https://bugs.exim.org/show_bug.cgi?id=2266
Bug ID: 2266
Summary: TLS SNI should default set
Product: Exim
Version: N/A
Hardware: x86
OS: All
Status: NEW
Severity: bug
Priority: medium
Component: TLS
Assignee: jgh146exb@???
Reporter: pdp@???
CC: exim-dev@???
With TLS 1.3 mandating SNI from clients unless an application profile prohibits
that, we should be providing a default value of SNI.
Handling for DANE should be in issue 2265. DANE should stop using the tls_sni
SMTP Transport option and DANE handling is not in-scope for _this_ tracking
bug.
IMO tls_sni should default to $domain, which requires disabling multi_domain by
default.
My first pass proposal is in:
https://git.exim.org/users/pdp/exim.git/shortlog/refs/heads/tls_sni_mandatoryish
That is a WIP-do-not-merge because I discovered when wrapping up that I was
wrong about our DANE handling. It could go in now, but would result in us
actively sending the wrong value for DANE.
--
You are receiving this mail because:
You are on the CC list for the bug.
