Re: openssl3+postfix issue (ca md too weak)

To: Brian Buhrow <buhrow%nfbcal.org@localhost>
Subject: Re: openssl3+postfix issue (ca md too weak)
From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
Date: Tue, 14 Nov 2023 09:06:41 +0100

On Mon, Nov 13, 2023 at 07:16:14PM -0800, Brian Buhrow wrote:
> 	Hello Taylor.  Just as a point of reference, smtp clients that connect to domains hosted by
> Microsoft, i.e. outlook.com and any other domains that use their infrastructure for e-mail, will
> have to present a valid SSL certificate in order to submit mail to their smtp servers.  But
> that is a different issue than Manuel is describing, as I understand it.  I think he is saying
> that the server is presenting an SSL certificate that his client doesn't like when he tries to
> send mail to an external smtp server.  In that case, I agree with you, his client shouldn't be
> overly concerned about whether the server presented SSL certificate can be verified all the way
> down the verification chain.  I guess it's fine if it does the verification and puts a note in
> the headers, but it shouldn't stop mail from going out.

Actually, the client is using SMTP AUTH, so making sure he's sending the
auth credentials to the right SMTP server is critical.

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--

References:
- Re: openssl3+postfix issue (ca md too weak)
  - From: Taylor R Campbell
- Re: openssl3+postfix issue (ca md too weak)
  - From: Brian Buhrow

Prev by Date: Re: openssl3+postfix issue (ca md too weak)
Next by Date: Re: ffmpeg6 and SSP?
Previous by Thread: Re: openssl3+postfix issue (ca md too weak)
Next by Thread: Re: openssl3+postfix issue (ca md too weak)
Indexes:

Home | Main Index | Thread Index | Old Index