On 10/12/2022 16:27, Slavko via Exim-users wrote:
Dňa 8. decembra 2022 21:37:32 UTC používateľ Jeremy Harris via Exim-users
<[email protected]> napísal:
We could just drop the connection at the TCP level, silently; that wouldn't
be hard to code. I don't think it'd make any difference to a client
that didn't have a human peering at a packet capture of the connection
attempt.
Drop silently is what i suggested
I've gone with "silently": 4243a209fd94
[SNI]
Not so. It's available early and can be used to select the server cert.
AFAIK SNI is part of TLS Client Hello. For now i understand that we
are talking about rejection before TLS handshake starts, thus no
SNI is available (nor other TLS related variables). Are you talking
about rejection in "middle" of TLS handshake or even after it is
finished?
Yes, for SNI it have to be after the first bit of the TLS startup
exchange.
There is an "encrypted=" ACL condition. Or you can check $tls_in_cipher,
as you said - it's fully equivalent.
When i recently tried to use "encrypted=" ACL condition in helo ACL
i got error, thus while fully equivalent, they are not interchangable
in all related ACLs and it was not documented.
Details on that, please?
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
