On Tue, Sep 26, 2000 at 08:42:36AM +0100, Philip Hazel wrote:
> I've had second thoughts about the tls_advertise_hosts option, which
> defaults to
>
> tls_advertise_hosts = *
>
> I now think that the default should be unset. The reason for this is
> that, if you build Exim with TLS support and do nothing else, putting it
> into service doesn't work. It advertises TLS, but can't actually operate
> if you don't give it a certificate, so clients that support TLS try it,
> and fail. I think it would be safer to default TLS to "off".
>
> What do current testers think?
Really if you are using and setting up SSL you should (read should in an
idle world) know a bit about security.
Maybe have exim spawn a sarcastic error message if tls_certificate is
unset and tls_advertise_hosts is?
--
Please use PGP when replying to this message
Dr Yann Golanski Internet Systems Developer
PGP: http://www.kierun.org/pgp/key-planet Mailmaster for the Planet Online