Mike Tubby <mike@???> (Mo 25 Apr 2016 23:57:51 CEST):
> Gents,
>
> I have to say that this is all sounding very complicated, please can we have
> the old default back? ... its seems to make most sense, to me, to have:
>
> tls_advertise_hosts = <null>
>
> and require users to:
>
> a) turn it on by specifying something else, and
> b) put some meaningful certificates in place
>
> This is both logical and convergent as use of TLS is an, optional, upgrade
> (choice of the sysadmin) over a base install.
Hm. What about setting tls_advertise_hosts to an empty default, but
complain if this option isn't mentioned in the configuration at all?
Then you'll get warnings if if forget to think about TLS, but your
installation will be operational all the time in a compatible way (by
not advertising STARTTLS).
As soon as you agree with this (insecure) default by putting it into your
configuration, the warnings will go away, no matter whay value you put
there.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
