On 2018-04-17 at 14:28 -0400, Phil Pennock wrote: > and for the DANE case, Exim > always sends SNI.
I'm going prematurely senile. I could have sworn this was true but I can find no evidence of it. Since RFCs 7671 and 7672 mandates SNI of the DNSSEC-secured hostname of the MX server, this is clearly a bug in Exim. Sorry for the misinformation. Tracking bugs below simply because I mis-stated the current state of affairs, I don't intend to follow-up here. https://bugs.exim.org/show_bug.cgi?id=2265 filed to fix SNI for DANE. https://bugs.exim.org/show_bug.cgi?id=2266 is for sending SNI by default, with a link to a branch which implements the feature I described as: > I'm tentatively thinking that we should change the Exim defaults here, > to be ready for TLS1.3, and default to multi_domain _disabled_ for the > SMTP Transport and default the value of tls_sni to be $domain as long as > multi_domain is disabled. >⌴ > Does this seem like a reasonable approach to other postmasters, as an > MTA default? -Phil _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop