ottoka edited a comment on pull request #750: URL: https://github.com/apache/james-project/pull/750#issuecomment-971434219
> Question: Is client authentication also applied upon STARTTLS or is it omly applies to plain TLS? The point is that the TLS negotiation will fail and prevent the connection if the client provides an unknown/invalid certificate, or none at all (in need mode, required=true). So you could use it with StartTLS as well if that is what you want to happen. Admittedly it makes more sense in a private mail network where you can use straight SMTPS on port 465 from the start. (There is no good use right now for the optional client auth cases, i.e. required=false or skipping StartTLS. Maybe a future extension could somehow make the client certificate chain available to matchers and mailets, so they can e.g. allow relaying only on connections with trusted client certificates.) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
