Author: Jeremy Harris Date: To: exim-users Subject: Re: [exim] How can I establish that DANE is working correctly?
On 25/04/17 14:51, Viktor Dukhovni wrote: > I might also mention that Exim's DANE support is not yet feature-complete.
> It is still vulnerable to active downgrade attacks by tampering with the
> TLSA RRset in DNS responses. When TLSA lookups fail, Exim continues without
> DANE
Having looked again at the coding I do not see that behaviour.
Have you verified this by experiment?
--
Thanks,
Jeremy