature RSA-PSS (4096 bits)
> server-digest SHA256
This TLS handshake was successful, and negotiate TLS 1.3, with all sorts
of parameter details you probably don't care about (but 2048-bit RSA is
probably good enough, and your 4096-bit RSA key is overkill that
needlessly burns CPU-cycles).
The client did not present a client certificate (this is quite normal).