Re: openssl3+postfix issue (ca md too weak)

To: Brian Buhrow <buhrow%nfbcal.org@localhost>
Subject: Re: openssl3+postfix issue (ca md too weak)
From: Ken Hornstein <kenh%cmf.nrl.navy.mil@localhost>
Date: Tue, 14 Nov 2023 17:54:23 -0500

>       hello Ken.  It may be that the RFC says the client need not
>present a valid certificate, but I have found that smtp clients I
>manage that want to send mail to Microsoft managed domains cannot set
>up an SSL encrypted smtp session unless the client presents a valid
>certificate as part of the key negotiation process.

But wait, that's not exactly what I meant.  I could see that Microsoft
would reject a random self-signed certificate presented by a client, but
I was saying that I don't believe they require ANY certificate at all.
As in, "don't configure your SMTP server to send a client certificate";
You didn't say that you tried that.

--Ken

Follow-Ups:
- Re: openssl3+postfix issue (ca md too weak)
  - From: Brian Buhrow

References:
- Re: openssl3+postfix issue (ca md too weak)
  - From: Brian Buhrow

Prev by Date: Re: openssl3+postfix issue (ca md too weak)
Next by Date: Re: openssl3+postfix issue (ca md too weak)
Previous by Thread: Re: openssl3+postfix issue (ca md too weak)
Next by Thread: Re: openssl3+postfix issue (ca md too weak)
Indexes:

Home | Main Index | Thread Index | Old Index