On Mon, December 21, 2020 20:07, Viktor Dukhovni wrote:
> It clearly supports STARTTLS, since it is actually performing the TLS
> handshake, and abandons it after receiving certificates it is not happy
> with.
>
Which confuses me, because I can use java to successfully negotiate a
certificate exchange with Postfix using the same keystore that the application
is using. I cannot see Postfix sending a different server certificate on port
465 from that it presents on ports 25 or 465. And if the certificate on 465
passes the keystore validation on the client then what would prevent it from
passing on post 25?
I know that the service is different on both ports, but the certificate
acceptability should be the same. And it is the client that is causing the
problem.
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Unencrypted messages have no legal claim to privacy
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:[email protected]
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
