Gitweb:
https://git.exim.org/exim.git/commitdiff/f9d4bb1a2ae19edfcde680bebfeb8712e6f2a42a
Commit: f9d4bb1a2ae19edfcde680bebfeb8712e6f2a42a
Parent: 1bca4f5fc7d74ba4ec1ced72eef8b806ae2be989
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Sun Jul 29 15:27:03 2018 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Sat Aug 4 14:32:15 2018 +0100
REQUIRETLS: amplify docs discussion
---
doc/doc-txt/experimental-spec.txt | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt
index 43f1423..1bc5d02 100644
--- a/doc/doc-txt/experimental-spec.txt
+++ b/doc/doc-txt/experimental-spec.txt
@@ -881,12 +881,15 @@ The Exim implementation includes
Differences from spec:
- we support upgrading the requirement for REQUIRETLS, including adding
- it from cold, withing an MTA. The spec only define the sourcing MUA
+ it from cold, within an MTA. The spec only define the sourcing MUA
as being able to source the requirement, and makes no mention of upgrade.
- No support is coded for the RequireTLS header (which can be used
- to annul DANE and/or STS policiy). [can this be done in ACL?]
+ to annul DANE and/or STS policiy). [this can _almost_ be done in
+ transport option expansions, but not quite: it requires tha DANE-present
+ but STARTTLS-failing targets fallback to cleartext, which current DANE
+ coding specifically blocks]
-Note that REQUIRETLS is only advertised once a TLS connection is acheived
+Note that REQUIRETLS is only advertised once a TLS connection is achieved
(in contrast to STARTTLS). If you want to check the advertising, do something
like "swaks -s 127.0.0.1 -tls -q HELO".
