Re: [exim] tls_advertise_hosts

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] tls_advertise_hosts
Mike Tubby <mike@???> (Mo 25 Apr 2016 23:57:51 CEST):
> Gents,
>
> I have to say that this is all sounding very complicated, please can we have
> the old default back? ... its seems to make most sense, to me, to have:
>
>     tls_advertise_hosts = <null>

>
> and require users to:
>
>     a) turn it on by specifying something else, and
>     b) put some meaningful certificates in place

>
> This is both logical and convergent as use of TLS is an, optional, upgrade
> (choice of the sysadmin) over a base install.


Hm. What about setting tls_advertise_hosts to an empty default, but
complain if this option isn't mentioned in the configuration at all?

Then you'll get warnings if if forget to think about TLS, but your
installation will be operational all the time in a compatible way (by
not advertising STARTTLS).

As soon as you agree with this (insecure) default by putting it into your
configuration, the warnings will go away, no matter whay value you put
there.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -