Re: [exim-dev] TLS 1.3 *does not* mandate SNI.

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Viktor Dukhovni
Date:  
À: exim-dev
CC: Wietse Venema
Sujet: Re: [exim-dev] TLS 1.3 *does not* mandate SNI.


> On Apr 17, 2018, at 7:09 PM, Phil Pennock <pdp@???> wrote:
>
> I agree the spec shows we can argue it's not required, but the spec also
> allows recipients to argue that it is required.
>
> This came up because, today, Google's servers are responding to TLS1.3
> connections which don't send SNI with a self-signed certificate which
> has DN:
>
> OU=No SNI provided; please fix your client., CN=invalid2.invalid
>
> So Google are telling sending systems that they're broken and need to be
> fixed. I saw that string in my MTA logs and went investigating.


Which Google servers are these? Are they MX hosts for some domains???
If so, I need to tell Google urgently to cease and desist, this is
wrong.

-- 
    Viktor.