On 25/04/17 14:51, Viktor Dukhovni wrote: > I might also mention that Exim's DANE support is not yet feature-complete. > It is still vulnerable to active downgrade attacks by tampering with the > TLSA RRset in DNS responses. When TLSA lookups fail, Exim continues without > DANE
Having looked again at the coding I do not see that behaviour. Have you verified this by experiment? -- Thanks, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
