Re: [Exim] TLS default options

Top Page
Delete this message
Reply to this message
Author: Yann Golanski
Date:  
To: Philip Hazel
CC: exim-users
Subject: Re: [Exim] TLS default options
On Tue, Sep 26, 2000 at 08:42:36AM +0100, Philip Hazel wrote:
> I've had second thoughts about the tls_advertise_hosts option, which
> defaults to
>
> tls_advertise_hosts = *
>
> I now think that the default should be unset. The reason for this is
> that, if you build Exim with TLS support and do nothing else, putting it
> into service doesn't work. It advertises TLS, but can't actually operate
> if you don't give it a certificate, so clients that support TLS try it,
> and fail. I think it would be safer to default TLS to "off".
>
> What do current testers think?


Really if you are using and setting up SSL you should (read should in an
idle world) know a bit about security.

Maybe have exim spawn a sarcastic error message if tls_certificate is
unset and tls_advertise_hosts is?

-- 
        Please use PGP when replying to this message
Dr Yann Golanski                            Internet Systems Developer
PGP: http://www.kierun.org/pgp/key-planet   Mailmaster for the Planet Online