Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: openssl3+postfix issue (ca md too weak)

>       hello Ken.  It may be that the RFC says the client need not
>present a valid certificate, but I have found that smtp clients I
>manage that want to send mail to Microsoft managed domains cannot set
>up an SSL encrypted smtp session unless the client presents a valid
>certificate as part of the key negotiation process.

But wait, that's not exactly what I meant.  I could see that Microsoft
would reject a random self-signed certificate presented by a client, but
I was saying that I don't believe they require ANY certificate at all.
As in, "don't configure your SMTP server to send a client certificate";
You didn't say that you tried that.


Home | Main Index | Thread Index | Old Index