SSL_connect error to email-smtp-fips.us-east-1.amazonaws.com

0

Hello,

I am trying to send an e-mail with postfix by relaying over email-smtp-fips.us-east-1.amazonaws.com:25. I followed the related documents and managed to do it with a regular endpoint (email-smtp.us-east-1.amazonaws.com:25). However, when I tried to do it with the fips endpoint I got the following warning and errors (syslog):

postfix/smtp: SSL_connect error to email-smtp-fips.us-east-1.amazonaws.com[IP ADDRESS REMOVED]:25: -1
postfix/smtp: warning: TLS library problem: error:140943FC:SSL routines:ssl3_read_bytes:sslv3 alert bad record mac:../ssl/record/rec_layer_s3.c:1528:SSL alert number 20:
postfix/smtp: 972631FF6D: Cannot start TLS: handshake failure
postfix/smtp: SSL_connect error to email-smtp-fips.us-east-1.amazonaws.com[IP ADDRESS REMOVED]:25: -1
postfix/smtp: warning: TLS library problem: error:140943FC:SSL routines:ssl3_read_bytes:sslv3 alert bad record mac:../ssl/record/rec_layer_s3.c:1528:SSL alert number 20:
postfix/smtp: 972631FF6D: Cannot start TLS: handshake failure
postfix/smtp: SSL_connect error to email-smtp-fips.us-east-1.amazonaws.com[IP ADDRESS REMOVED]:25: -1
postfix/smtp: warning: TLS library problem: error:140943FC:SSL routines:ssl3_read_bytes:sslv3 alert bad record mac:../ssl/record/rec_layer_s3.c:1528:SSL alert number 20:
postfix/smtp: 972631FF6D: to=<EMAIL ADDRESS REMOVED>, relay=email-smtp-fips.us-east-1.amazonaws.com[IP ADDRESS REMOVED]:25, delay=23, delays=23/0.05/0.1/0, dsn=4.7.5, status=deferred (Cannot start TLS: handshake failure)

I also tried port 587 without any luck. I couldn't find what is wrong and I need help.

Edited by: alperdom on Jan 8, 2021 12:01 AM

asked 3 years ago578 views
1 Answer
0

For anyone that might come across this problem, here is the solution: you should be using a postfix version that supports disabling TLSv1.3 as FIPS endpoints only accept connections with cipher TLSv1.2

answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions