Looks like I will be spending some more quality time with GnuTLS docs as I do seem to have been giving it a hard time. Most interesting so far is the discovery that the ciphersuite selection lets you specify not just the suites, but also the negotiated protocol version. It’s not as convenient, but it’s possible. Perhaps it grows on you, like GnuPG? It’s very comprehensive.
The interoperability issues that plagued GnuTLS in the past: I recall that they were particularly noticeable with mobile clients using Symbian. The earliest device I own runs Windows CE 6, with TLS 1.0 RC4 SHA1. I don’t suppose I’ll be letting it talk to my server again. All the clients I use now are modern Apple clients.
Courier Mail Server fetches MTA-STS policy documents. I’d consider this a good reason to do MTA-STS as well as DANE, even though I suspect the base of Courier users will be small. Interesting too is that Debian compiles their couriertls against GnuTLS (but I won’t be using that).
Thank you very much to everyone who responded. Very helpful and interesting discussion with lots of useful information. Much appreciated.
Το μήνυμα αυτό δημοσιεύτηκε στις ακόλουθες λίστες: