------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1170
Summary: SSL fingerprint should be made accessible
Product: Exim
Version: 4.77
Platform: All
OS/Version: All
Status: NEW
Severity: wishlist
Priority: medium
Component: TLS
AssignedTo: nigel@???
ReportedBy: bjoern@???
CC: exim-dev@???
currently it is not possible with Exim to tell it what a certain domain's mail
server's SSL fingerprint is. Today it is only possible to trust servers by
trusting one or multiple CAs, that have signed their certificates.
For security resons it would be *very* good if you could tell exim that the
mail server mail.example.com has a certail SSL fingerprint and that only *that*
fingerprint is the right one for that domain. This is also important to prevent
attacks from people who got spurious access to one of the trusted CAs.
Postfix has very advanced tls support, here is the documentation of the above
mentioned fingerprint checking in postfix:
http://www.postfix.org/TLS_README.html#client_tls_fprint
maybe you can get some inspirations from that ...
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email
