Re: Trusted vs Verified TLS

2022-10-11 Thread Jens Hoffrichter
Thanks! That was exactly the documentation I was looking for! Jens On Tue, Oct 11, 2022 at 11:05 AM Sven Schwedas wrote: > > On 11.10.22 10:37, Jens Hoffrichter wrote: > > What are the technical differences between those two methods of connecting? > > http://www.postfix.org/FORWARD_SECRECY_READ

Re: Trusted vs Verified TLS

2022-10-11 Thread Sven Schwedas
On 11.10.22 10:37, Jens Hoffrichter wrote: What are the technical differences between those two methods of connecting? http://www.postfix.org/FORWARD_SECRECY_README.html Last section. Your settings influence how it determines the difference between the two security levels. OpenPGP_signature

Trusted vs Verified TLS

2022-10-11 Thread Jens Hoffrichter
Hi, We are running a fairly large postfix installation, with a lot of TLS policy entries and our own curated trust store. For some TLS connections, I see in the log Trusted TLS connection established and for some, I see Verified TLS connection established Both to the same type of remote serve

Re: trusted vs. verified TLS connection

2014-12-10 Thread Viktor Dukhovni
On Wed, Dec 10, 2014 at 01:13:22PM +0100, A. Schulze wrote: > while checking TLS to a destination domain I noticed a difference. > posttls-finger say "Verified" but log say (only) "Trusted". The posttls-finger(1) utility defaults to the "dane" security level when TLSA records are present and "sec

trusted vs. verified TLS connection

2014-12-10 Thread A. Schulze
Hello, while checking TLS to a destination domain I noticed a difference. posttls-finger say "Verified" but log say (only) "Trusted". # posttls-finger -c -F /etc/ssl/mail/trusted_cas.pem avira.com posttls-finger: mx1.c01.avira.com[212.79.247.134]:25: subjectAltName: mx.ames.avira.net postt