In my main.cf for Postfix I have set the following TLS options:
When I sent an email from my email server to my Gmail email address the header looks as follows when viewed from within the Gmail web site:
So TLS 1.2 is being used which is good.
Now when I send an email from Gmail to my email server the header looks as follows in my email client:
So why is it when I receive email its not using TLS 1.2 from Google?
I know TLS 1.2 works because when I received an email from my bank today it says the following in the header:
So I know my server supports it and I am running the latest OpenSSL version as of today.
Code:
smtpd_tls_cert_file = /usr/local/openssl/certs/mail_domain_com.crt
smtpd_tls_key_file = /usr/local/openssl/certs/mail_domain_com.key
smtpd_tls_CAfile = /usr/local/openssl/certs/mail_domain_com.ca-bundle
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_security_level = may
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtpd_tls_loglevel = 1
smtpd_tls_ask_ccert = yes
tls_random_source = dev:/dev/urandom
smtpd_tls_received_header = yes
tls_preempt_cipherlist = yes
smtpd_tls_mandatory_ciphers = high
smtpd_tls_ciphers = high
smtp_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers
smtp_tls_ciphers = $smtpd_tls_ciphers
When I sent an email from my email server to my Gmail email address the header looks as follows when viewed from within the Gmail web site:
Code:
version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128
So TLS 1.2 is being used which is good.
Now when I send an email from Gmail to my email server the header looks as follows in my email client:
Code:
using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
So why is it when I receive email its not using TLS 1.2 from Google?
I know TLS 1.2 works because when I received an email from my bank today it says the following in the header:
Code:
using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
So I know my server supports it and I am running the latest OpenSSL version as of today.