Re: [exim] massive increase in SSL handshake failures after …

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Viktor Dukhovni
Date:  
À: exim-users
Sujet: Re: [exim] massive increase in SSL handshake failures after root-CA update
On Mon, Jan 20, 2014 at 11:57:07PM +0100, Wolfgang Breyha wrote:

> On 20/01/14 17:35, Viktor Dukhovni wrote:
> > In Postfix we recommend the following:
> >
> >     - Don't request client certificates on the default SMTP port.

> >
>
> Why? Requesting client certs is not a bad idea... my troubles aside.


Because asking for client certificates tickles bugs in client
implementations, and unlike MSAs with client cert based access
rules, MX hosts accept mail from everyone, even cleartext clients,
so client certs are not useful (everything works the same or better
without them).

-- 
    Viktor.