> On Apr 17, 2018, at 8:10 PM, Viktor Dukhovni via Exim-dev <exim-dev@???> wrote:
>
> If they have a default certificate chain that works with TLS 1.2
> withholding it with TLS 1.3 seems rather rude... I'll chat with
> David Benjamin, perhaps he'll have good reasons for this that I'm
> missing, but off hand it seems counter-productive.
I've reproduced this with [gmail-smtp-in.l.google.com] and posttls-finger
linked against the OpenSSL 1.1.1 library. When sending a TLS client HELLO
that supports TLS 1.3, but no SNI the Google SMTP server negotiates TLS
1.2 (not 1.3), but with the self-signed cert. When using the OpenSSL 1.1.0
liobraries, it negotiates TLS 1.2 with the usual certificate chain.
This is rather annoying, and we may have to bump the OpenSSL library SONAME
as a result, so that applications don't suddenly find themselves unable
to authenticate servers they could previously authenticate.
This could affect users who've configured secure-channel TLS with Gmail,
but have not set up SNI (not presently configurable outside of DANE in
Postfix, for example).
--
Viktor.