Victor Duchovni a écrit :
- Many (ideally most, if they are wisely configured) clients will not
supply TLS certs even when these are requested.
- Asking for client TLS certificates with normal mail delivery reduce
interoperability, as some clients fail when asked for certs.
On Wed, Oct 21, 2009 at 11:45:31PM +0200, Roland Dirlewanger wrote:
> Why do you expect clients on port 25 to have client certificates?
>
>
>In my opinion, as soon as a non anonymous TLS connection is set up between
>a client and a server, it is legitimate for both sides to verify who
Victor,
Thanks a lot for your reply. Let me answer your questions.
On Tue, Oct 20, 2009 at 10:25:20PM +0200, Roland Dirlewanger wrote:
I would like to set up TLS on our mail server the following way :
* connections to port 25 may use TLS. If TLS is used, our server should
On Tue, Oct 20, 2009 at 10:25:20PM +0200, Roland Dirlewanger wrote:
>Hi folks,
>
>I would like to set up TLS on our mail server the following way :
>
> * connections to port 25 may use TLS. If TLS is used, our server should
>verify the client certificate using the CAs found
Hi folks,
I would like to set up TLS on our mail server the following way :
connections to port 25 may use TLS. If TLS is used, our server
should verify the client certificate using the CAs found in OpenSSL's
ca-bundle.crt
connections to port 587 are required to use TLS. Our server
should
