Re: openssl3+postfix issue (ca md too weak)

To: Brian Buhrow <buhrow%nfbcal.org@localhost>
Subject: Re: openssl3+postfix issue (ca md too weak)
From: Ken Hornstein <kenh%cmf.nrl.navy.mil@localhost>
Date: Tue, 14 Nov 2023 09:30:14 -0500

>       Hello Taylor.  Just as a point of reference, smtp clients that
>connect to domains hosted by Microsoft, i.e. outlook.com and any other
>domains that use their infrastructure for e-mail, will have to present
>a valid SSL certificate in order to submit mail to their smtp servers.

I do not believe this statement is correct.  My reading of RFC 8461
is that all it says is that the _server_ has to have a valid certificate
and says nothing about client certificates.  In my limited experience
configuring your SMTP _client_ to present a certificate is very very
rare.

--Ken

Follow-Ups:
- Re: openssl3+postfix issue (ca md too weak)
  - From: Brian Buhrow

References:
- Re: openssl3+postfix issue (ca md too weak)
  - From: Brian Buhrow

Prev by Date: Your patch works (Re: sys/dev/usb/if_axen.c
Next by Date: Re: openssl3+postfix issue (ca md too weak)
Previous by Thread: Re: openssl3+postfix issue (ca md too weak)
Next by Thread: Re: openssl3+postfix issue (ca md too weak)
Indexes:

Home | Main Index | Thread Index | Old Index