Re: [exim] massive increase in SSL handshake failures after …

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Viktor Dukhovni
Data:  
Para: exim-users
Assunto: Re: [exim] massive increase in SSL handshake failures after root-CA update
On Mon, Jan 20, 2014 at 11:57:07PM +0100, Wolfgang Breyha wrote:

> On 20/01/14 17:35, Viktor Dukhovni wrote:
> > In Postfix we recommend the following:
> >
> >     - Don't request client certificates on the default SMTP port.

> >
>
> Why? Requesting client certs is not a bad idea... my troubles aside.


Because asking for client certificates tickles bugs in client
implementations, and unlike MSAs with client cert based access
rules, MX hosts accept mail from everyone, even cleartext clients,
so client certs are not useful (everything works the same or better
without them).

-- 
    Viktor.