Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 9.x Contribs
  4. Topic: Forward Secrecy
« previous next »
Pages: 1 [2]  All   Go Down

Forward Secrecy

  • 16 Replies
  • 4784 Views

Offline Daniel B.

  • *
  • 1,700
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: Forward Secrecy
« Reply #15 on: May 02, 2017, 09:39:39 AM »
Ok, didn't know that. Still, it'd have continued if the CN didn't match I guess, but you'd have a log trace at least
Logged
C'est la fin du monde !!! :lol:

Offline Knuddi

  • *
  • 540
  • +0/-0
    • http://www.scanmailx.com
Re: Forward Secrecy
« Reply #16 on: May 03, 2017, 09:51:00 PM »
If the destination domain (or mail server) has a DANE record (TLSA record) and the key there does not match the presented key when connecting, the sending server should not continue. But very very few domain advertise this TLSA key (yet) and hence as of now its not super effective.

Logged
Pages: 1 [2]  All   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 9.x Contribs
  4. Topic: Forward Secrecy