>> 1) will
>> a) smtpd_tls_ask_ccert,
>> b) smtpd_tls_wrappermode,
>> c) smtpd_use_tls,
>> d) smtpd_enforce_tls
>> still work with the new openssl 0.9.8l
>> http://marc.info/?l=openssl-users&m=125751806022186&w=2 ?
> 2) should I upgrade the openssl on the MTA to that version?
>
> They will break if some REMOTE system wants to renegotiate TLS, using
> a protocol that is not supported by the LOCAL TLS implementation.
>
> Note that it says: "remote system wants to renegotiate". Postfix
> does not request renegotiation, as far as I know.
Anybody on the list has practical experience - e.g.
4) with MS-Outlook and
5) Thunderbird directly connecting to postfix or
6) MS-Exchange
7) Any of the usual gateway suspects like IronPort, Borderware, ...
or does any of them regularly attempt TLS renegotiation?
Many thanks for any hints in advance
Ralf
