SSL_connect error to email-smtp-fips.us-east-1.amazonaws.com

0

Hello,

I am trying to send an e-mail with postfix by relaying over email-smtp-fips.us-east-1.amazonaws.com:25. I followed the related documents and managed to do it with a regular endpoint (email-smtp.us-east-1.amazonaws.com:25). However, when I tried to do it with the fips endpoint I got the following warning and errors (syslog):

postfix/smtp: SSL_connect error to email-smtp-fips.us-east-1.amazonaws.com[IP ADDRESS REMOVED]:25: -1
postfix/smtp: warning: TLS library problem: error:140943FC:SSL routines:ssl3_read_bytes:sslv3 alert bad record mac:../ssl/record/rec_layer_s3.c:1528:SSL alert number 20:
postfix/smtp: 972631FF6D: Cannot start TLS: handshake failure
postfix/smtp: SSL_connect error to email-smtp-fips.us-east-1.amazonaws.com[IP ADDRESS REMOVED]:25: -1
postfix/smtp: warning: TLS library problem: error:140943FC:SSL routines:ssl3_read_bytes:sslv3 alert bad record mac:../ssl/record/rec_layer_s3.c:1528:SSL alert number 20:
postfix/smtp: 972631FF6D: Cannot start TLS: handshake failure
postfix/smtp: SSL_connect error to email-smtp-fips.us-east-1.amazonaws.com[IP ADDRESS REMOVED]:25: -1
postfix/smtp: warning: TLS library problem: error:140943FC:SSL routines:ssl3_read_bytes:sslv3 alert bad record mac:../ssl/record/rec_layer_s3.c:1528:SSL alert number 20:
postfix/smtp: 972631FF6D: to=<EMAIL ADDRESS REMOVED>, relay=email-smtp-fips.us-east-1.amazonaws.com[IP ADDRESS REMOVED]:25, delay=23, delays=23/0.05/0.1/0, dsn=4.7.5, status=deferred (Cannot start TLS: handshake failure)

I also tried port 587 without any luck. I couldn't find what is wrong and I need help.

Edited by: alperdom on Jan 8, 2021 12:01 AM

已提问 4 年前768 查看次数
1 回答
0

For anyone that might come across this problem, here is the solution: you should be using a postfix version that supports disabling TLSv1.3 as FIPS endpoints only accept connections with cipher TLSv1.2

已回答 4 年前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则