Of Slavko via mailop
Sent: Wednesday, 23 November 2022 00:13
To: mailop@mailop.org
Subject: Re: [mailop] tls certificates
Dňa 22. novembra 2022 21:00:36 UTC používateľ "Gellner, Oliver via mailop"
napísal:
>Also the number of MTAs that require STARTTLS is not increasing based on my
Dňa 22. novembra 2022 21:00:36 UTC používateľ "Gellner, Oliver via mailop"
napísal:
>Also the number of MTAs that require STARTTLS is not increasing based on my
>experIence. I haven’t seen a large ESP which enforced TLS for all incoming and
>outgoing connections yet.
Are you aware that even c
> On 21.11.2022 at 15:05 Slavko via mailop wrote:
>
> To make **everyone** happy with your certificate/TLS, you have to ensure
> all possible combinations:
>
> + valid certificate chain (for those requiring it)
> + valid SAN name (for those requiring it)
> + valid DANE TLSA record (for those req
a bit off-topic, but for Let's Encrypt and other ACME-compatible services that
offer TLS certificates, my suggestion is to avoid certbot and try one of these
beautiful scripts:
https://github.com/acmesh-official/acme.sh
https://github.com/dehydrated-io/dehydrated
(yes you read right, bash scri
Dňa 21. novembra 2022 14:17:20 UTC používateľ Bill Cole via mailop
napísal:
>Requiring a valid certificate for a particular name with a trust chain going
>back to a trusted root is typically a MUA behavior, as MTAs which do that will
>refuse to deliver a lot of mail.
There was debate about th
On 2022-11-21 at 08:58:29 UTC-0500 (Mon, 21 Nov 2022 13:58:29 +)
Slavko via mailop
is rumored to have said:
Dňa 21. novembra 2022 10:07:47 UTC používateľ Julian Bradfield via
mailop napísal:
So my question is, if it is certificates (rather than ciphers - my
cipher suites are all gnutls
Dňa 21. novembra 2022 10:07:47 UTC používateľ Julian Bradfield via mailop
napísal:
>So my question is, if it is certificates (rather than ciphers - my
>cipher suites are all gnutls default, so should be current), what do I
>need to do to get everybody to accept TLS ? Just make the certificate
>m
On 2022/11/21 10:07, Julian Bradfield via mailop wrote:
> So my question is, if it is certificates (rather than ciphers - my
> cipher suites are all gnutls default, so should be current), what do I
The type of alert should indicate ahether it's ciphers or certs.
> need to do to get everybody to a
For the last couple of decades, I've been running Exim, using
long-lived self-signed certificates for TLS, and since the last but
one upgrade a couple of years ago, these certificates haven't even
been for the right machine:)
Almost everybody seems happy to talk to me, including gmail and
microsof