> On Apr 17, 2018, at 4:37 PM, admin--- via Exim-dev <[email protected]> wrote:
>
> SNI for a DANE-advertising site has to be different than one that does not?
> Sheesh. Does that not implicitly require that _all_ clients be DANE-aware,
> or that _all_ DANE-advertising hosts be prepared to be hit with SNI from
> non-DANE-aware clients (and still do the right thing)?
>
> I think SNI just became useless.
A host with TLSA records should expect DANE clients to send the MX hostname
as the SNI name. Other clients might use other SNI names or none at all.
I don't see how SNI becomes useless. If you've got a matching cert, send
that, if not send a default cert.
--
Viktor.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim
details at http://www.exim.org/ ##
