Viktor Dukhovni:
> As for wrapper mode, I think it should insist on the destinations
> security level being neither disabled nor opportunitic as in the
> revised posttls-finger. Something along the lines of:
>
> + if (state->wrapper_mode
> + && (state->level <= TLS_LEV_NONE
> + || TLS_OPPORTUNISTIC(state->level))) {
> + msg_info("Failed to establish session to %s via %s: %s",
> + dest, HNAME(addr),
> + "SSL wrapper-mode requires mandatory TLS");
> + continue;
> + }
>
> The trouble with allowing "may" in wrapper-mode is that we'd
> otherwise need to change the logic that implements cleartext
> fallback, future audit logs, ...
Surely, Postfix can be smart enough to take care of that itself -
adjust the security level when wrappermode is required.
We already have this ridiculous dance of boolean flags to determine
the effective TLS features. Compared to that, wrappermode is trivial.
Wietse
