[exim-dev] [Bug 2266] New: TLS SNI should default set

Top Page
This message is part of the following thread:
M+++\the complete thread tree sorted by date
MMMMM 
.M.Madmin at ->
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2266] New: TLS SNI should default set
https://bugs.exim.org/show_bug.cgi?id=2266 

            Bug ID: 2266
           Summary: TLS SNI should default set
           Product: Exim
           Version: N/A
          Hardware: x86
                OS: All
            Status: NEW
          Severity: bug
          Priority: medium
         Component: TLS
          Assignee: jgh146exb@???
          Reporter: pdp@???
                CC: exim-dev@???


With TLS 1.3 mandating SNI from clients unless an application profile prohibits
that, we should be providing a default value of SNI.

Handling for DANE should be in issue 2265. DANE should stop using the tls_sni
SMTP Transport option and DANE handling is not in-scope for _this_ tracking
bug.

IMO tls_sni should default to $domain, which requires disabling multi_domain by
default.

My first pass proposal is in:
https://git.exim.org/users/pdp/exim.git/shortlog/refs/heads/tls_sni_mandatoryish

That is a WIP-do-not-merge because I discovered when wrapping up that I was
wrong about our DANE handling. It could go in now, but would result in us
actively sending the wrong value for DANE.

--
You are receiving this mail because:
You are on the CC list for the bug.
This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] [Bug 2265] New: TLS SNI not auto-set for DANE clients[exim-dev] [Bug 2266] TLS SNI should default set->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)