* Renaud Allard:
>> Is there some sort of configuration hack that could help to address
>> this problem? I don't want to fall back to SSL 3.0 globally (hich
>> would solve this particular problem), and sender-specific
>> configuration is only a last resort.
>
> sslv2 is deprecated (in 2006, all major browsers dropped support for
> it). Most applications still understand them, but it is not recommended
> for use anymore. So sticking with ssl3 still looks like the best and
> easiest approach.
Yes, but I'd still prefer to use TLS 1.0. 8-/
>> The messages the remote hosts are trying to deliver aren't important,
>> I guess. It's probably just backscatter.
>>
> Then why bother that much?
We are experiencing a few such pointless failed TLS handshakes per
second (from two hosts). Right now, it's not a problem, but we might
need to do something about it if the rate increases by one or two
magnitudes. As I'm a bit in the dark what to do, I wanted to discuss
potential solutions well before we actually need them.
--
Florian Weimer <fweimer@???>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99