Re: [exim] How can I establish that DANE is working correctl…

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMViktor Dukhovni at <-
MMViktor Dukhovni at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] How can I establish that DANE is working correctly?
On 25/04/17 14:51, Viktor Dukhovni wrote:
> I might also mention that Exim's DANE support is not yet feature-complete.
> It is still vulnerable to active downgrade attacks by tampering with the
> TLSA RRset in DNS responses. When TLSA lookups fail, Exim continues without
> DANE

Having looked again at the coding I do not see that behaviour.
Have you verified this by experiment?
--
Thanks,
Jeremy


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] TLS error on connection to smtp.office365.com (gnutls_handshake): An unexpected TLS packet was received.Re: [exim] How can I establish that DANE is working correctly?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)