Amazon SES and Postfix's no shared cipher warning

Hello, $USER! Amazon Simple Email Service (SES) is an email service which allow develops to send mail from within any application, and “supports TLS 1.2, TLS 1.1, TLS 1.0 and SSLv2Hello”, as stated in official documentation.

While registering at a few services (especially tawk[.]to and wpscan[.]com) I have observed enormous message delivery latencies (about 8 hours) and the same warning from few Amazon’s IP addresses:

My postfix configuration is (working) intermediate, which means that it supports TLS 1.2+, but with medium cipherlist. According to Mozilla:

Unfortunately, there are big tech companies in 2021 that ignore best-practices and can’t even support well-known TLS 1.2 ciphersuits.

Leave a Comment