Re: openssl3+postfix issue (ca md too weak)

To: Taylor R Campbell <riastradh%NetBSD.org@localhost>, Manuel Bouyer <bouyer%antioche.eu.org@localhost>
Subject: Re: openssl3+postfix issue (ca md too weak)
From: Brian Buhrow <buhrow%nfbcal.org@localhost>
Date: Mon, 13 Nov 2023 19:16:14 -0800

	Hello Taylor.  Just as a point of reference, smtp clients that connect to domains hosted by
Microsoft, i.e. outlook.com and any other domains that use their infrastructure for e-mail, will
have to present a valid SSL certificate in order to submit mail to their smtp servers.  But
that is a different issue than Manuel is describing, as I understand it.  I think he is saying
that the server is presenting an SSL certificate that his client doesn't like when he tries to
send mail to an external smtp server.  In that case, I agree with you, his client shouldn't be
overly concerned about whether the server presented SSL certificate can be verified all the way
down the verification chain.  I guess it's fine if it does the verification and puts a note in
the headers, but it shouldn't stop mail from going out.

-thanks
-Brian

Follow-Ups:
- Re: openssl3+postfix issue (ca md too weak)
  - From: Ken Hornstein
- Re: openssl3+postfix issue (ca md too weak)
  - From: Manuel Bouyer

References:
- Re: openssl3+postfix issue (ca md too weak)
  - From: Taylor R Campbell

Prev by Date: Re: openssl3+postfix issue (ca md too weak)
Next by Date: Re: ffmpeg6 and SSP?
Previous by Thread: Re: openssl3+postfix issue (ca md too weak)
Next by Thread: Re: openssl3+postfix issue (ca md too weak)
Indexes:

Home | Main Index | Thread Index | Old Index