Marek Podmaka:
> On Mon, 17 Oct 2022 at 14:57, Wietse Venema <wie...@porcupine.org> wrote:
> >
> > For Postfix submission and smtps we prefer
> >
> > tls_ssl_options = NO_RENEGOTIATION, NO_TICKET
> >
> > Instead of forcing hostname/cert micmatches.
>
> Yes, I am already using NO_TICKET and it is also recommended by the
> linked article.
> However it is still interesting that using different cert does not
> trigger the bug.
Congratulations you found another bug in that TLS implementation.
However, bugs are unreliable, and Postfix configuration should not
rely on buggy behavior.
Wietse
