Re: [mailop] tls certificates

2022-11-22 Thread Tobias Fiebig via mailop
Of Slavko via mailop Sent: Wednesday, 23 November 2022 00:13 To: mailop@mailop.org Subject: Re: [mailop] tls certificates Dňa 22. novembra 2022 21:00:36 UTC používateľ "Gellner, Oliver via mailop" napísal: >Also the number of MTAs that require STARTTLS is not increasing based on my

Re: [mailop] tls certificates

2022-11-22 Thread Slavko via mailop
Dňa 22. novembra 2022 21:00:36 UTC používateľ "Gellner, Oliver via mailop" napísal: >Also the number of MTAs that require STARTTLS is not increasing based on my >experIence. I haven’t seen a large ESP which enforced TLS for all incoming and >outgoing connections yet. Are you aware that even c

Re: [mailop] tls certificates

2022-11-22 Thread Gellner, Oliver via mailop
> On 21.11.2022 at 15:05 Slavko via mailop wrote: > > To make **everyone** happy with your certificate/TLS, you have to ensure > all possible combinations: > > + valid certificate chain (for those requiring it) > + valid SAN name (for those requiring it) > + valid DANE TLSA record (for those req

Re: [mailop] tls certificates

2022-11-21 Thread Mary via mailop
a bit off-topic, but for Let's Encrypt and other ACME-compatible services that offer TLS certificates, my suggestion is to avoid certbot and try one of these beautiful scripts: https://github.com/acmesh-official/acme.sh https://github.com/dehydrated-io/dehydrated (yes you read right, bash scri

Re: [mailop] tls certificates

2022-11-21 Thread Slavko via mailop
Dňa 21. novembra 2022 14:17:20 UTC používateľ Bill Cole via mailop napísal: >Requiring a valid certificate for a particular name with a trust chain going >back to a trusted root is typically a MUA behavior, as MTAs which do that will >refuse to deliver a lot of mail. There was debate about th

Re: [mailop] tls certificates

2022-11-21 Thread Bill Cole via mailop
On 2022-11-21 at 08:58:29 UTC-0500 (Mon, 21 Nov 2022 13:58:29 +) Slavko via mailop is rumored to have said: Dňa 21. novembra 2022 10:07:47 UTC používateľ Julian Bradfield via mailop napísal: So my question is, if it is certificates (rather than ciphers - my cipher suites are all gnutls

Re: [mailop] tls certificates

2022-11-21 Thread Slavko via mailop
Dňa 21. novembra 2022 10:07:47 UTC používateľ Julian Bradfield via mailop napísal: >So my question is, if it is certificates (rather than ciphers - my >cipher suites are all gnutls default, so should be current), what do I >need to do to get everybody to accept TLS ? Just make the certificate >m

Re: [mailop] tls certificates

2022-11-21 Thread Stuart Henderson via mailop
On 2022/11/21 10:07, Julian Bradfield via mailop wrote: > So my question is, if it is certificates (rather than ciphers - my > cipher suites are all gnutls default, so should be current), what do I The type of alert should indicate ahether it's ciphers or certs. > need to do to get everybody to a

[mailop] tls certificates

2022-11-21 Thread Julian Bradfield via mailop
For the last couple of decades, I've been running Exim, using long-lived self-signed certificates for TLS, and since the last but one upgrade a couple of years ago, these certificates haven't even been for the right machine:) Almost everybody seems happy to talk to me, including gmail and microsof