On Sun, 29 Dec 2024, Slavko via Exim-users wrote:
Hi all,
recently i decide to play with ALPN with exim on SubmissonS
(SMTPS, 465) port and i noticed strange behavior.
I use debian's exim 4.96, with default ALPN settings:
hosts_require_alpn =
tls_alpn = smtp:esmtp
Then i try to connect with simple python script. In python i
can set list of ALPN protocols to negotiate.
When i use list with only one protocol, either "smtp" or "esmtp",
handshake is success (as expected). But when i set more than
one protocol, and it doesn't matter if i use known or unknown
(for exim) protocols or any mix of them, the connection (TLS
handshake) is rejected.
Please, is that intended behavior? I did the same tests with
nginx (web server) and it can negotiate known protocol on any
positon in provided list.
I read related exim's docs, where it is stated, that main (or only?)
purpose of ALPN support in exim is to reject invalid requests
(clients), but from my point of view, asking for both (smtp and
esmtp) names is not invalid. Did i miss something?
spec.txt 14.23 Alphabetical list of main options
(the first of two such entries), says:
+-----------------------------------------------------------+
|tls_alpn|Use: main|Type: string list*|Default: smtp : esmtp|
+-----------------------------------------------------------+
If this option is set, the TLS library supports ALPN, and the client
offers either more than one ALPN name or a name which does not match
the list, the TLS connection is declined.
I think this is the option for an MUA sending to exim.
--
Andrew C. Aitchison Kendal, UK
[email protected]
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## [email protected]
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
