Re: [exim] DANE vs unknown CA

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MViktor Dukhovni at <-
MJesse Nicholls at ->
Delete this message
Reply to this message
Author: Jesse Nicholls
Date:  
To: Exim-users
Subject: Re: [exim] DANE vs unknown CA
On 2021-05-03 18:07, Viktor Dukhovni wrote:
> On Mon, May 03, 2021 at 06:33:24PM +0200, Heiko Schlittermann wrote:
>
> > For the upcoming 4.94.2 a patch is part of the 4.94.2+fixes branch
> > already. It will be cherry-picked to master soon.
>
> Got a pointer to the patch?
>
> > Thank you again for your fast response yesterday.
>
> You're welcome. Yes, there's a non-trivial number of domains where
> production of the correct certificate depends on sending the TLSA base
> domain as the SNI value. I am not a fan of per-host-domain MX
> hostnames, and associated reliance on SNI, but for some mysterious
> reason there are operators who prefer this model.
>
>
>
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] behaviour of ${readsocket{ changed after upgrading to exim 4.94/4.94.2Re: [exim] DANE vs unknown CA->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)