On 2026-06-23 at 20:03 +0200, Bastian Blank wrote: > So neither expiration (now I wonder if someone checks > expiration on trust roots),
I don't think MTA are implementing TLS themselves They will be using a SSL library, which is the reasonable approach. They will either use what the tls library implements for validation, or disable validation altogether. Since most tls libraries do check the expiration of the root CA, I expect clients would validate the CA Not after as well. * An exception here is Android, which (purposefully) ignores the expiration date for CA in the Trust Store. Regards _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
