Re: [exim] MTA-STS and Server Name Indication (SNI) on mail …

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Felipe Gasper
CC: John R. Levine, exim-users
Subject: Re: [exim] MTA-STS and Server Name Indication (SNI) on mail servers
On 2020-06-17 at 19:51 -0400, Felipe Gasper wrote:
> > On Jun 17, 2020, at 6:22 PM, Phil Pennock via Exim-users <exim-users@???> wrote:
> > because TLS1.3 mandates SNI.
>
> Phil, do you have a citation for this? I skimmed the RFC just now, and the only mandatory details about SNI that I see are in the context of session resumption.
>
> If TLS 1.3 indeed mandates SNI, then that’s relevant in other conversations I’m in and would love to be able to cite that.


My memory has faded.

In <https://bugs.exim.org/show_bug.cgi?id=2266> I wrote:
} With TLS 1.3 mandating SNI from clients unless an application profile
} prohibits that, we should be providing a default value of SNI.

My very vaguest of recollections is that client libraries are being
written around a model of the HTTPS application profile and other
profiles are second-class citizens and fighting a losing battle to work
without SNI.

So I probably miswrote: it's not "mandated by spec", it's, if I'm now
remembering correctly, "de facto mandated by all the usable profiles and
mandated by many libraries".

I don't remember the details or even the above with any degree of
confidence; it's been two years since I last even looked at this.
Sorry.

-Phil