- Le plus récent
- Le plus de votes
- La plupart des commentaires
So after days of fighting around i ended up like this so far :
1: NONE of the logging provided into whole AWS documentation i've read extensively (including complex & painfull stacking of services over SES : IAM, SNS, Lambda, CloudWatch, CloudTrail/Lake, S3 etc) would ever display SMTP TLS version used during handshake & packet exchanges from my Debian server ! Therefore useless to test anything.
2: after testing several uncomplete network utilities on Debian (and trying to avoid massive packet install for wireshark and even lighter tshark) i FINALLY spotted a difference within tcpdump command line over port 587 ; in the resulting dump i could see the mention DOWNGRD right after a READY FOR TLS & before seing AWS certificate name shown.
I assumed that very last element would imply TLS 1.2 or over to be refused on handshake and therefore backported into 1/1.1 triggering the upgrade alerts Amazon sent me. From there i've tested several MTA alternative & config to choose one quite recent (even though summoning GnuTls instead of OpenSsl, but still nice). Performing some sending test with it, no more DOWNGRD spotted in the tcpdumps.
Hoping i can consider this maze over ...
Contenus pertinents
- demandé il y a 2 mois
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans